Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.05.2014, 17:19   #1
HC4L!
 
Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. - Standard

Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang.



Hallo erstmal,

Ich weiß gar nicht ob sie es schon... ach lassen wir das :P
Mein Name ist Luca und Luca hat ein Problem.
Ich bin volkommen neu hier und das ist das erste Forum das ich besuche. Mein Problem ist dass ich aufeinmal (warscheinlich nicht aufeinmal sondern durch irgendwas dummes ) eine Meldung nach Start meines pc´s bekomme: "regsvr32 fehler beim laden des moduls "C:\ProgramData\vaqljsh.dat"". seitdem ich diese meldung das erste mal gesehen habe kann ich avast nicht starten und Malwarebytes Anti-Malware. sie werden von einer "Gruppenrichtlinie" blockiert. ich soll den administrator fragen.. gute idee wenn ich dieser bin! ich will nicht dran rum fummeln bis was kaputt geht deswegen frag ich euch!

Ich habe Win7 Ultimate (vorher noch keine probleme gehabt)
und wie gesagt ich hab keine ahnung wie das hier abläuft also sagt mir was ihr noch braucht wenn was fehlt.

schonmal danke im vorraus,
Mfg.: Luca

Alt 07.05.2014, 17:44   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. - Standard

Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang.





Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab.
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweise: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Das dauert dann zwar ein paar Stunden länger, garantiert aber, dass Du kompetente Hilfe und geprüfte Antworten bekommst. Siehe hier...

Ich bedanke mich für Deine Geduld!



Schritt 1 (Scan mit FRST)
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 07.05.2014, 18:19   #3
HC4L!
 
Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. - Standard

Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang.



wow das ging schnell sieht warscheinlich grausam aus für jemanden der ahnung hat. aus fehlern lernt man

hier die angeforderten logs:
FRST.txt:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-05-2014
Ran by Luca (administrator) on LUCA-PC on 07-05-2014 19:10:11
Running from C:\Users\Luca\Downloads
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\AAvast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dropbox, Inc.) C:\Users\Luca\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Game Inc.) C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1803264 2012-06-07] (Game Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\AAvast\AvastUI.exe [3854640 2014-03-23] (AVAST Software)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0
HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFind] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Run: [vaqljsh] => regsvr32.exe "C:\ProgramData\vaqljsh.dat"
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\MountPoints2: {b4bb2a58-5469-11e2-a6e8-60a44ccaf0fb} - E:\INSTALL.EXE
Startup: C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Luca\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7DDB4D4F6AE8CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/my_homepage/1024/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchisbestmy.info/?l=1&q={searchTerms}&pid=1320&r=2013/11/15&hid=2996348407604931384&lg=EN&cc=DE&unqvl=41
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\AAvast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\AAvast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll No File
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default
FF user.js: detected! => C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\searchplugins\iminent.xml
FF SearchPlugin: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qone8.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_1122628946 [2014-05-06]
FF Extension: Video HTML5 HD Pro - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\Extensions\{08a20c7f-a810-448b-94fc-8407ad3dabec}.xpi [2013-10-24]
FF Extension: {418ca559-fba6-4b42-8da2-29b33ea08908} - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\Extensions\{418ca559-fba6-4b42-8da2-29b33ea08908}.xpi [2013-09-20]
FF Extension: Adblock Plus - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\AAvast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\AAvast\WebRep\FF [2014-03-23]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://start.qone8.com/?type=sc&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX

Chrome: 
=======
CHR HomePage: hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
CHR StartupUrls: "https://www.youtube.com/watch?v=6PZKNrDys88"
CHR Extension: (Google Drive) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-04]
CHR Extension: (YouTube) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-04]
CHR Extension: (Adblock Plus) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-05]
CHR Extension: (Google-Suche) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-04]
CHR Extension: (Google Wallet) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-04]
CHR Extension: (Google Mail) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-04]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-03-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\AAvast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Luca\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-04-06]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\AAvast\AvastSvc.exe [50344 2014-03-23] (AVAST Software)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-03-02] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S4 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-27] ()
S4 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-04-06] (Cherished Technololgy LIMITED)

==================== Drivers (Whitelisted) ====================

S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [32088 2013-06-02] ()
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40808 2014-03-27] (Google Inc)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-23] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-09-12] (DT Soft Ltd)
R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [27648 2012-05-11] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [117912 2012-11-19] (Qualcomm Atheros Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R3 SaiK1709; C:\Windows\System32\DRIVERS\SaiK1709.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1709; C:\Windows\System32\DRIVERS\SaiU1709.sys [47168 2012-09-20] (Saitek)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
U0 SR; 
U2 srservice; 
S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-07 19:10 - 2014-05-07 19:10 - 00030038 _____ () C:\Users\Luca\Downloads\FRST.txt
2014-05-07 19:10 - 2014-05-07 19:10 - 00000000 ____D () C:\FRST
2014-05-07 19:09 - 2014-05-07 19:09 - 02063872 _____ (Farbar) C:\Users\Luca\Downloads\FRST64.exe
2014-05-07 17:31 - 2014-05-07 17:32 - 00000374 _____ () C:\Users\Luca\Desktop\Neues Textdokument (3).txt
2014-05-06 14:09 - 2014-05-06 14:09 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-06 14:09 - 2014-05-06 14:09 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-06 14:09 - 2014-05-06 14:09 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-06 14:09 - 2014-05-06 14:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-06 14:07 - 2014-05-06 14:08 - 24625644 _____ () C:\Users\Luca\Downloads\mse-install45.zip
2014-05-06 14:07 - 2014-05-06 14:07 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\Microsoft Security Essentials - CHIP-Downloader.exe
2014-05-06 14:02 - 2014-05-06 14:02 - 00032336 _____ () C:\Users\Luca\Downloads\Addition.txt
2014-05-06 13:54 - 2014-05-06 13:54 - 00000480 _____ () C:\Users\Luca\Downloads\defogger_disable.log
2014-05-06 13:44 - 2014-05-06 13:48 - 00000000 ____D () C:\Users\Luca\AppData\Local\lptmp1067569924
2014-05-06 13:40 - 2014-05-06 13:47 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Systweak
2014-05-06 13:40 - 2014-05-06 13:39 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Luca\Downloads\ParetoLogic%20PC%20Health%20Advisor_de.exe
2014-05-06 13:40 - 2014-04-25 14:49 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-05-06 13:39 - 2014-05-06 13:39 - 00641568 _____ () C:\Users\Luca\Downloads\download-pc-health-advisor.exe
2014-05-06 13:35 - 2014-05-06 13:35 - 00610769 _____ () C:\Users\Luca\Downloads\depends22_x86.zip
2014-05-05 19:43 - 2014-05-05 19:43 - 00001206 _____ () C:\Users\Luca\Desktop\CINEMA 4D Demo 64 Bit.lnk
2014-05-05 19:42 - 2014-05-05 19:43 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXON
2014-05-05 16:52 - 2014-05-05 17:29 - 2958994837 _____ () C:\Users\Luca\Downloads\installer_r15_demo.zip
2014-05-05 15:22 - 2014-05-05 15:22 - 00002040 _____ () C:\Users\Public\Desktop\FL Studio 11.lnk
2014-05-05 15:22 - 2014-05-05 15:22 - 00001138 _____ () C:\Users\Luca\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2014-05-05 15:22 - 2014-05-05 15:22 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-05-05 15:22 - 2014-05-05 15:22 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-05-05 14:55 - 2014-05-05 15:00 - 323060176 _____ (Image-Line) C:\Users\Luca\Downloads\flstudio_11.1.exe
2014-05-05 14:50 - 2014-05-05 14:50 - 00033396 _____ () C:\Users\Luca\Downloads\Private eXploit Generator v11.zip
2014-05-05 14:50 - 2014-05-05 14:50 - 00033396 _____ () C:\Users\Luca\Downloads\Private eXploit Generator v11 (1).zip
2014-05-03 03:12 - 2014-05-03 03:12 - 00000000 ____D () C:\Users\Luca\Desktop\neue hacke
2014-05-03 02:37 - 2014-05-03 02:37 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\DropboxMaster
2014-04-28 15:55 - 2014-04-28 15:55 - 00001189 _____ () C:\Users\Luca\Desktop\The Elder Scrolls V Skyrim (2).lnk
2014-04-27 19:12 - 2014-04-27 19:12 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\Cloud Downloader - CHIP-Downloader.exe
2014-04-27 19:12 - 2014-04-27 19:12 - 00003172 _____ () C:\Windows\System32\Tasks\{D34DEE04-6854-467A-9CD6-7FA76AAFB58C}
2014-04-27 17:02 - 2014-04-27 17:02 - 00018727 _____ () C:\Users\Luca\AppData\Local\recently-used.xbel
2014-04-27 01:13 - 2014-04-27 01:13 - 00000000 ____D () C:\Users\Luca\AppData\Local\Ubisoft
2014-04-26 02:41 - 2014-04-26 02:41 - 00000446 __RSH () C:\ProgramData\ntuser.pol
2014-04-26 02:41 - 2014-04-26 02:41 - 00000000 ____D () C:\usb_driver
2014-04-24 20:06 - 2014-04-24 20:06 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2014-04-24 20:06 - 2014-04-24 20:06 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WinUSBCoInstaller.dll
2014-04-24 19:20 - 2014-04-24 19:20 - 02056192 _____ () C:\Users\Luca\Downloads\CMInstaller.msi
2014-04-24 03:57 - 2014-04-24 04:35 - 1689175370 _____ () C:\Users\Luca\Desktop\diablo take 2_x264.avi
2014-04-23 17:09 - 2014-04-23 17:09 - 00187454 _____ () C:\Users\Luca\Desktop\jhg.wav
2014-04-23 17:07 - 2014-04-23 17:07 - 01730814 _____ () C:\Users\Luca\Desktop\sorey.wav
2014-04-23 16:47 - 2014-04-23 16:47 - 00038589 _____ () C:\Users\Luca\Desktop\treetwonimmseinfach.camproj
2014-04-23 13:23 - 2014-04-23 13:23 - 00000000 ____D () C:\Users\Luca\AppData\Local\Blizzard
2014-04-23 13:13 - 2014-04-23 13:23 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-04-23 13:13 - 2014-04-23 13:13 - 00001157 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-04-23 13:13 - 2014-04-23 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-04-23 01:18 - 2014-04-23 01:18 - 00377992 _____ () C:\Users\Luca\Desktop\luv.xcf
2014-04-23 01:10 - 2014-04-23 01:10 - 00021452 _____ () C:\Users\Luca\Downloads\riesling.zip
2014-04-23 01:09 - 2014-04-23 01:09 - 00077675 _____ () C:\Users\Luca\Downloads\young_beautiful.zip
2014-04-23 01:09 - 2014-04-23 01:09 - 00028978 _____ () C:\Users\Luca\Downloads\mademoiselle_k.zip
2014-04-23 01:09 - 2014-04-23 01:09 - 00024871 _____ () C:\Users\Luca\Downloads\angelique_ma_douce_colombe.zip
2014-04-21 16:35 - 2014-04-21 16:35 - 00000043 _____ () C:\Users\Luca\Desktop\Neues Textdokument (2).txt
2014-04-20 01:02 - 2014-04-20 01:02 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shutdown4U
2014-04-20 01:02 - 2014-04-20 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutdown4U
2014-04-20 01:02 - 2014-04-20 01:02 - 00000000 ____D () C:\Program Files\Shutdown4U
2014-04-20 01:01 - 2014-04-20 01:01 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\Shutdown4U - CHIP-Downloader.exe
2014-04-19 22:12 - 2014-04-19 22:12 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\335.23-desktop-win8-win7-winvista-64bit-international-whql - CHIP-Downloader.exe
2014-04-15 21:08 - 2014-04-15 21:56 - 861531398 _____ () C:\Users\Luca\Downloads\l4d2_2013-patch_2.1.3.5_nosTEAM.exe
2014-04-15 21:04 - 2014-04-15 21:05 - 55094501 _____ () C:\Users\Luca\Downloads\l4d2_2013_nosTEAM.zip
2014-04-14 05:22 - 2014-04-14 05:22 - 00270478 _____ () C:\Users\Luca\Downloads\Water_Drop_by_SilverRose_Stock.zip
2014-04-14 05:02 - 2014-04-14 05:02 - 05679379 _____ () C:\Users\Luca\Downloads\lion_ornament_doorknobs_png_by_m10tje-d4hu6sq.rar
2014-04-14 04:49 - 2014-04-14 04:49 - 02969821 _____ () C:\Users\Luca\Desktop\Unbenannt.xcf
2014-04-14 04:48 - 2014-04-14 04:48 - 04444933 _____ () C:\Users\Luca\Downloads\GIMP_Arcane_Runes_Brushes_by_Project_GimpBC.zip
2014-04-14 04:41 - 2014-04-14 04:41 - 04366325 _____ () C:\Users\Luca\Downloads\GIMP_Arcane_Circles_Brushes_by_Project_GimpBC.zip
2014-04-14 04:28 - 2014-04-14 04:28 - 02194142 _____ () C:\Users\Luca\Downloads\photoshop_tech_brushes_by_fortelegy-d46q07z.zip
2014-04-14 04:27 - 2014-04-14 04:27 - 00459583 _____ () C:\Users\Luca\Downloads\Bullet_Holes_Brushes_by_redheadstock.zip
2014-04-13 01:17 - 2014-04-13 01:17 - 00533648 _____ () C:\Users\Luca\Downloads\HDvid-codec-Chrome (1).exe
2014-04-12 23:23 - 2014-05-05 14:34 - 00000000 ____D () C:\Users\Luca\AppData\Local\Spotify
2014-04-12 23:23 - 2014-04-12 23:23 - 00001785 _____ () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-04-12 23:22 - 2014-05-06 23:06 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Spotify
2014-04-12 23:22 - 2014-04-12 23:22 - 00126112 _____ (Spotify Ltd) C:\Users\Luca\Downloads\SpotifySetup.exe
2014-04-10 21:44 - 2014-04-10 21:44 - 00000000 _____ () C:\Users\Luca\Desktop\Neues Textdokument.txt
2014-04-09 23:39 - 2014-04-09 23:39 - 00068923 _____ () C:\Users\Luca\Desktop\payday5 unrendered.camproj
2014-04-09 22:16 - 2014-04-09 22:16 - 07074573 _____ () C:\Users\Luca\Desktop\diablo three wan (Frame 0_11_38;26).xcf
2014-04-09 20:55 - 2014-04-09 20:55 - 00086944 _____ () C:\Users\Luca\Downloads\ice_sticks.zip
2014-04-09 20:53 - 2014-04-09 20:53 - 00029718 _____ () C:\Users\Luca\Downloads\winterice.zip
2014-04-09 20:12 - 2014-04-09 20:13 - 31429160 _____ (Any-Video-Converter.com ) C:\Users\Luca\Downloads\avc-free (3).exe
2014-04-09 19:20 - 2014-04-09 19:20 - 00063487 _____ () C:\Users\Luca\Desktop\diablo three wan two.camproj
2014-04-09 19:20 - 2014-04-09 19:20 - 00020158 _____ () C:\Users\Luca\Desktop\diablo three wan two 4.camproj
2014-04-09 14:53 - 2014-04-09 14:53 - 00042969 _____ () C:\Users\Luca\Desktop\diablo three wan.camproj
2014-04-09 14:28 - 2014-04-09 14:29 - 24126958 _____ () C:\Users\Luca\Desktop\Diablo 3 Cinematic Trailer deutsch HD.avi
2014-04-09 14:21 - 2014-04-09 14:21 - 00636688 _____ () C:\Users\Luca\Downloads\FreeYouTubeDownload (1).exe

==================== One Month Modified Files and Folders =======

2014-05-07 19:10 - 2014-05-07 19:10 - 00030038 _____ () C:\Users\Luca\Downloads\FRST.txt
2014-05-07 19:10 - 2014-05-07 19:10 - 00000000 ____D () C:\FRST
2014-05-07 19:09 - 2014-05-07 19:09 - 02063872 _____ (Farbar) C:\Users\Luca\Downloads\FRST64.exe
2014-05-07 19:02 - 2014-01-04 01:39 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-07 18:27 - 2013-09-12 18:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-07 18:18 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-07 18:18 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-07 17:42 - 2013-01-01 23:38 - 00606284 _____ () C:\Windows\WindowsUpdate.log
2014-05-07 17:33 - 2013-11-16 15:06 - 00000000 ___RD () C:\Users\Luca\Dropbox
2014-05-07 17:33 - 2013-11-16 15:01 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Dropbox
2014-05-07 17:32 - 2014-05-07 17:31 - 00000374 _____ () C:\Users\Luca\Desktop\Neues Textdokument (3).txt
2014-05-07 17:32 - 2014-03-22 17:21 - 00031366 _____ () C:\Windows\setupact.log
2014-05-07 17:32 - 2014-01-04 01:39 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-07 17:32 - 2013-09-13 08:39 - 00230102 _____ () C:\Windows\PFRO.log
2014-05-07 17:32 - 2013-01-02 00:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-07 17:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-07 14:48 - 2013-11-06 17:46 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2014-05-06 23:06 - 2014-04-12 23:22 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Spotify
2014-05-06 14:09 - 2014-05-06 14:09 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-06 14:09 - 2014-05-06 14:09 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-06 14:09 - 2014-05-06 14:09 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-06 14:09 - 2014-05-06 14:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-06 14:08 - 2014-05-06 14:07 - 24625644 _____ () C:\Users\Luca\Downloads\mse-install45.zip
2014-05-06 14:07 - 2014-05-06 14:07 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\Microsoft Security Essentials - CHIP-Downloader.exe
2014-05-06 14:02 - 2014-05-06 14:02 - 00032336 _____ () C:\Users\Luca\Downloads\Addition.txt
2014-05-06 13:54 - 2014-05-06 13:54 - 00000480 _____ () C:\Users\Luca\Downloads\defogger_disable.log
2014-05-06 13:49 - 2013-10-18 17:31 - 00000000 ____D () C:\Windows\Minidump
2014-05-06 13:49 - 2013-01-01 23:29 - 00304282 ____N () C:\Windows\Minidump\050614-19468-01.dmp
2014-05-06 13:48 - 2014-05-06 13:44 - 00000000 ____D () C:\Users\Luca\AppData\Local\lptmp1067569924
2014-05-06 13:48 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 13:47 - 2014-05-06 13:40 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Systweak
2014-05-06 13:45 - 2013-09-12 23:45 - 00000000 ____D () C:\Users\Luca\Desktop\Games
2014-05-06 13:45 - 2013-01-02 00:14 - 00000000 ____D () C:\Users\Luca\Desktop\Programme
2014-05-06 13:39 - 2014-05-06 13:40 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Luca\Downloads\ParetoLogic%20PC%20Health%20Advisor_de.exe
2014-05-06 13:39 - 2014-05-06 13:39 - 00641568 _____ () C:\Users\Luca\Downloads\download-pc-health-advisor.exe
2014-05-06 13:35 - 2014-05-06 13:35 - 00610769 _____ () C:\Users\Luca\Downloads\depends22_x86.zip
2014-05-06 00:00 - 2013-09-12 18:34 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Azureus
2014-05-05 19:43 - 2014-05-05 19:43 - 00001206 _____ () C:\Users\Luca\Desktop\CINEMA 4D Demo 64 Bit.lnk
2014-05-05 19:43 - 2014-05-05 19:42 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXON
2014-05-05 19:43 - 2013-12-09 15:50 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\MAXON
2014-05-05 19:37 - 2013-09-29 14:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-05 19:36 - 2014-01-15 14:10 - 00000000 ____D () C:\Program Files\MAXON
2014-05-05 17:29 - 2014-05-05 16:52 - 2958994837 _____ () C:\Users\Luca\Downloads\installer_r15_demo.zip
2014-05-05 17:06 - 2013-01-01 23:39 - 00000000 ___RD () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-05 16:58 - 2013-09-13 16:21 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-05 16:58 - 2013-09-12 18:47 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Adobe
2014-05-05 16:34 - 2013-09-14 02:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-05 16:15 - 2014-04-04 19:37 - 00000000 ____D () C:\Users\Luca\AppData\Local\Battle.net
2014-05-05 15:22 - 2014-05-05 15:22 - 00002040 _____ () C:\Users\Public\Desktop\FL Studio 11.lnk
2014-05-05 15:22 - 2014-05-05 15:22 - 00001138 _____ () C:\Users\Luca\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2014-05-05 15:22 - 2014-05-05 15:22 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-05-05 15:22 - 2014-05-05 15:22 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-05-05 15:21 - 2013-09-13 18:50 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-05-05 15:20 - 2013-11-06 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-05-05 15:20 - 2013-11-06 17:46 - 00000000 ____D () C:\Program Files\Image-Line
2014-05-05 15:20 - 2013-11-06 17:42 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-05-05 15:19 - 2013-09-13 15:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-05 15:10 - 2013-09-18 19:11 - 00000000 ____D () C:\Users\Luca\Desktop\Aufnahme
2014-05-05 15:00 - 2014-05-05 14:55 - 323060176 _____ (Image-Line) C:\Users\Luca\Downloads\flstudio_11.1.exe
2014-05-05 14:50 - 2014-05-05 14:50 - 00033396 _____ () C:\Users\Luca\Downloads\Private eXploit Generator v11.zip
2014-05-05 14:50 - 2014-05-05 14:50 - 00033396 _____ () C:\Users\Luca\Downloads\Private eXploit Generator v11 (1).zip
2014-05-05 14:34 - 2014-04-12 23:23 - 00000000 ____D () C:\Users\Luca\AppData\Local\Spotify
2014-05-03 20:57 - 2013-11-10 02:24 - 00000000 ____D () C:\Users\Luca\Desktop\C4D,PS,AE
2014-05-03 16:26 - 2013-09-15 16:33 - 00000000 ____D () C:\Users\Luca\AppData\Local\CrashDumps
2014-05-03 16:25 - 2013-09-12 18:52 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Skype
2014-05-03 03:12 - 2014-05-03 03:12 - 00000000 ____D () C:\Users\Luca\Desktop\neue hacke
2014-05-03 02:37 - 2014-05-03 02:37 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\DropboxMaster
2014-05-03 02:36 - 2013-11-16 15:04 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-02 14:09 - 2014-04-04 19:37 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-30 13:57 - 2013-09-12 18:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-30 13:57 - 2013-09-12 18:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 13:57 - 2013-09-12 18:47 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-30 13:57 - 2013-09-12 18:46 - 00000000 ____D () C:\Users\Luca\AppData\Local\Adobe
2014-04-29 18:03 - 2013-10-26 23:12 - 00007600 _____ () C:\Users\Luca\AppData\Local\Resmon.ResmonCfg
2014-04-28 16:05 - 2014-01-01 19:21 - 00291760 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-04-28 16:05 - 2013-09-20 17:23 - 00291760 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-04-28 16:02 - 2014-01-01 19:21 - 00291488 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-04-28 15:55 - 2014-04-28 15:55 - 00001189 _____ () C:\Users\Luca\Desktop\The Elder Scrolls V Skyrim (2).lnk
2014-04-27 19:14 - 2014-03-20 16:09 - 00000000 ____D () C:\Users\Luca\Desktop\Luca´s music Playground
2014-04-27 19:12 - 2014-04-27 19:12 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\Cloud Downloader - CHIP-Downloader.exe
2014-04-27 19:12 - 2014-04-27 19:12 - 00003172 _____ () C:\Windows\System32\Tasks\{D34DEE04-6854-467A-9CD6-7FA76AAFB58C}
2014-04-27 17:47 - 2014-02-03 18:13 - 00000000 ____D () C:\Users\Luca\.gimp-2.8
2014-04-27 17:44 - 2013-11-30 17:45 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\.technic
2014-04-27 17:02 - 2014-04-27 17:02 - 00018727 _____ () C:\Users\Luca\AppData\Local\recently-used.xbel
2014-04-27 02:17 - 2014-02-03 18:31 - 00000000 ____D () C:\Users\Luca\AppData\Local\gtk-2.0
2014-04-27 01:15 - 2013-09-20 17:23 - 00000000 ____D () C:\Users\Luca\AppData\Local\PunkBuster
2014-04-27 01:13 - 2014-04-27 01:13 - 00000000 ____D () C:\Users\Luca\AppData\Local\Ubisoft
2014-04-27 01:13 - 2013-09-20 17:22 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-04-26 19:55 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-04-26 18:04 - 2013-10-26 15:15 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-26 02:41 - 2014-04-26 02:41 - 00000446 __RSH () C:\ProgramData\ntuser.pol
2014-04-26 02:41 - 2014-04-26 02:41 - 00000000 ____D () C:\usb_driver
2014-04-26 02:41 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-25 22:03 - 2013-01-01 23:29 - 00304354 ____N () C:\Windows\Minidump\042514-11107-01.dmp
2014-04-25 14:49 - 2014-05-06 13:40 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-04-24 20:58 - 2013-12-23 22:36 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\TS3Client
2014-04-24 20:06 - 2014-04-24 20:06 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2014-04-24 20:06 - 2014-04-24 20:06 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WinUSBCoInstaller.dll
2014-04-24 20:05 - 2013-01-01 23:38 - 00000000 ____D () C:\Users\Luca
2014-04-24 19:20 - 2014-04-24 19:20 - 02056192 _____ () C:\Users\Luca\Downloads\CMInstaller.msi
2014-04-24 04:35 - 2014-04-24 03:57 - 1689175370 _____ () C:\Users\Luca\Desktop\diablo take 2_x264.avi
2014-04-23 17:09 - 2014-04-23 17:09 - 00187454 _____ () C:\Users\Luca\Desktop\jhg.wav
2014-04-23 17:07 - 2014-04-23 17:07 - 01730814 _____ () C:\Users\Luca\Desktop\sorey.wav
2014-04-23 16:47 - 2014-04-23 16:47 - 00038589 _____ () C:\Users\Luca\Desktop\treetwonimmseinfach.camproj
2014-04-23 13:23 - 2014-04-23 13:23 - 00000000 ____D () C:\Users\Luca\AppData\Local\Blizzard
2014-04-23 13:23 - 2014-04-23 13:13 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-04-23 13:13 - 2014-04-23 13:13 - 00001157 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-04-23 13:13 - 2014-04-23 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-04-23 13:05 - 2014-03-23 13:01 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-23 13:05 - 2009-07-14 06:45 - 05064080 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-23 04:03 - 2014-02-13 22:16 - 00000000 ____D () C:\Users\Luca\AppData\Local\DayZ
2014-04-23 02:35 - 2013-01-02 00:13 - 00095896 _____ () C:\Users\Luca\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-23 01:18 - 2014-04-23 01:18 - 00377992 _____ () C:\Users\Luca\Desktop\luv.xcf
2014-04-23 01:10 - 2014-04-23 01:10 - 00021452 _____ () C:\Users\Luca\Downloads\riesling.zip
2014-04-23 01:09 - 2014-04-23 01:09 - 00077675 _____ () C:\Users\Luca\Downloads\young_beautiful.zip
2014-04-23 01:09 - 2014-04-23 01:09 - 00028978 _____ () C:\Users\Luca\Downloads\mademoiselle_k.zip
2014-04-23 01:09 - 2014-04-23 01:09 - 00024871 _____ () C:\Users\Luca\Downloads\angelique_ma_douce_colombe.zip
2014-04-22 20:39 - 2014-02-06 21:41 - 02346942 _____ () C:\Users\Luca\Downloads\TechnicLauncher.exe
2014-04-22 16:32 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-04-22 16:32 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-04-22 16:32 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-21 16:35 - 2014-04-21 16:35 - 00000043 _____ () C:\Users\Luca\Desktop\Neues Textdokument (2).txt
2014-04-20 01:02 - 2014-04-20 01:02 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shutdown4U
2014-04-20 01:02 - 2014-04-20 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutdown4U
2014-04-20 01:02 - 2014-04-20 01:02 - 00000000 ____D () C:\Program Files\Shutdown4U
2014-04-20 01:01 - 2014-04-20 01:01 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\Shutdown4U - CHIP-Downloader.exe
2014-04-19 22:12 - 2014-04-19 22:12 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\335.23-desktop-win8-win7-winvista-64bit-international-whql - CHIP-Downloader.exe
2014-04-18 03:25 - 2013-01-01 23:29 - 00304474 ____N () C:\Windows\Minidump\041814-12152-01.dmp
2014-04-17 14:11 - 2013-09-12 18:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-15 21:56 - 2014-04-15 21:08 - 861531398 _____ () C:\Users\Luca\Downloads\l4d2_2013-patch_2.1.3.5_nosTEAM.exe
2014-04-15 21:05 - 2014-04-15 21:04 - 55094501 _____ () C:\Users\Luca\Downloads\l4d2_2013_nosTEAM.zip
2014-04-14 05:28 - 2014-04-01 00:31 - 00692376 _____ () C:\Users\Luca\Desktop\hardcorenminimal.xcf
2014-04-14 05:22 - 2014-04-14 05:22 - 00270478 _____ () C:\Users\Luca\Downloads\Water_Drop_by_SilverRose_Stock.zip
2014-04-14 05:02 - 2014-04-14 05:02 - 05679379 _____ () C:\Users\Luca\Downloads\lion_ornament_doorknobs_png_by_m10tje-d4hu6sq.rar
2014-04-14 04:49 - 2014-04-14 04:49 - 02969821 _____ () C:\Users\Luca\Desktop\Unbenannt.xcf
2014-04-14 04:48 - 2014-04-14 04:48 - 04444933 _____ () C:\Users\Luca\Downloads\GIMP_Arcane_Runes_Brushes_by_Project_GimpBC.zip
2014-04-14 04:41 - 2014-04-14 04:41 - 04366325 _____ () C:\Users\Luca\Downloads\GIMP_Arcane_Circles_Brushes_by_Project_GimpBC.zip
2014-04-14 04:28 - 2014-04-14 04:28 - 02194142 _____ () C:\Users\Luca\Downloads\photoshop_tech_brushes_by_fortelegy-d46q07z.zip
2014-04-14 04:27 - 2014-04-14 04:27 - 00459583 _____ () C:\Users\Luca\Downloads\Bullet_Holes_Brushes_by_redheadstock.zip
2014-04-13 04:37 - 2014-04-04 19:54 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-04-13 01:17 - 2014-04-13 01:17 - 00533648 _____ () C:\Users\Luca\Downloads\HDvid-codec-Chrome (1).exe
2014-04-12 23:23 - 2014-04-12 23:23 - 00001785 _____ () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-04-12 23:22 - 2014-04-12 23:22 - 00126112 _____ (Spotify Ltd) C:\Users\Luca\Downloads\SpotifySetup.exe
2014-04-11 11:27 - 2014-04-06 01:38 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-10 21:44 - 2014-04-10 21:44 - 00000000 _____ () C:\Users\Luca\Desktop\Neues Textdokument.txt
2014-04-09 23:39 - 2014-04-09 23:39 - 00068923 _____ () C:\Users\Luca\Desktop\payday5 unrendered.camproj
2014-04-09 22:16 - 2014-04-09 22:16 - 07074573 _____ () C:\Users\Luca\Desktop\diablo three wan (Frame 0_11_38;26).xcf
2014-04-09 21:18 - 2013-10-05 20:41 - 00000000 ____D () C:\Games
2014-04-09 21:18 - 2013-09-17 17:42 - 00000000 ____D () C:\Users\Luca\Documents\My Games
2014-04-09 20:55 - 2014-04-09 20:55 - 00086944 _____ () C:\Users\Luca\Downloads\ice_sticks.zip
2014-04-09 20:53 - 2014-04-09 20:53 - 00029718 _____ () C:\Users\Luca\Downloads\winterice.zip
2014-04-09 20:13 - 2014-04-09 20:12 - 31429160 _____ (Any-Video-Converter.com ) C:\Users\Luca\Downloads\avc-free (3).exe
2014-04-09 19:20 - 2014-04-09 19:20 - 00063487 _____ () C:\Users\Luca\Desktop\diablo three wan two.camproj
2014-04-09 19:20 - 2014-04-09 19:20 - 00020158 _____ () C:\Users\Luca\Desktop\diablo three wan two 4.camproj
2014-04-09 14:53 - 2014-04-09 14:53 - 00042969 _____ () C:\Users\Luca\Desktop\diablo three wan.camproj
2014-04-09 14:29 - 2014-04-09 14:28 - 24126958 _____ () C:\Users\Luca\Desktop\Diablo 3 Cinematic Trailer deutsch HD.avi
2014-04-09 14:25 - 2013-11-10 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-04-09 14:25 - 2013-11-10 02:04 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-09 14:25 - 2013-10-09 15:26 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\DVDVideoSoft
2014-04-09 14:21 - 2014-04-09 14:21 - 00636688 _____ () C:\Users\Luca\Downloads\FreeYouTubeDownload (1).exe

Some content of TEMP:
====================
C:\Users\Luca\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpumsydl.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2013-01-01 23:42] - [2011-02-25 08:36] - 0295296 ____A (Microsoft Corporation) C9D0EAF58D6BA71E128E715EA43AD87D



LastRegBack: 2014-05-01 14:43

==================== End Of Log ============================
         
--- --- ---


Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-05-2014
Ran by Luca at 2014-05-07 19:10:34
Running from C:\Users\Luca\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v3.00 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 3.00 - FinalWire Ltd.)
Any Video Converter 5.5.8 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
AVS Video ReMaker 4.3.1.161 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 4.3.1.161 - Online Media Technologies Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version:  - )
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Camtasia Studio 8 (HKLM-x32\...\{F5C9BE9A-04C3-4A72-8CD0-BB67C722D608}) (Version: 8.1.2.1344 - TechSmith Corporation)
CINEMA 4D Demo 15.057 (HKLM\...\MAXONE03ECA7E) (Version: 15.057 - MAXON Computer GmbH)
Counter-Strike: Source (HKLM-x32\...\Counter-Strike: Source) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dragon's Prophet (EU) (HKLM-x32\...\Steam App 259020) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube Download version 3.2.32.327 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.32.327 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.30.319 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.30.319 - DVDVideoSoft Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2884 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (Version: 4.5.50861 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.659 - Electronic Arts)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version:  - Cryptic Studios)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
RIFT™ (HKLM-x32\...\Steam App 39120) (Version:  - Trion Worlds)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
SAMSUNG Android USB Modem Software (HKLM\...\SAMSUNG Android USB Modem) (Version: V5.28.2.1 - )
Sauerbraten (HKLM-x32\...\Sauerbraten) (Version:  - )
SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - )
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Shutdown4U (HKLM-x32\...\Shutdown4U) (Version:  - )
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
TextMaker Viewer (HKLM-x32\...\TextMaker Viewer) (Version:  - SoftMaker Software GmbH)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version:  - Ubisoft Singapore)
Tor (remove only) (HKLM-x32\...\Tor) (Version:  - )
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.2.0.0 - Azureus Software, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WPM17.8.0.3442 (HKLM-x32\...\WPM) (Version: 17.8.0.3442 - Cherished Technololgy LIMITED) <==== ATTENTION

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2013-09-20 17:01 - 2011-12-22 16:11 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {16316755-0DBF-41E5-A9A1-C20F7EC10265} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-04] (Google Inc.)
Task: {2BC8F961-CCF9-4E20-AD88-DA4002E60D45} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe
Task: {51CFC7AC-0595-4673-A78B-22A2EE3863C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-04] (Google Inc.)
Task: {A6B799F4-F654-4A68-B93F-10C0FE78C89A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-30] (Adobe Systems Incorporated)
Task: {B0D692B1-ECE6-47D5-BC64-2EBAD9DC4AC4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\AAvast\AvastEmUpdate.exe [2014-03-23] (AVAST Software)
Task: {F7C95EEE-8CE9-4AF5-B6C6-0D32207E016D} - System32\Tasks\AdobeAAMUpdater-1.0-Luca-PC-Luca => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-20 17:22 - 2014-04-27 01:13 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-07 12:31 - 2014-05-07 12:31 - 02253312 _____ () C:\Program Files\AVAST Software\AAvast\defs\14050700\algo.dll
2014-05-07 17:33 - 2014-05-07 17:33 - 00041984 _____ () c:\users\luca\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpumsydl.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Luca\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-30 15:04 - 2014-04-24 02:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-30 15:04 - 2014-04-24 02:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-30 15:04 - 2014-04-24 02:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-30 15:04 - 2014-04-24 02:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-30 15:04 - 2014-04-24 02:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-30 15:04 - 2014-04-24 02:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-04-30 15:04 - 2014-04-24 02:33 - 13692232 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FileZilla Server => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: IePluginService => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: OverwolfUpdaterService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: Wpm => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Xfire2.lnk => C:\Windows\pss\Xfire2.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Luca^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^Luca^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Luca^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire2.lnk => C:\Windows\pss\Xfire2.lnk.Startup
MSCONFIG\startupreg: 20131121 => C:\Program Files\AVAST Software\Avast\setup\emupdate\d7b75d88-4a8c-4970-ad30-67d2d5f9da39.exe /check
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Battle.net => "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe" --autostarted
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: FileZilla Server Interface => "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: ProfilerU => C:\Program Files\SmartTechnology\Software\ProfilerU.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RocketDock => "C:\Program Files (x86)\RocketDock\RocketDock.exe"
MSCONFIG\startupreg: SaiMfd => C:\Program Files\SmartTechnology\Software\SaiMfd.exe
MSCONFIG\startupreg: se => "C:\Users\Luca\AppData\Roaming\SkypEmoticons\SE.exe"  /minimized 
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Luca\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Luca\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: Xfire => C:\Program Files (x86)\Xfire2\Xfire.exe

==================== Faulty Device Manager Devices =============

Name: USB Camera-B4.04.27.1
Description: USB Camera-B4.04.27.1
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/07/2014 07:10:36 PM) (Source: VSS) (User: ) (EventID: 8193)
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/07/2014 07:10:36 PM) (Source: VSS) (User: ) (EventID: 13)
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   VSS-Server wird instanziiert

Error: (05/06/2014 08:32:19 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm chrome.exe, Version 34.0.1847.131 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 660

Startzeit: 01cf695970ddb1d7

Endzeit: 16

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: bb79540f-d54c-11e3-acbc-60a44ccaf0fb

Error: (05/06/2014 02:02:18 PM) (Source: VSS) (User: ) (EventID: 8193)
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/06/2014 02:02:18 PM) (Source: VSS) (User: ) (EventID: 13)
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   VSS-Server wird instanziiert

Error: (05/05/2014 04:17:45 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm Skype.exe, Version 6.14.0.104 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: adc

Startzeit: 01cf685e34e25564

Endzeit: 150

Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe

Berichts-ID:

Error: (05/03/2014 07:33:47 PM) (Source: SideBySide) (User: ) (EventID: 59)
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (05/03/2014 04:37:25 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm firefox.exe, Version 27.0.1.5156 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1640

Startzeit: 01cf66dd0c5bcba3

Endzeit: 18

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 6f975c06-d2d0-11e3-98a4-60a44ccaf0fb

Error: (05/03/2014 04:26:09 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 11.10.11.1, Zeitstempel: 0x52ddc011
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x74f1e254
ID des fehlerhaften Prozesses: 0xa88
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3

Error: (05/02/2014 09:25:49 PM) (Source: SideBySide) (User: ) (EventID: 59)
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.


System errors:
=============
Error: (05/07/2014 05:43:14 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 0.0.0.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/07/2014 05:43:14 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2003)
Description: Beim Aktualisieren des Moduls wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Modulversion: 

	Vorherige Modulversion: 

	Modultyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Fehlercode: %NT-AUTORITÄT601

	Fehlerbeschreibung: %NT-AUTORITÄT602

Error: (05/07/2014 05:43:14 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 

	Aktualisierungsquelle: %NT-AUTORITÄT15

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/07/2014 05:42:58 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.173.1428.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/06/2014 02:12:16 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.173.1428.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/06/2014 02:12:16 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 0.0.0.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/06/2014 02:12:16 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2003)
Description: Beim Aktualisieren des Moduls wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Modulversion: 

	Vorherige Modulversion: 

	Modultyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Fehlercode: %NT-AUTORITÄT601

	Fehlerbeschreibung: %NT-AUTORITÄT602

Error: (05/06/2014 02:12:16 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 

	Aktualisierungsquelle: %NT-AUTORITÄT15

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/06/2014 02:11:50 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %Luca-PC60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 0.0.0.0

	Aktualisierungsquelle: %Luca-PC51

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %Luca-PC602

	Aktualisierungstyp: %Luca-PC604

	Benutzer: Luca-PC\Luca

	Aktuelle Modulversion: %Luca-PC605

	Vorherige Modulversion: %Luca-PC606

	Fehlercode: %Luca-PC607

	Fehlerbeschreibung: %Luca-PC608

Error: (05/06/2014 02:11:50 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2003)
Description: Beim Aktualisieren des Moduls wurde von %Luca-PC60 ein Fehler festgestellt.

	Neue Modulversion: 

	Vorherige Modulversion: 

	Modultyp: %Luca-PC604

	Benutzer: Luca-PC\Luca

	Fehlercode: %Luca-PC601

	Fehlerbeschreibung: %Luca-PC602


Microsoft Office Sessions:
=========================
Error: (05/07/2014 07:10:36 PM) (Source: VSS) (User: ) (EventID: 8193)
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/07/2014 07:10:36 PM) (Source: VSS) (User: ) (EventID: 13)
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/06/2014 08:32:19 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: chrome.exe34.0.1847.13166001cf695970ddb1d716C:\Program Files (x86)\Google\Chrome\Application\chrome.exebb79540f-d54c-11e3-acbc-60a44ccaf0fb

Error: (05/06/2014 02:02:18 PM) (Source: VSS) (User: ) (EventID: 8193)
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/06/2014 02:02:18 PM) (Source: VSS) (User: ) (EventID: 13)
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/05/2014 04:17:45 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Skype.exe6.14.0.104adc01cf685e34e25564150C:\Program Files (x86)\Skype\Phone\Skype.exe

Error: (05/03/2014 07:33:47 PM) (Source: SideBySide) (User: ) (EventID: 59)
Description: c:\program files (x86)\Steam\steamapps\common\borderlands 2\Binaries\Win32\Launcher.exec:\program files (x86)\Steam\steamapps\common\borderlands 2\Binaries\Win32\Launcher.exe.Config0

Error: (05/03/2014 04:37:25 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: firefox.exe27.0.1.5156164001cf66dd0c5bcba318C:\Program Files (x86)\Mozilla Firefox\firefox.exe6f975c06-d2d0-11e3-98a4-60a44ccaf0fb

Error: (05/03/2014 04:26:09 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: NvBackend.exe11.10.11.152ddc011unknown0.0.0.000000000c00000fd74f1e254a8801cf66db683db9bcC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeunknownde498461-d2ce-11e3-98a4-60a44ccaf0fb

Error: (05/02/2014 09:25:49 PM) (Source: SideBySide) (User: ) (EventID: 59)
Description: c:\program files (x86)\Steam\steamapps\common\borderlands 2\Binaries\Win32\Launcher.exec:\program files (x86)\Steam\steamapps\common\borderlands 2\Binaries\Win32\Launcher.exe.Config0


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 4042.17 MB
Available physical RAM: 1963.02 MB
Total Pagefile: 8082.48 MB
Available Pagefile: 5805.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:152.71 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive f: () (Fixed) (Total:465.66 GB) (Free:365.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 0AA6531E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 72DB2739)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 07.05.2014, 18:31   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. - Standard

Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang.



Zitat:
Zitat von HC4L! Beitrag anzeigen
wow das ging schnell sieht warscheinlich grausam aus...
Naja, ist schon was zu machen an dem System

Liege aber sowieso krank im Bett, da kann ich Deine Logs gut studieren...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 07.05.2014, 18:37   #5
HC4L!
 
Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. - Standard

Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang.



haha oh gott dann gute besserung! Und danke für die mühen


Alt 08.05.2014, 09:23   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. - Standard

Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang.



Danke und Hallo,

so gehts weiter:

Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0
HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFind] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Run: [vaqljsh] => regsvr32.exe "C:\ProgramData\vaqljsh.dat"
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchisbestmy.info/?l=1&q={searchTerms}&pid=1320&r=2013/11/15&hid=2996348407604931384&lg=EN&cc=DE&unqvl=41
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
         
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Schritt 2
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


Schritt 3



Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.

Bitte poste das Fixlog.txt, das mbar-log, FRST.txt und Addition.txt in Deiner nächsten Antwort.
__________________
--> Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang.

Alt 08.05.2014, 15:47   #7
HC4L!
 
Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. - Standard

Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang.



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-05-2014
Ran by Luca at 2014-05-08 16:22:04 Run:1
Running from C:\Users\Luca\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0
HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFind] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Run: [vaqljsh] => regsvr32.exe "C:\ProgramData\vaqljsh.dat"
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchisbestmy.info/?l=1&q={searchTerms}&pid=1320&r=2013/11/15&hid=2996348407604931384&lg=EN&cc=DE&unqvl=41
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
         
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Run\\vaqljsh => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => Value deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKU\.DEFAULT\Software\Classes\exefile => Key deleted successfully.
HKU\.DEFAULT\Software\Classes\.exe => Key deleted successfully.
HKU\.DEFAULT\Software\Classes\exefile => Key not found.
HKU\S-1-5-19\Software\Classes\exefile => Key deleted successfully.
HKU\S-1-5-19\Software\Classes\.exe => Key deleted successfully.
HKU\S-1-5-19\Software\Classes\exefile => Key not found.
HKU\S-1-5-20\Software\Classes\exefile => Key deleted successfully.
HKU\S-1-5-20\Software\Classes\.exe => Key deleted successfully.
HKU\S-1-5-20\Software\Classes\exefile => Key not found.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Classes\exefile => Key deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Classes\.exe => Key deleted successfully.
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Classes\exefile => Key not found.

==== End of Fixlog ====
         
bei dem malware programm sagt er "keine malware gefunden"

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-05-2014
Ran by Luca at 2014-05-08 16:44:25
Running from C:\Users\Luca\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v3.00 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 3.00 - FinalWire Ltd.)
Any Video Converter 5.5.8 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
AVS Video ReMaker 4.3.1.161 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 4.3.1.161 - Online Media Technologies Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version:  - )
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Camtasia Studio 8 (HKLM-x32\...\{F5C9BE9A-04C3-4A72-8CD0-BB67C722D608}) (Version: 8.1.2.1344 - TechSmith Corporation)
CINEMA 4D Demo 15.057 (HKLM\...\MAXONE03ECA7E) (Version: 15.057 - MAXON Computer GmbH)
Counter-Strike: Source (HKLM-x32\...\Counter-Strike: Source) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dragon's Prophet (EU) (HKLM-x32\...\Steam App 259020) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube Download version 3.2.32.327 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.32.327 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.30.319 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.30.319 - DVDVideoSoft Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2884 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (Version: 4.5.50861 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.659 - Electronic Arts)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version:  - Cryptic Studios)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
RIFT™ (HKLM-x32\...\Steam App 39120) (Version:  - Trion Worlds)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
SAMSUNG Android USB Modem Software (HKLM\...\SAMSUNG Android USB Modem) (Version: V5.28.2.1 - )
Sauerbraten (HKLM-x32\...\Sauerbraten) (Version:  - )
SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - )
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Shutdown4U (HKLM-x32\...\Shutdown4U) (Version:  - )
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
TextMaker Viewer (HKLM-x32\...\TextMaker Viewer) (Version:  - SoftMaker Software GmbH)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version:  - Ubisoft Singapore)
Tor (remove only) (HKLM-x32\...\Tor) (Version:  - )
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.2.0.0 - Azureus Software, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WPM17.8.0.3442 (HKLM-x32\...\WPM) (Version: 17.8.0.3442 - Cherished Technololgy LIMITED) <==== ATTENTION

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2013-09-20 17:01 - 2011-12-22 16:11 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {16316755-0DBF-41E5-A9A1-C20F7EC10265} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-04] (Google Inc.)
Task: {2BC8F961-CCF9-4E20-AD88-DA4002E60D45} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe
Task: {51CFC7AC-0595-4673-A78B-22A2EE3863C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-04] (Google Inc.)
Task: {A6B799F4-F654-4A68-B93F-10C0FE78C89A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-30] (Adobe Systems Incorporated)
Task: {B0D692B1-ECE6-47D5-BC64-2EBAD9DC4AC4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\AAvast\AvastEmUpdate.exe [2014-03-23] (AVAST Software)
Task: {F7C95EEE-8CE9-4AF5-B6C6-0D32207E016D} - System32\Tasks\AdobeAAMUpdater-1.0-Luca-PC-Luca => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-20 17:22 - 2014-04-27 01:13 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-07 23:33 - 2014-05-07 23:33 - 02253312 _____ () C:\Program Files\AVAST Software\AAvast\defs\14050701\algo.dll
2014-05-08 13:28 - 2014-05-08 13:28 - 02253312 _____ () C:\Program Files\AVAST Software\AAvast\defs\14050800\algo.dll
2014-05-08 13:28 - 2014-05-08 13:28 - 00041984 _____ () c:\users\luca\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsmm3l7.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Luca\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-09 14:21 - 2014-04-22 00:55 - 00340480 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-04-23 00:54 - 2014-04-22 00:55 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2013-08-21 14:18 - 2014-04-01 00:09 - 00754688 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-09-06 12:55 - 2014-04-24 00:01 - 01092288 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-08-07 11:31 - 2014-03-03 21:15 - 20626624 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-09-06 12:55 - 2014-04-24 00:01 - 00119488 _____ () C:\Program Files (x86)\Steam\bin\audio.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00071680 _____ () C:\Program Files (x86)\Steam\bin\mssmp3.asi
2013-06-14 15:49 - 2013-06-15 01:49 - 00153088 _____ () C:\Program Files (x86)\Steam\bin\mssvoice.asi
2014-04-30 15:04 - 2014-04-24 02:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-30 15:04 - 2014-04-24 02:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-30 15:04 - 2014-04-24 02:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-30 15:04 - 2014-04-24 02:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-30 15:04 - 2014-04-24 02:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-30 15:04 - 2014-04-24 02:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FileZilla Server => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: IePluginService => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: OverwolfUpdaterService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: Wpm => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Xfire2.lnk => C:\Windows\pss\Xfire2.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Luca^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^Luca^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Luca^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire2.lnk => C:\Windows\pss\Xfire2.lnk.Startup
MSCONFIG\startupreg: 20131121 => C:\Program Files\AVAST Software\Avast\setup\emupdate\d7b75d88-4a8c-4970-ad30-67d2d5f9da39.exe /check
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Battle.net => "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe" --autostarted
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: FileZilla Server Interface => "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: ProfilerU => C:\Program Files\SmartTechnology\Software\ProfilerU.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RocketDock => "C:\Program Files (x86)\RocketDock\RocketDock.exe"
MSCONFIG\startupreg: SaiMfd => C:\Program Files\SmartTechnology\Software\SaiMfd.exe
MSCONFIG\startupreg: se => "C:\Users\Luca\AppData\Roaming\SkypEmoticons\SE.exe"  /minimized 
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Luca\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Luca\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: Xfire => C:\Program Files (x86)\Xfire2\Xfire.exe

==================== Faulty Device Manager Devices =============

Name: USB Camera-B4.04.27.1
Description: USB Camera-B4.04.27.1
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/08/2014 04:44:28 PM) (Source: VSS) (User: ) (EventID: 8193)
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/08/2014 04:44:28 PM) (Source: VSS) (User: ) (EventID: 13)
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   VSS-Server wird instanziiert

Error: (05/08/2014 02:46:15 PM) (Source: SideBySide) (User: ) (EventID: 59)
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (05/07/2014 07:10:36 PM) (Source: VSS) (User: ) (EventID: 8193)
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/07/2014 07:10:36 PM) (Source: VSS) (User: ) (EventID: 13)
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   VSS-Server wird instanziiert

Error: (05/06/2014 08:32:19 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm chrome.exe, Version 34.0.1847.131 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 660

Startzeit: 01cf695970ddb1d7

Endzeit: 16

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: bb79540f-d54c-11e3-acbc-60a44ccaf0fb

Error: (05/06/2014 02:02:18 PM) (Source: VSS) (User: ) (EventID: 8193)
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/06/2014 02:02:18 PM) (Source: VSS) (User: ) (EventID: 13)
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   VSS-Server wird instanziiert

Error: (05/05/2014 04:17:45 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm Skype.exe, Version 6.14.0.104 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: adc

Startzeit: 01cf685e34e25564

Endzeit: 150

Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe

Berichts-ID:

Error: (05/03/2014 07:33:47 PM) (Source: SideBySide) (User: ) (EventID: 59)
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.


System errors:
=============
Error: (05/07/2014 05:43:14 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 0.0.0.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/07/2014 05:43:14 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2003)
Description: Beim Aktualisieren des Moduls wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Modulversion: 

	Vorherige Modulversion: 

	Modultyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Fehlercode: %NT-AUTORITÄT601

	Fehlerbeschreibung: %NT-AUTORITÄT602

Error: (05/07/2014 05:43:14 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 

	Aktualisierungsquelle: %NT-AUTORITÄT15

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/07/2014 05:42:58 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.173.1428.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/06/2014 02:12:16 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.173.1428.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/06/2014 02:12:16 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 0.0.0.0

	Aktualisierungsquelle: %NT-AUTORITÄT51

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/06/2014 02:12:16 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2003)
Description: Beim Aktualisieren des Moduls wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Modulversion: 

	Vorherige Modulversion: 

	Modultyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Fehlercode: %NT-AUTORITÄT601

	Fehlerbeschreibung: %NT-AUTORITÄT602

Error: (05/06/2014 02:12:16 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 

	Aktualisierungsquelle: %NT-AUTORITÄT15

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (05/06/2014 02:11:50 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %Luca-PC60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 0.0.0.0

	Aktualisierungsquelle: %Luca-PC51

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %Luca-PC602

	Aktualisierungstyp: %Luca-PC604

	Benutzer: Luca-PC\Luca

	Aktuelle Modulversion: %Luca-PC605

	Vorherige Modulversion: %Luca-PC606

	Fehlercode: %Luca-PC607

	Fehlerbeschreibung: %Luca-PC608

Error: (05/06/2014 02:11:50 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2003)
Description: Beim Aktualisieren des Moduls wurde von %Luca-PC60 ein Fehler festgestellt.

	Neue Modulversion: 

	Vorherige Modulversion: 

	Modultyp: %Luca-PC604

	Benutzer: Luca-PC\Luca

	Fehlercode: %Luca-PC601

	Fehlerbeschreibung: %Luca-PC602


Microsoft Office Sessions:
=========================
Error: (05/08/2014 04:44:28 PM) (Source: VSS) (User: ) (EventID: 8193)
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/08/2014 04:44:28 PM) (Source: VSS) (User: ) (EventID: 13)
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/08/2014 02:46:15 PM) (Source: SideBySide) (User: ) (EventID: 59)
Description: c:\program files (x86)\Steam\steamapps\common\borderlands 2\Binaries\Win32\Launcher.exec:\program files (x86)\Steam\steamapps\common\borderlands 2\Binaries\Win32\Launcher.exe.Config0

Error: (05/07/2014 07:10:36 PM) (Source: VSS) (User: ) (EventID: 8193)
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/07/2014 07:10:36 PM) (Source: VSS) (User: ) (EventID: 13)
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/06/2014 08:32:19 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: chrome.exe34.0.1847.13166001cf695970ddb1d716C:\Program Files (x86)\Google\Chrome\Application\chrome.exebb79540f-d54c-11e3-acbc-60a44ccaf0fb

Error: (05/06/2014 02:02:18 PM) (Source: VSS) (User: ) (EventID: 8193)
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/06/2014 02:02:18 PM) (Source: VSS) (User: ) (EventID: 13)
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   VSS-Server wird instanziiert

Error: (05/05/2014 04:17:45 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Skype.exe6.14.0.104adc01cf685e34e25564150C:\Program Files (x86)\Skype\Phone\Skype.exe

Error: (05/03/2014 07:33:47 PM) (Source: SideBySide) (User: ) (EventID: 59)
Description: c:\program files (x86)\Steam\steamapps\common\borderlands 2\Binaries\Win32\Launcher.exec:\program files (x86)\Steam\steamapps\common\borderlands 2\Binaries\Win32\Launcher.exe.Config0


==================== Memory info =========================== 

Percentage of memory in use: 56%
Total physical RAM: 4042.17 MB
Available physical RAM: 1743.65 MB
Total Pagefile: 8082.48 MB
Available Pagefile: 5228.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:150.88 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive f: () (Fixed) (Total:465.66 GB) (Free:365.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 0AA6531E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 72DB2739)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 08.05.2014, 15:49   #8
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. - Standard

Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang.



Log bitte trotzdem posten...

Außerdem fehlt noch das FRST.txt...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 09.05.2014, 12:46   #9
HC4L!
 
Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. - Standard

Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang.



hatte garkeine mbar log gefunden hab sie aber jetzt..

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.05.08.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Luca :: LUCA-PC [administrator]

08.05.2014 16:25:47
mbar-log-2014-05-08 (16-25-47).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 253006
Time elapsed: 14 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-05-2014
Ran by Luca (administrator) on LUCA-PC on 08-05-2014 16:43:45
Running from C:\Users\Luca\Downloads
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\AAvast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dropbox, Inc.) C:\Users\Luca\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Game Inc.) C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corp.) C:\Users\Luca\Desktop\mbar-1.07.0.1009.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Malwarebytes Corporation) C:\Users\Luca\Desktop\mbar\mbar.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1803264 2012-06-07] (Game Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\AAvast\AvastUI.exe [3854640 2014-03-23] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\MountPoints2: {b4bb2a58-5469-11e2-a6e8-60a44ccaf0fb} - E:\INSTALL.EXE
Startup: C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Luca\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7DDB4D4F6AE8CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/my_homepage/1024/
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\AAvast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\AAvast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll No File
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default
FF user.js: detected! => C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\searchplugins\iminent.xml
FF SearchPlugin: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qone8.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_1122628946 [2014-05-06]
FF Extension: Video HTML5 HD Pro - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\Extensions\{08a20c7f-a810-448b-94fc-8407ad3dabec}.xpi [2013-10-24]
FF Extension: {418ca559-fba6-4b42-8da2-29b33ea08908} - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\Extensions\{418ca559-fba6-4b42-8da2-29b33ea08908}.xpi [2013-09-20]
FF Extension: Adblock Plus - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\AAvast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\AAvast\WebRep\FF [2014-03-23]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://start.qone8.com/?type=sc&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX

Chrome: 
=======
CHR HomePage: hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
CHR StartupUrls: "https://www.youtube.com/watch?v=6PZKNrDys88"
CHR Extension: (Google Drive) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-04]
CHR Extension: (YouTube) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-04]
CHR Extension: (Adblock Plus) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-05]
CHR Extension: (Google-Suche) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-04]
CHR Extension: (Google Wallet) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-04]
CHR Extension: (Google Mail) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-04]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-03-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\AAvast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Luca\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-04-06]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\AAvast\AvastSvc.exe [50344 2014-03-23] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-05-07] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S4 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-27] ()
S4 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-04-06] (Cherished Technololgy LIMITED)

==================== Drivers (Whitelisted) ====================

S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [32088 2013-06-02] ()
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40808 2014-03-27] (Google Inc)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-23] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-09-12] (DT Soft Ltd)
R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [27648 2012-05-11] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [117912 2012-11-19] (Qualcomm Atheros Co., Ltd.)
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-08] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119000 2014-05-08] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R3 SaiK1709; C:\Windows\System32\DRIVERS\SaiK1709.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1709; C:\Windows\System32\DRIVERS\SaiU1709.sys [47168 2012-09-20] (Saitek)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
U0 SR; 
U2 srservice; 
S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-08 16:25 - 2014-05-08 16:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-08 16:25 - 2014-05-08 16:25 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 16:24 - 2014-05-08 16:24 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-08 16:24 - 2014-05-08 16:24 - 00000000 ____D () C:\Users\Luca\Desktop\mbar
2014-05-08 16:23 - 2014-05-08 16:24 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Luca\Desktop\mbar-1.07.0.1009.exe
2014-05-07 19:10 - 2014-05-08 16:44 - 00016935 _____ () C:\Users\Luca\Downloads\FRST.txt
2014-05-07 19:10 - 2014-05-08 16:43 - 00000000 ____D () C:\FRST
2014-05-07 19:09 - 2014-05-07 19:09 - 02063872 _____ (Farbar) C:\Users\Luca\Downloads\FRST64.exe
2014-05-07 17:31 - 2014-05-07 17:32 - 00000374 _____ () C:\Users\Luca\Desktop\Neues Textdokument (3).txt
2014-05-06 14:09 - 2014-05-06 14:09 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-06 14:09 - 2014-05-06 14:09 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-06 14:09 - 2014-05-06 14:09 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-06 14:09 - 2014-05-06 14:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-06 14:07 - 2014-05-06 14:08 - 24625644 _____ () C:\Users\Luca\Downloads\mse-install45.zip
2014-05-06 14:07 - 2014-05-06 14:07 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\Microsoft Security Essentials - CHIP-Downloader.exe
2014-05-06 14:02 - 2014-05-07 19:10 - 00036600 _____ () C:\Users\Luca\Downloads\Addition.txt
2014-05-06 13:54 - 2014-05-06 13:54 - 00000480 _____ () C:\Users\Luca\Downloads\defogger_disable.log
2014-05-06 13:44 - 2014-05-06 13:48 - 00000000 ____D () C:\Users\Luca\AppData\Local\lptmp1067569924
2014-05-06 13:40 - 2014-05-06 13:47 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Systweak
2014-05-06 13:40 - 2014-05-06 13:39 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Luca\Downloads\ParetoLogic%20PC%20Health%20Advisor_de.exe
2014-05-06 13:40 - 2014-04-25 14:49 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-05-06 13:39 - 2014-05-06 13:39 - 00641568 _____ () C:\Users\Luca\Downloads\download-pc-health-advisor.exe
2014-05-06 13:35 - 2014-05-06 13:35 - 00610769 _____ () C:\Users\Luca\Downloads\depends22_x86.zip
2014-05-05 19:43 - 2014-05-05 19:43 - 00001206 _____ () C:\Users\Luca\Desktop\CINEMA 4D Demo 64 Bit.lnk
2014-05-05 19:42 - 2014-05-05 19:43 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXON
2014-05-05 16:52 - 2014-05-05 17:29 - 2958994837 _____ () C:\Users\Luca\Downloads\installer_r15_demo.zip
2014-05-05 15:22 - 2014-05-05 15:22 - 00002040 _____ () C:\Users\Public\Desktop\FL Studio 11.lnk
2014-05-05 15:22 - 2014-05-05 15:22 - 00001138 _____ () C:\Users\Luca\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2014-05-05 15:22 - 2014-05-05 15:22 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-05-05 15:22 - 2014-05-05 15:22 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-05-05 14:55 - 2014-05-05 15:00 - 323060176 _____ (Image-Line) C:\Users\Luca\Downloads\flstudio_11.1.exe
2014-05-05 14:50 - 2014-05-05 14:50 - 00033396 _____ () C:\Users\Luca\Downloads\Private eXploit Generator v11.zip
2014-05-05 14:50 - 2014-05-05 14:50 - 00033396 _____ () C:\Users\Luca\Downloads\Private eXploit Generator v11 (1).zip
2014-05-03 03:12 - 2014-05-03 03:12 - 00000000 ____D () C:\Users\Luca\Desktop\neue hacke
2014-05-03 02:37 - 2014-05-03 02:37 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\DropboxMaster
2014-04-28 15:55 - 2014-04-28 15:55 - 00001189 _____ () C:\Users\Luca\Desktop\The Elder Scrolls V Skyrim (2).lnk
2014-04-27 19:12 - 2014-04-27 19:12 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\Cloud Downloader - CHIP-Downloader.exe
2014-04-27 19:12 - 2014-04-27 19:12 - 00003172 _____ () C:\Windows\System32\Tasks\{D34DEE04-6854-467A-9CD6-7FA76AAFB58C}
2014-04-27 17:02 - 2014-04-27 17:02 - 00018727 _____ () C:\Users\Luca\AppData\Local\recently-used.xbel
2014-04-27 01:13 - 2014-04-27 01:13 - 00000000 ____D () C:\Users\Luca\AppData\Local\Ubisoft
2014-04-26 02:41 - 2014-04-26 02:41 - 00000446 __RSH () C:\ProgramData\ntuser.pol
2014-04-26 02:41 - 2014-04-26 02:41 - 00000000 ____D () C:\usb_driver
2014-04-24 20:06 - 2014-04-24 20:06 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2014-04-24 20:06 - 2014-04-24 20:06 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WinUSBCoInstaller.dll
2014-04-24 19:20 - 2014-04-24 19:20 - 02056192 _____ () C:\Users\Luca\Downloads\CMInstaller.msi
2014-04-24 03:57 - 2014-04-24 04:35 - 1689175370 _____ () C:\Users\Luca\Desktop\diablo take 2_x264.avi
2014-04-23 17:09 - 2014-04-23 17:09 - 00187454 _____ () C:\Users\Luca\Desktop\jhg.wav
2014-04-23 17:07 - 2014-04-23 17:07 - 01730814 _____ () C:\Users\Luca\Desktop\sorey.wav
2014-04-23 16:47 - 2014-04-23 16:47 - 00038589 _____ () C:\Users\Luca\Desktop\treetwonimmseinfach.camproj
2014-04-23 13:23 - 2014-04-23 13:23 - 00000000 ____D () C:\Users\Luca\AppData\Local\Blizzard
2014-04-23 13:13 - 2014-04-23 13:23 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-04-23 13:13 - 2014-04-23 13:13 - 00001157 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-04-23 13:13 - 2014-04-23 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-04-23 01:18 - 2014-04-23 01:18 - 00377992 _____ () C:\Users\Luca\Desktop\luv.xcf
2014-04-23 01:10 - 2014-04-23 01:10 - 00021452 _____ () C:\Users\Luca\Downloads\riesling.zip
2014-04-23 01:09 - 2014-04-23 01:09 - 00077675 _____ () C:\Users\Luca\Downloads\young_beautiful.zip
2014-04-23 01:09 - 2014-04-23 01:09 - 00028978 _____ () C:\Users\Luca\Downloads\mademoiselle_k.zip
2014-04-23 01:09 - 2014-04-23 01:09 - 00024871 _____ () C:\Users\Luca\Downloads\angelique_ma_douce_colombe.zip
2014-04-21 16:35 - 2014-04-21 16:35 - 00000043 _____ () C:\Users\Luca\Desktop\Neues Textdokument (2).txt
2014-04-20 01:02 - 2014-04-20 01:02 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shutdown4U
2014-04-20 01:02 - 2014-04-20 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutdown4U
2014-04-20 01:02 - 2014-04-20 01:02 - 00000000 ____D () C:\Program Files\Shutdown4U
2014-04-20 01:01 - 2014-04-20 01:01 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\Shutdown4U - CHIP-Downloader.exe
2014-04-19 22:12 - 2014-04-19 22:12 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\335.23-desktop-win8-win7-winvista-64bit-international-whql - CHIP-Downloader.exe
2014-04-15 21:08 - 2014-04-15 21:56 - 861531398 _____ () C:\Users\Luca\Downloads\l4d2_2013-patch_2.1.3.5_nosTEAM.exe
2014-04-15 21:04 - 2014-04-15 21:05 - 55094501 _____ () C:\Users\Luca\Downloads\l4d2_2013_nosTEAM.zip
2014-04-14 05:22 - 2014-04-14 05:22 - 00270478 _____ () C:\Users\Luca\Downloads\Water_Drop_by_SilverRose_Stock.zip
2014-04-14 05:02 - 2014-04-14 05:02 - 05679379 _____ () C:\Users\Luca\Downloads\lion_ornament_doorknobs_png_by_m10tje-d4hu6sq.rar
2014-04-14 04:49 - 2014-04-14 04:49 - 02969821 _____ () C:\Users\Luca\Desktop\Unbenannt.xcf
2014-04-14 04:48 - 2014-04-14 04:48 - 04444933 _____ () C:\Users\Luca\Downloads\GIMP_Arcane_Runes_Brushes_by_Project_GimpBC.zip
2014-04-14 04:41 - 2014-04-14 04:41 - 04366325 _____ () C:\Users\Luca\Downloads\GIMP_Arcane_Circles_Brushes_by_Project_GimpBC.zip
2014-04-14 04:28 - 2014-04-14 04:28 - 02194142 _____ () C:\Users\Luca\Downloads\photoshop_tech_brushes_by_fortelegy-d46q07z.zip
2014-04-14 04:27 - 2014-04-14 04:27 - 00459583 _____ () C:\Users\Luca\Downloads\Bullet_Holes_Brushes_by_redheadstock.zip
2014-04-13 01:17 - 2014-04-13 01:17 - 00533648 _____ () C:\Users\Luca\Downloads\HDvid-codec-Chrome (1).exe
2014-04-12 23:23 - 2014-05-05 14:34 - 00000000 ____D () C:\Users\Luca\AppData\Local\Spotify
2014-04-12 23:23 - 2014-04-12 23:23 - 00001785 _____ () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-04-12 23:22 - 2014-05-06 23:06 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Spotify
2014-04-12 23:22 - 2014-04-12 23:22 - 00126112 _____ (Spotify Ltd) C:\Users\Luca\Downloads\SpotifySetup.exe
2014-04-10 21:44 - 2014-04-10 21:44 - 00000000 _____ () C:\Users\Luca\Desktop\Neues Textdokument.txt
2014-04-09 23:39 - 2014-04-09 23:39 - 00068923 _____ () C:\Users\Luca\Desktop\payday5 unrendered.camproj
2014-04-09 22:16 - 2014-04-09 22:16 - 07074573 _____ () C:\Users\Luca\Desktop\diablo three wan (Frame 0_11_38;26).xcf
2014-04-09 20:55 - 2014-04-09 20:55 - 00086944 _____ () C:\Users\Luca\Downloads\ice_sticks.zip
2014-04-09 20:53 - 2014-04-09 20:53 - 00029718 _____ () C:\Users\Luca\Downloads\winterice.zip
2014-04-09 20:12 - 2014-04-09 20:13 - 31429160 _____ (Any-Video-Converter.com ) C:\Users\Luca\Downloads\avc-free (3).exe
2014-04-09 19:20 - 2014-04-09 19:20 - 00063487 _____ () C:\Users\Luca\Desktop\diablo three wan two.camproj
2014-04-09 19:20 - 2014-04-09 19:20 - 00020158 _____ () C:\Users\Luca\Desktop\diablo three wan two 4.camproj
2014-04-09 14:53 - 2014-04-09 14:53 - 00042969 _____ () C:\Users\Luca\Desktop\diablo three wan.camproj
2014-04-09 14:28 - 2014-04-09 14:29 - 24126958 _____ () C:\Users\Luca\Desktop\Diablo 3 Cinematic Trailer deutsch HD.avi
2014-04-09 14:21 - 2014-04-09 14:21 - 00636688 _____ () C:\Users\Luca\Downloads\FreeYouTubeDownload (1).exe

==================== One Month Modified Files and Folders =======

2014-05-08 16:44 - 2014-05-07 19:10 - 00016935 _____ () C:\Users\Luca\Downloads\FRST.txt
2014-05-08 16:43 - 2014-05-07 19:10 - 00000000 ____D () C:\FRST
2014-05-08 16:27 - 2013-09-12 18:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-08 16:26 - 2014-05-08 16:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-08 16:25 - 2014-05-08 16:25 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 16:24 - 2014-05-08 16:24 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-08 16:24 - 2014-05-08 16:24 - 00000000 ____D () C:\Users\Luca\Desktop\mbar
2014-05-08 16:24 - 2014-05-08 16:23 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Luca\Desktop\mbar-1.07.0.1009.exe
2014-05-08 16:05 - 2014-02-13 22:16 - 00000000 ____D () C:\Users\Luca\AppData\Local\DayZ
2014-05-08 16:05 - 2013-09-13 15:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-08 16:02 - 2014-01-04 01:39 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-08 14:02 - 2014-01-04 01:39 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-08 13:48 - 2014-03-22 17:21 - 00031758 _____ () C:\Windows\setupact.log
2014-05-08 13:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-08 13:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-08 13:28 - 2013-11-16 15:06 - 00000000 ___RD () C:\Users\Luca\Dropbox
2014-05-08 13:28 - 2013-11-16 15:01 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Dropbox
2014-05-08 13:27 - 2013-01-02 00:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-08 13:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-07 19:10 - 2014-05-06 14:02 - 00036600 _____ () C:\Users\Luca\Downloads\Addition.txt
2014-05-07 19:09 - 2014-05-07 19:09 - 02063872 _____ (Farbar) C:\Users\Luca\Downloads\FRST64.exe
2014-05-07 17:42 - 2013-01-01 23:38 - 00606284 _____ () C:\Windows\WindowsUpdate.log
2014-05-07 17:32 - 2014-05-07 17:31 - 00000374 _____ () C:\Users\Luca\Desktop\Neues Textdokument (3).txt
2014-05-07 17:32 - 2013-09-13 08:39 - 00230102 _____ () C:\Windows\PFRO.log
2014-05-07 14:48 - 2013-11-06 17:46 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2014-05-06 23:06 - 2014-04-12 23:22 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Spotify
2014-05-06 14:09 - 2014-05-06 14:09 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-06 14:09 - 2014-05-06 14:09 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-06 14:09 - 2014-05-06 14:09 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-06 14:09 - 2014-05-06 14:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-06 14:08 - 2014-05-06 14:07 - 24625644 _____ () C:\Users\Luca\Downloads\mse-install45.zip
2014-05-06 14:07 - 2014-05-06 14:07 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\Microsoft Security Essentials - CHIP-Downloader.exe
2014-05-06 13:54 - 2014-05-06 13:54 - 00000480 _____ () C:\Users\Luca\Downloads\defogger_disable.log
2014-05-06 13:49 - 2013-10-18 17:31 - 00000000 ____D () C:\Windows\Minidump
2014-05-06 13:49 - 2013-01-01 23:29 - 00304282 ____N () C:\Windows\Minidump\050614-19468-01.dmp
2014-05-06 13:48 - 2014-05-06 13:44 - 00000000 ____D () C:\Users\Luca\AppData\Local\lptmp1067569924
2014-05-06 13:48 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 13:47 - 2014-05-06 13:40 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Systweak
2014-05-06 13:45 - 2013-09-12 23:45 - 00000000 ____D () C:\Users\Luca\Desktop\Games
2014-05-06 13:45 - 2013-01-02 00:14 - 00000000 ____D () C:\Users\Luca\Desktop\Programme
2014-05-06 13:39 - 2014-05-06 13:40 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Luca\Downloads\ParetoLogic%20PC%20Health%20Advisor_de.exe
2014-05-06 13:39 - 2014-05-06 13:39 - 00641568 _____ () C:\Users\Luca\Downloads\download-pc-health-advisor.exe
2014-05-06 13:35 - 2014-05-06 13:35 - 00610769 _____ () C:\Users\Luca\Downloads\depends22_x86.zip
2014-05-06 00:00 - 2013-09-12 18:34 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Azureus
2014-05-05 19:43 - 2014-05-05 19:43 - 00001206 _____ () C:\Users\Luca\Desktop\CINEMA 4D Demo 64 Bit.lnk
2014-05-05 19:43 - 2014-05-05 19:42 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXON
2014-05-05 19:43 - 2013-12-09 15:50 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\MAXON
2014-05-05 19:37 - 2013-09-29 14:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-05 19:36 - 2014-01-15 14:10 - 00000000 ____D () C:\Program Files\MAXON
2014-05-05 17:29 - 2014-05-05 16:52 - 2958994837 _____ () C:\Users\Luca\Downloads\installer_r15_demo.zip
2014-05-05 17:06 - 2013-01-01 23:39 - 00000000 ___RD () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-05 16:58 - 2013-09-13 16:21 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-05 16:58 - 2013-09-12 18:47 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Adobe
2014-05-05 16:34 - 2013-09-14 02:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-05 16:15 - 2014-04-04 19:37 - 00000000 ____D () C:\Users\Luca\AppData\Local\Battle.net
2014-05-05 15:22 - 2014-05-05 15:22 - 00002040 _____ () C:\Users\Public\Desktop\FL Studio 11.lnk
2014-05-05 15:22 - 2014-05-05 15:22 - 00001138 _____ () C:\Users\Luca\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2014-05-05 15:22 - 2014-05-05 15:22 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-05-05 15:22 - 2014-05-05 15:22 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-05-05 15:21 - 2013-09-13 18:50 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-05-05 15:20 - 2013-11-06 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-05-05 15:20 - 2013-11-06 17:46 - 00000000 ____D () C:\Program Files\Image-Line
2014-05-05 15:20 - 2013-11-06 17:42 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-05-05 15:10 - 2013-09-18 19:11 - 00000000 ____D () C:\Users\Luca\Desktop\Aufnahme
2014-05-05 15:00 - 2014-05-05 14:55 - 323060176 _____ (Image-Line) C:\Users\Luca\Downloads\flstudio_11.1.exe
2014-05-05 14:50 - 2014-05-05 14:50 - 00033396 _____ () C:\Users\Luca\Downloads\Private eXploit Generator v11.zip
2014-05-05 14:50 - 2014-05-05 14:50 - 00033396 _____ () C:\Users\Luca\Downloads\Private eXploit Generator v11 (1).zip
2014-05-05 14:34 - 2014-04-12 23:23 - 00000000 ____D () C:\Users\Luca\AppData\Local\Spotify
2014-05-03 20:57 - 2013-11-10 02:24 - 00000000 ____D () C:\Users\Luca\Desktop\C4D,PS,AE
2014-05-03 16:26 - 2013-09-15 16:33 - 00000000 ____D () C:\Users\Luca\AppData\Local\CrashDumps
2014-05-03 16:25 - 2013-09-12 18:52 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Skype
2014-05-03 03:12 - 2014-05-03 03:12 - 00000000 ____D () C:\Users\Luca\Desktop\neue hacke
2014-05-03 02:37 - 2014-05-03 02:37 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\DropboxMaster
2014-05-03 02:36 - 2013-11-16 15:04 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-02 14:09 - 2014-04-04 19:37 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-30 13:57 - 2013-09-12 18:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-30 13:57 - 2013-09-12 18:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 13:57 - 2013-09-12 18:47 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-30 13:57 - 2013-09-12 18:46 - 00000000 ____D () C:\Users\Luca\AppData\Local\Adobe
2014-04-29 18:03 - 2013-10-26 23:12 - 00007600 _____ () C:\Users\Luca\AppData\Local\Resmon.ResmonCfg
2014-04-28 16:05 - 2014-01-01 19:21 - 00291760 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-04-28 16:05 - 2013-09-20 17:23 - 00291760 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-04-28 16:02 - 2014-01-01 19:21 - 00291488 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-04-28 15:55 - 2014-04-28 15:55 - 00001189 _____ () C:\Users\Luca\Desktop\The Elder Scrolls V Skyrim (2).lnk
2014-04-27 19:14 - 2014-03-20 16:09 - 00000000 ____D () C:\Users\Luca\Desktop\Luca´s music Playground
2014-04-27 19:12 - 2014-04-27 19:12 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\Cloud Downloader - CHIP-Downloader.exe
2014-04-27 19:12 - 2014-04-27 19:12 - 00003172 _____ () C:\Windows\System32\Tasks\{D34DEE04-6854-467A-9CD6-7FA76AAFB58C}
2014-04-27 17:47 - 2014-02-03 18:13 - 00000000 ____D () C:\Users\Luca\.gimp-2.8
2014-04-27 17:44 - 2013-11-30 17:45 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\.technic
2014-04-27 17:02 - 2014-04-27 17:02 - 00018727 _____ () C:\Users\Luca\AppData\Local\recently-used.xbel
2014-04-27 02:17 - 2014-02-03 18:31 - 00000000 ____D () C:\Users\Luca\AppData\Local\gtk-2.0
2014-04-27 01:15 - 2013-09-20 17:23 - 00000000 ____D () C:\Users\Luca\AppData\Local\PunkBuster
2014-04-27 01:13 - 2014-04-27 01:13 - 00000000 ____D () C:\Users\Luca\AppData\Local\Ubisoft
2014-04-27 01:13 - 2013-09-20 17:22 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-04-26 19:55 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-04-26 18:04 - 2013-10-26 15:15 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-26 02:41 - 2014-04-26 02:41 - 00000446 __RSH () C:\ProgramData\ntuser.pol
2014-04-26 02:41 - 2014-04-26 02:41 - 00000000 ____D () C:\usb_driver
2014-04-26 02:41 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-25 22:03 - 2013-01-01 23:29 - 00304354 ____N () C:\Windows\Minidump\042514-11107-01.dmp
2014-04-25 14:49 - 2014-05-06 13:40 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-04-24 20:58 - 2013-12-23 22:36 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\TS3Client
2014-04-24 20:06 - 2014-04-24 20:06 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2014-04-24 20:06 - 2014-04-24 20:06 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WinUSBCoInstaller.dll
2014-04-24 20:05 - 2013-01-01 23:38 - 00000000 ____D () C:\Users\Luca
2014-04-24 19:20 - 2014-04-24 19:20 - 02056192 _____ () C:\Users\Luca\Downloads\CMInstaller.msi
2014-04-24 04:35 - 2014-04-24 03:57 - 1689175370 _____ () C:\Users\Luca\Desktop\diablo take 2_x264.avi
2014-04-23 17:09 - 2014-04-23 17:09 - 00187454 _____ () C:\Users\Luca\Desktop\jhg.wav
2014-04-23 17:07 - 2014-04-23 17:07 - 01730814 _____ () C:\Users\Luca\Desktop\sorey.wav
2014-04-23 16:47 - 2014-04-23 16:47 - 00038589 _____ () C:\Users\Luca\Desktop\treetwonimmseinfach.camproj
2014-04-23 13:23 - 2014-04-23 13:23 - 00000000 ____D () C:\Users\Luca\AppData\Local\Blizzard
2014-04-23 13:23 - 2014-04-23 13:13 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-04-23 13:13 - 2014-04-23 13:13 - 00001157 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-04-23 13:13 - 2014-04-23 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-04-23 13:05 - 2014-03-23 13:01 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-23 13:05 - 2009-07-14 06:45 - 05064080 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-23 02:35 - 2013-01-02 00:13 - 00095896 _____ () C:\Users\Luca\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-23 01:18 - 2014-04-23 01:18 - 00377992 _____ () C:\Users\Luca\Desktop\luv.xcf
2014-04-23 01:10 - 2014-04-23 01:10 - 00021452 _____ () C:\Users\Luca\Downloads\riesling.zip
2014-04-23 01:09 - 2014-04-23 01:09 - 00077675 _____ () C:\Users\Luca\Downloads\young_beautiful.zip
2014-04-23 01:09 - 2014-04-23 01:09 - 00028978 _____ () C:\Users\Luca\Downloads\mademoiselle_k.zip
2014-04-23 01:09 - 2014-04-23 01:09 - 00024871 _____ () C:\Users\Luca\Downloads\angelique_ma_douce_colombe.zip
2014-04-22 20:39 - 2014-02-06 21:41 - 02346942 _____ () C:\Users\Luca\Downloads\TechnicLauncher.exe
2014-04-22 16:32 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-04-22 16:32 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-04-22 16:32 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-21 16:35 - 2014-04-21 16:35 - 00000043 _____ () C:\Users\Luca\Desktop\Neues Textdokument (2).txt
2014-04-20 01:02 - 2014-04-20 01:02 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shutdown4U
2014-04-20 01:02 - 2014-04-20 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutdown4U
2014-04-20 01:02 - 2014-04-20 01:02 - 00000000 ____D () C:\Program Files\Shutdown4U
2014-04-20 01:01 - 2014-04-20 01:01 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\Shutdown4U - CHIP-Downloader.exe
2014-04-19 22:12 - 2014-04-19 22:12 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\335.23-desktop-win8-win7-winvista-64bit-international-whql - CHIP-Downloader.exe
2014-04-18 03:25 - 2013-01-01 23:29 - 00304474 ____N () C:\Windows\Minidump\041814-12152-01.dmp
2014-04-17 14:11 - 2013-09-12 18:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-15 21:56 - 2014-04-15 21:08 - 861531398 _____ () C:\Users\Luca\Downloads\l4d2_2013-patch_2.1.3.5_nosTEAM.exe
2014-04-15 21:05 - 2014-04-15 21:04 - 55094501 _____ () C:\Users\Luca\Downloads\l4d2_2013_nosTEAM.zip
2014-04-14 05:28 - 2014-04-01 00:31 - 00692376 _____ () C:\Users\Luca\Desktop\hardcorenminimal.xcf
2014-04-14 05:22 - 2014-04-14 05:22 - 00270478 _____ () C:\Users\Luca\Downloads\Water_Drop_by_SilverRose_Stock.zip
2014-04-14 05:02 - 2014-04-14 05:02 - 05679379 _____ () C:\Users\Luca\Downloads\lion_ornament_doorknobs_png_by_m10tje-d4hu6sq.rar
2014-04-14 04:49 - 2014-04-14 04:49 - 02969821 _____ () C:\Users\Luca\Desktop\Unbenannt.xcf
2014-04-14 04:48 - 2014-04-14 04:48 - 04444933 _____ () C:\Users\Luca\Downloads\GIMP_Arcane_Runes_Brushes_by_Project_GimpBC.zip
2014-04-14 04:41 - 2014-04-14 04:41 - 04366325 _____ () C:\Users\Luca\Downloads\GIMP_Arcane_Circles_Brushes_by_Project_GimpBC.zip
2014-04-14 04:28 - 2014-04-14 04:28 - 02194142 _____ () C:\Users\Luca\Downloads\photoshop_tech_brushes_by_fortelegy-d46q07z.zip
2014-04-14 04:27 - 2014-04-14 04:27 - 00459583 _____ () C:\Users\Luca\Downloads\Bullet_Holes_Brushes_by_redheadstock.zip
2014-04-13 04:37 - 2014-04-04 19:54 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-04-13 01:17 - 2014-04-13 01:17 - 00533648 _____ () C:\Users\Luca\Downloads\HDvid-codec-Chrome (1).exe
2014-04-12 23:23 - 2014-04-12 23:23 - 00001785 _____ () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-04-12 23:22 - 2014-04-12 23:22 - 00126112 _____ (Spotify Ltd) C:\Users\Luca\Downloads\SpotifySetup.exe
2014-04-11 11:27 - 2014-04-06 01:38 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-10 21:44 - 2014-04-10 21:44 - 00000000 _____ () C:\Users\Luca\Desktop\Neues Textdokument.txt
2014-04-09 23:39 - 2014-04-09 23:39 - 00068923 _____ () C:\Users\Luca\Desktop\payday5 unrendered.camproj
2014-04-09 22:16 - 2014-04-09 22:16 - 07074573 _____ () C:\Users\Luca\Desktop\diablo three wan (Frame 0_11_38;26).xcf
2014-04-09 21:18 - 2013-10-05 20:41 - 00000000 ____D () C:\Games
2014-04-09 21:18 - 2013-09-17 17:42 - 00000000 ____D () C:\Users\Luca\Documents\My Games
2014-04-09 20:55 - 2014-04-09 20:55 - 00086944 _____ () C:\Users\Luca\Downloads\ice_sticks.zip
2014-04-09 20:53 - 2014-04-09 20:53 - 00029718 _____ () C:\Users\Luca\Downloads\winterice.zip
2014-04-09 20:13 - 2014-04-09 20:12 - 31429160 _____ (Any-Video-Converter.com ) C:\Users\Luca\Downloads\avc-free (3).exe
2014-04-09 19:20 - 2014-04-09 19:20 - 00063487 _____ () C:\Users\Luca\Desktop\diablo three wan two.camproj
2014-04-09 19:20 - 2014-04-09 19:20 - 00020158 _____ () C:\Users\Luca\Desktop\diablo three wan two 4.camproj
2014-04-09 14:53 - 2014-04-09 14:53 - 00042969 _____ () C:\Users\Luca\Desktop\diablo three wan.camproj
2014-04-09 14:29 - 2014-04-09 14:28 - 24126958 _____ () C:\Users\Luca\Desktop\Diablo 3 Cinematic Trailer deutsch HD.avi
2014-04-09 14:25 - 2013-11-10 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-04-09 14:25 - 2013-11-10 02:04 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-09 14:25 - 2013-10-09 15:26 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\DVDVideoSoft
2014-04-09 14:21 - 2014-04-09 14:21 - 00636688 _____ () C:\Users\Luca\Downloads\FreeYouTubeDownload (1).exe

Some content of TEMP:
====================
C:\Users\Luca\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsmm3l7.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2013-01-01 23:42] - [2011-02-25 08:36] - 0295296 ____A (Microsoft Corporation) C9D0EAF58D6BA71E128E715EA43AD87D



LastRegBack: 2014-05-01 14:43

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


hoffe das is alles

Alt 09.05.2014, 13:43   #10
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. - Standard

Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang.



So gehts weiter...

Schritt 1
Aktualisiere die Datenbanken und mach bitte einen Quickscan mit Malwarebytes Antimalware.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben.
Poste mir den Inhalt der Logdatei.

Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 12.05.2014, 22:51   #11
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. - Standard

Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang.



Hi,

ich hab schon länger keine Antwort mehr von Dir erhalten. Brauchst Du noch Hilfe?

Hinweis: Sollte ich die nächsten 24h keine Nachricht von Dir bekommen, lösche ich das Thema aus meinen Abos und werde daher über Änderungen oder Beiträge nicht weiter informiert. Wenn Du weitermachen möchtest, schreib mir dann einfach eine PM.

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 16.05.2014, 18:13   #12
HC4L!
 
Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. - Standard

Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang.



ich kann leider für ca einn jahr nicht an meinen pc da ich in kanada bin. es tut mir leid dass ich deine/ihre hilfe nicht mehr beanspruchen kann. aber trotzdem danke bis hierhin. warscheinlich wird der thread geschlossen. also sag ich mal auf nimmerwiedersehen :´(

Antwort

Themen zu Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang.
administrator, ahnung, anti-malware, aufeinmal, avast, avast free antivirus, bootvorgang, brauch, fehler, fehler beim laden des moduls, forum, frage, geblockt, gruppenrichtlinie, kaputt, laden, malwarebyte startet nicht, malwarebytes, meldung, neu, probleme, regsvr32, regsvr32 fehler beim laden des moduls, seitdem, start, starte, starten, warscheinlich, win, win7



Ähnliche Themen: Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang.


  1. Nach Malwarebytes Anti-Malware Programm spinnt mein Pc
    Mülltonne - 05.06.2015 (5)
  2. Verständnis Frage; Malwarebytes Anti-Malware vs. Malwarebytes Anti-Rootkit
    Antiviren-, Firewall- und andere Schutzprogramme - 21.12.2014 (3)
  3. Windows Vista: Anti-Vir lässt sich nicht mehr starten - geblockt durch Gruppenrichtlinie
    Log-Analyse und Auswertung - 22.08.2014 (11)
  4. Avast wurde durch eine Gruppenrichtlinie geblockt
    Plagegeister aller Art und deren Bekämpfung - 01.06.2014 (9)
  5. Win32 Dropper Gen Meldung von Avast, aber kein Fund durch Malwarebytes Anti-Rootkit
    Antiviren-, Firewall- und andere Schutzprogramme - 01.06.2014 (14)
  6. PUP Funde nach Scan mit Malwarebytes Anti-Malware
    Plagegeister aller Art und deren Bekämpfung - 25.04.2014 (15)
  7. Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware
    Log-Analyse und Auswertung - 19.03.2014 (11)
  8. Malwarebytes Anti-Malware angesprungen + wgsdgsdgdsgsd.dll Fehlermeldung nach Start
    Plagegeister aller Art und deren Bekämpfung - 16.12.2013 (9)
  9. 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware Scan
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (43)
  10. Malwarebytes Anti-Malware und Avast!
    Antiviren-, Firewall- und andere Schutzprogramme - 03.08.2012 (4)
  11. Logfile nach Scan mit Malwarebytes Anti-Malware
    Log-Analyse und Auswertung - 27.07.2012 (1)
  12. Maus hängt nach nach Bereinigung mit Anti-Malware von Malwarebytes
    Plagegeister aller Art und deren Bekämpfung - 17.03.2011 (9)
  13. Malwarebytes Anti-Malware bleibt nach 18 Minuten hängen
    Plagegeister aller Art und deren Bekämpfung - 08.03.2011 (17)
  14. Bluescreen nach Scannlauf (mit Malwarebytes' Anti-Malware) und Neustatart
    Plagegeister aller Art und deren Bekämpfung - 09.01.2011 (41)
  15. Antimalware Doctor nach Malwarebytes Anti Malware Durchlauf noch da
    Log-Analyse und Auswertung - 03.10.2010 (1)
  16. Malwarebytes-Anti-Malware stoppt beim Scannen bereits nach 7 Sekunden
    Plagegeister aller Art und deren Bekämpfung - 03.12.2009 (7)
  17. Laptop auch infiziert, Logfile nach Malwarebytes Anti Malware
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (9)

Zum Thema Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. - Hallo erstmal, Ich weiß gar nicht ob sie es schon... ach lassen wir das :P Mein Name ist Luca und Luca hat ein Problem. Ich bin volkommen neu hier und - Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang....
Archiv
Du betrachtest: Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.