Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win7: auf dem USB-Stick sind nur Verknüpfungen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.05.2014, 04:31   #1
Mimify
 
Win7: auf dem USB-Stick sind nur Verknüpfungen - Standard

Win7: auf dem USB-Stick sind nur Verknüpfungen



Hallo an alle Trojaner-Forum-User,

folgendes Problem liegt derzeit vor: Wenn ich Daten auf meinen USB-Stick spiele, werden diese als versteckt angezeigt und es bleiben nur noch jeweilige Verknüpfungen vorhanden.
Da ich dachte, dass der Stick defekt sei, habe ich es noch mit einem anderen Stick probiert und dort auch das gleiche Schicksal.
Sensible Daten sind nicht darauf, es muss also nichts gerettet werden.
Ich hoffe, dass ich vor einer Neuinstallation wegkomme und Sie mir helfen können.

Mit freundlichem Gruß

Alt 10.05.2014, 11:30   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: auf dem USB-Stick sind nur Verknüpfungen - Standard

Win7: auf dem USB-Stick sind nur Verknüpfungen



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 10.05.2014, 15:00   #3
Mimify
 
Win7: auf dem USB-Stick sind nur Verknüpfungen - Standard

Win7: auf dem USB-Stick sind nur Verknüpfungen



Hier die FRST.txt , eine Addition.txt wurde NICHt erstellt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-05-2014
Ran by Robin (administrator) on ROBIN-PC on 10-05-2014 14:58:59
Running from C:\Users\Robin\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Spotify Ltd) C:\Users\Robin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
() C:\Users\Robin\AppData\Local\Temp\sys32.exe
() C:\Users\Robin\AppData\Local\Temp\sys32.exe
() C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e58d25491ede6e4712a12d9e905cf881.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [6900024 2012-07-24] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [mahzhxajyl] => wscript.exe //B "C:\Users\Robin\AppData\Local\Temp\mahzhxajyl.vbs" <===== ATTENTION
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mahzhxajyl] => wscript.exe //B "C:\Users\Robin\AppData\Local\Temp\mahzhxajyl.vbs"
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [e58d25491ede6e4712a12d9e905cf881] => C:\Users\Robin\AppData\Local\Temp\sys32.exe [359936 2014-04-23] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2158350223-1854945034-3427891744-1000\...\Run: [Spotify Web Helper] => C:\Users\Robin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd)
HKU\S-1-5-21-2158350223-1854945034-3427891744-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-2158350223-1854945034-3427891744-1000\...\Run: [mahzhxajyl] => wscript.exe //B "C:\Users\Robin\AppData\Local\Temp\mahzhxajyl.vbs" <===== ATTENTION
HKU\S-1-5-21-2158350223-1854945034-3427891744-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2990304 2013-10-30] (Nota Inc.)
HKU\S-1-5-21-2158350223-1854945034-3427891744-1000\...\Run: [e58d25491ede6e4712a12d9e905cf881] => C:\Users\Robin\AppData\Local\Temp\sys32.exe [359936 2014-04-23] () <===== ATTENTION
HKU\S-1-5-21-2158350223-1854945034-3427891744-1000\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [252928 2014-04-15] (SteelSeries ApS)
HKU\S-1-5-21-2158350223-1854945034-3427891744-1000\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
Startup: C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e58d25491ede6e4712a12d9e905cf881.exe ()
Startup: C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mahzhxajyl.vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5E70D5DE4F1CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\y41pn33c.default-1387541652877
FF NetworkProxy: "autoconfig_url", "https://secure.premiumize.me/0484dffb82b4fdef9ececfc62892164e/proxy.pac"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\y41pn33c.default-1387541652877\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-12-20]
FF Extension: Premiumize.me - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\y41pn33c.default-1387541652877\Extensions\jid1-sirVJT0BXhkuJg@jetpack.xpi [2014-01-30]
FF Extension: Adblock Plus - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\y41pn33c.default-1387541652877\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-20]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]

Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://www.google.de/", "hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-103&v=a12281-163&t=4"
CHR Extension: (Google Docs) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-06]
CHR Extension: (Google Drive) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-06]
CHR Extension: (YouTube) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-06]
CHR Extension: (Adblock Plus) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-06]
CHR Extension: (Google-Suche) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-06]
CHR Extension: (backgroundPage) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-04-06]
CHR Extension: (Hola Better Internet) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbfmioobedknooiakdehepogalbgkng [2014-05-08]
CHR Extension: (Hola Besseres Internet) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-05-08]
CHR Extension: (Easy Video Downloader Express) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhngkkanpholdfbacchlhaihmdpdanaf [2014-05-08]
CHR Extension: (Dropbox) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-04-06]
CHR Extension: (Streamus™ (Beta!)) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnkffmindojffecdhbbmekbmkkfpmjd [2014-05-08]
CHR Extension: (Premiumize.me) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojbjecfjcnaledoelddkcjlifhhfebm [2014-05-08]
CHR Extension: (Google Wallet) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-06]
CHR Extension: (Google Mail) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-06]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-02-06] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2014-01-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617352 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20542408 2014-04-02] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-09-02] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R0 ESLWireAC; C:\Windows\System32\drivers\ESLWireACD.sys [184968 2014-04-18] (<Turtle Entertainment>)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-10] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-11-15] (Razer Inc)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
S3 CV2K1; system32\DRIVERS\cv2k1.sys [X]
S3 ESEADriver2; \??\C:\Users\Robin\AppData\Local\Temp\ESEADriver2.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-10 14:58 - 2014-05-10 14:58 - 00000000 _____ () C:\Users\Robin\Desktop\FRST.txt
2014-05-10 14:58 - 2014-05-10 14:55 - 02065408 _____ (Farbar) C:\Users\Robin\Desktop\FRST64.exe
2014-05-10 14:55 - 2014-05-10 14:55 - 00000000 ____D () C:\Users\Robin\Downloads\FRST-OlderVersion
2014-05-10 04:14 - 2014-05-10 04:17 - 00034205 _____ () C:\Users\Robin\Downloads\Addition.txt
2014-05-10 04:13 - 2014-05-10 14:58 - 00000000 ____D () C:\FRST
2014-05-10 04:13 - 2014-05-10 14:57 - 00045117 _____ () C:\Users\Robin\Downloads\FRST.txt
2014-05-10 04:07 - 2014-05-10 14:55 - 02065408 _____ (Farbar) C:\Users\Robin\Downloads\FRST64.exe
2014-05-10 03:33 - 2014-05-10 03:33 - 01016261 _____ (Thisisu) C:\Users\Robin\Downloads\JRT.exe
2014-05-10 03:33 - 2014-05-10 03:33 - 00000000 ____D () C:\Windows\ERUNT
2014-05-10 03:16 - 2014-05-10 03:16 - 00855379 _____ () C:\Users\Robin\Downloads\SecurityCheck.exe
2014-05-10 01:02 - 2014-05-10 01:02 - 02347384 _____ (ESET) C:\Users\Robin\Downloads\esetsmartinstaller_deu.exe
2014-05-10 00:54 - 2014-05-10 00:54 - 00000000 ____D () C:\PPFS_TOOLS
2014-05-10 00:02 - 2014-05-10 00:02 - 00896213 _____ () C:\Users\Robin\Downloads\nw_18693_albumartdownloaderxu.exe
2014-05-09 23:37 - 2014-05-10 00:54 - 00000000 ____D () C:\PPF_Scan1
2014-05-09 23:36 - 2014-05-10 00:54 - 00000000 ____D () C:\Users\Robin\Desktop\asdasd
2014-05-09 23:36 - 2014-05-09 23:36 - 07876956 _____ () C:\Users\Robin\Downloads\PPFScan.zip
2014-05-09 20:37 - 2014-05-09 20:38 - 00287736 _____ () C:\Windows\Minidump\050914-18158-01.dmp
2014-05-09 20:02 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-09 20:02 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-09 20:02 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-09 20:02 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-09 20:00 - 2014-05-09 20:02 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-09 19:43 - 2014-05-09 19:43 - 00287160 _____ () C:\Windows\Minidump\050914-20560-01.dmp
2014-05-09 19:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-09 18:55 - 2014-05-09 18:55 - 00016617 _____ () C:\Users\Robin\Downloads\Relationenschema_WebDbs.odt
2014-05-09 18:53 - 2014-05-09 18:53 - 00016318 _____ () C:\Users\Robin\Downloads\SQL-Befehle.odt
2014-05-09 18:50 - 2014-05-10 03:57 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 18:49 - 2014-05-09 18:49 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Robin\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-09 18:49 - 2014-05-09 18:49 - 01316991 _____ () C:\Users\Robin\Downloads\adwcleaner.exe
2014-05-09 18:49 - 2014-05-09 18:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 04:18 - 2014-05-09 04:45 - 00000000 ____D () C:\Users\Robin\Desktop\K.I.Z. - TriebTaetaz verschollene Hits
2014-05-09 04:02 - 2014-05-09 04:05 - 686616252 _____ () C:\Users\Robin\Downloads\ZIK_Comp.rar
2014-05-09 03:56 - 2014-05-09 04:04 - 116221190 _____ () C:\Users\Robin\Downloads\Cro - Raop+5 (Premium Edition) (2013).zip
2014-05-09 01:26 - 2014-05-10 00:04 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\MiniLyrics
2014-05-09 01:26 - 2014-05-10 00:04 - 00000000 ____D () C:\Lyrics
2014-05-09 01:26 - 2014-05-09 01:26 - 00000000 ____D () C:\Program Files (x86)\MiniLyrics
2014-05-09 01:07 - 2014-05-09 01:07 - 00290888 _____ () C:\Windows\Minidump\050914-26161-01.dmp
2014-05-08 23:14 - 2014-05-09 18:40 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\MusicBee
2014-05-08 23:14 - 2014-05-08 23:14 - 00001011 _____ () C:\Users\Robin\Desktop\MusicBee.lnk
2014-05-08 23:14 - 2014-05-08 23:14 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MusicBee
2014-05-08 23:14 - 2014-05-08 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBee
2014-05-08 23:14 - 2014-05-08 23:14 - 00000000 ____D () C:\Program Files (x86)\MusicBee
2014-05-08 22:38 - 2014-04-14 10:12 - 00000000 ____D () C:\Users\Robin\Desktop\bravo hits 84 - echte tracklist
2014-05-08 22:31 - 2014-05-08 23:01 - 00000000 ____D () C:\Users\Robin\Desktop\Bravo Hits 85 (OV) (2014)
2014-05-08 21:52 - 2014-05-08 23:16 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\MediaMonkey
2014-05-08 21:52 - 2014-05-08 21:52 - 00000000 ____D () C:\Users\Robin\AppData\Local\MediaMonkey
2014-05-08 17:23 - 2014-05-08 17:23 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-07 19:59 - 2014-05-07 19:59 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Wireshark
2014-05-04 16:59 - 2014-05-08 17:36 - 00000113 _____ () C:\Users\Robin\Desktop\Ips von mimi und co.txt
2014-05-04 16:46 - 2014-05-04 16:48 - 00000000 ____D () C:\Program Files (x86)\Wireshark
2014-05-04 16:46 - 2014-05-04 16:46 - 00001742 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-05-04 16:46 - 2014-05-04 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-05-04 16:46 - 2014-05-04 16:46 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-05-02 16:29 - 2014-05-03 00:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-28 17:08 - 2014-04-28 17:08 - 00000000 ____D () C:\ProgramData\Razer
2014-04-23 15:00 - 2014-04-23 15:00 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzendpt_01009.Wdf
2014-04-23 14:59 - 2014-04-28 17:08 - 00090888 _____ () C:\Windows\DPINST.LOG
2014-04-23 14:59 - 2014-04-23 14:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2014-04-23 14:28 - 2014-04-28 17:08 - 00000000 ____D () C:\Users\Robin\AppData\Local\Razer
2014-04-23 14:24 - 2014-04-28 17:08 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-04-22 01:04 - 2014-04-22 01:04 - 00000219 _____ () C:\Users\Robin\Desktop\Counter-Strike Global Offensive.url
2014-04-22 01:04 - 2014-04-22 01:04 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-18 17:47 - 2014-05-09 19:46 - 00000000 ____D () C:\Users\Robin\AppData\Local\ESL Wire Game Client
2014-04-18 17:47 - 2014-05-09 17:06 - 00000000 ____D () C:\Users\Robin\Documents\ESL Match Media
2014-04-18 17:47 - 2014-04-24 16:44 - 00000823 _____ () C:\Users\Public\Desktop\ESL Wire.lnk
2014-04-18 17:47 - 2014-04-18 17:47 - 00184968 _____ (<Turtle Entertainment>) C:\Windows\system32\Drivers\ESLWireACD.sys
2014-04-18 17:47 - 2014-04-18 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
2014-04-18 17:47 - 2014-04-18 17:47 - 00000000 ____D () C:\ProgramData\ESL Wire
2014-04-11 20:44 - 2014-05-09 20:35 - 00000000 ____D () C:\AdwCleaner
2014-04-11 16:24 - 2014-04-11 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-11 16:24 - 2014-04-11 16:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-11 16:24 - 2014-04-11 16:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-11 00:39 - 2014-04-11 05:45 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\NetSpeedMonitor
2014-04-11 00:37 - 2014-04-11 00:37 - 00000000 ____D () C:\Program Files\NetSpeedMonitor
2014-04-10 22:21 - 2013-08-24 15:54 - 13339944 _____ () C:\Users\Robin\Desktop\Css WH .exe
2014-04-10 15:55 - 2014-04-10 15:55 - 00000000 ____D () C:\Users\Robin\AppData\Local\psynetic-imageconverter
2014-04-10 15:55 - 2014-04-10 15:55 - 00000000 ____D () C:\Program Files (x86)\psynetic
2014-04-10 15:54 - 2014-04-10 16:00 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Opera Software
2014-04-10 15:54 - 2014-04-10 16:00 - 00000000 ____D () C:\Users\Robin\AppData\Local\Opera Software
2014-04-10 15:53 - 2014-04-10 16:00 - 00000000 ____D () C:\Program Files (x86)\Opera

==================== One Month Modified Files and Folders =======

2014-05-10 14:58 - 2014-05-10 14:58 - 00000000 _____ () C:\Users\Robin\Desktop\FRST.txt
2014-05-10 14:58 - 2014-05-10 04:13 - 00000000 ____D () C:\FRST
2014-05-10 14:57 - 2014-05-10 04:13 - 00045117 _____ () C:\Users\Robin\Downloads\FRST.txt
2014-05-10 14:55 - 2014-05-10 14:58 - 02065408 _____ (Farbar) C:\Users\Robin\Desktop\FRST64.exe
2014-05-10 14:55 - 2014-05-10 14:55 - 00000000 ____D () C:\Users\Robin\Downloads\FRST-OlderVersion
2014-05-10 14:55 - 2014-05-10 04:07 - 02065408 _____ (Farbar) C:\Users\Robin\Downloads\FRST64.exe
2014-05-10 14:44 - 2012-09-28 17:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-10 14:31 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-10 14:31 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-10 14:26 - 2014-04-06 14:04 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-10 14:23 - 2013-04-30 16:14 - 00033650 _____ () C:\Windows\setupact.log
2014-05-10 14:23 - 2012-09-28 17:31 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-10 14:23 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-10 04:41 - 2012-11-24 21:27 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Spotify
2014-05-10 04:41 - 2012-09-28 17:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-10 04:17 - 2014-05-10 04:14 - 00034205 _____ () C:\Users\Robin\Downloads\Addition.txt
2014-05-10 04:15 - 2014-04-06 14:04 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-10 03:57 - 2014-05-09 18:50 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-10 03:57 - 2013-11-08 22:40 - 00000000 ____D () C:\Users\Robin\AppData\Local\TSVNCache
2014-05-10 03:33 - 2014-05-10 03:33 - 01016261 _____ (Thisisu) C:\Users\Robin\Downloads\JRT.exe
2014-05-10 03:33 - 2014-05-10 03:33 - 00000000 ____D () C:\Windows\ERUNT
2014-05-10 03:16 - 2014-05-10 03:16 - 00855379 _____ () C:\Users\Robin\Downloads\SecurityCheck.exe
2014-05-10 01:02 - 2014-05-10 01:02 - 02347384 _____ (ESET) C:\Users\Robin\Downloads\esetsmartinstaller_deu.exe
2014-05-10 00:54 - 2014-05-10 00:54 - 00000000 ____D () C:\PPFS_TOOLS
2014-05-10 00:54 - 2014-05-09 23:37 - 00000000 ____D () C:\PPF_Scan1
2014-05-10 00:54 - 2014-05-09 23:36 - 00000000 ____D () C:\Users\Robin\Desktop\asdasd
2014-05-10 00:18 - 2012-11-24 21:27 - 00000000 ____D () C:\Users\Robin\AppData\Local\Spotify
2014-05-10 00:04 - 2014-05-09 01:26 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\MiniLyrics
2014-05-10 00:04 - 2014-05-09 01:26 - 00000000 ____D () C:\Lyrics
2014-05-10 00:02 - 2014-05-10 00:02 - 00896213 _____ () C:\Users\Robin\Downloads\nw_18693_albumartdownloaderxu.exe
2014-05-09 23:36 - 2014-05-09 23:36 - 07876956 _____ () C:\Users\Robin\Downloads\PPFScan.zip
2014-05-09 23:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-09 20:38 - 2014-05-09 20:37 - 00287736 _____ () C:\Windows\Minidump\050914-18158-01.dmp
2014-05-09 20:37 - 2013-10-23 19:44 - 00000000 ____D () C:\Windows\Minidump
2014-05-09 20:37 - 2013-10-23 19:43 - 570190047 _____ () C:\Windows\MEMORY.DMP
2014-05-09 20:35 - 2014-04-11 20:44 - 00000000 ____D () C:\AdwCleaner
2014-05-09 20:02 - 2014-05-09 20:00 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-09 20:02 - 2013-10-19 13:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-09 20:02 - 2012-10-01 21:06 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-09 19:46 - 2014-04-18 17:47 - 00000000 ____D () C:\Users\Robin\AppData\Local\ESL Wire Game Client
2014-05-09 19:43 - 2014-05-09 19:43 - 00287160 _____ () C:\Windows\Minidump\050914-20560-01.dmp
2014-05-09 19:34 - 2012-09-28 17:32 - 00191562 _____ () C:\Windows\PFRO.log
2014-05-09 19:32 - 2013-10-26 01:26 - 00000000 ____D () C:\Users\Robin\AppData\Local\Battle.net
2014-05-09 18:55 - 2014-05-09 18:55 - 00016617 _____ () C:\Users\Robin\Downloads\Relationenschema_WebDbs.odt
2014-05-09 18:53 - 2014-05-09 18:53 - 00016318 _____ () C:\Users\Robin\Downloads\SQL-Befehle.odt
2014-05-09 18:53 - 2009-07-14 19:58 - 00696132 _____ () C:\Windows\system32\perfh007.dat
2014-05-09 18:53 - 2009-07-14 19:58 - 00147428 _____ () C:\Windows\system32\perfc007.dat
2014-05-09 18:53 - 2009-07-14 07:13 - 01611160 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-09 18:49 - 2014-05-09 18:49 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Robin\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-09 18:49 - 2014-05-09 18:49 - 01316991 _____ () C:\Users\Robin\Downloads\adwcleaner.exe
2014-05-09 18:49 - 2014-05-09 18:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 18:40 - 2014-05-08 23:14 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\MusicBee
2014-05-09 17:06 - 2014-04-18 17:47 - 00000000 ____D () C:\Users\Robin\Documents\ESL Match Media
2014-05-09 06:10 - 2014-04-06 14:04 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 06:10 - 2014-04-06 14:04 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 04:45 - 2014-05-09 04:18 - 00000000 ____D () C:\Users\Robin\Desktop\K.I.Z. - TriebTaetaz verschollene Hits
2014-05-09 04:05 - 2014-05-09 04:02 - 686616252 _____ () C:\Users\Robin\Downloads\ZIK_Comp.rar
2014-05-09 04:04 - 2014-05-09 03:56 - 116221190 _____ () C:\Users\Robin\Downloads\Cro - Raop+5 (Premium Edition) (2013).zip
2014-05-09 03:39 - 2012-09-28 23:31 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\vlc
2014-05-09 02:14 - 2014-01-30 03:40 - 00000000 ____D () C:\Users\Robin\AppData\Local\JDownloader v2.0
2014-05-09 01:26 - 2014-05-09 01:26 - 00000000 ____D () C:\Program Files (x86)\MiniLyrics
2014-05-09 01:07 - 2014-05-09 01:07 - 00290888 _____ () C:\Windows\Minidump\050914-26161-01.dmp
2014-05-09 01:06 - 2012-10-30 14:36 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Skype
2014-05-08 23:16 - 2014-05-08 21:52 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\MediaMonkey
2014-05-08 23:14 - 2014-05-08 23:14 - 00001011 _____ () C:\Users\Robin\Desktop\MusicBee.lnk
2014-05-08 23:14 - 2014-05-08 23:14 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MusicBee
2014-05-08 23:14 - 2014-05-08 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBee
2014-05-08 23:14 - 2014-05-08 23:14 - 00000000 ____D () C:\Program Files (x86)\MusicBee
2014-05-08 23:01 - 2014-05-08 22:31 - 00000000 ____D () C:\Users\Robin\Desktop\Bravo Hits 85 (OV) (2014)
2014-05-08 21:52 - 2014-05-08 21:52 - 00000000 ____D () C:\Users\Robin\AppData\Local\MediaMonkey
2014-05-08 21:31 - 2013-12-24 16:34 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-08 19:23 - 2014-03-03 12:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-08 17:36 - 2014-05-04 16:59 - 00000113 _____ () C:\Users\Robin\Desktop\Ips von mimi und co.txt
2014-05-08 17:23 - 2014-05-08 17:23 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-07 20:30 - 2012-09-28 17:06 - 00000000 ____D () C:\Users\Robin
2014-05-07 19:59 - 2014-05-07 19:59 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Wireshark
2014-05-06 17:51 - 2012-09-28 17:06 - 01401617 _____ () C:\Windows\WindowsUpdate.log
2014-05-06 15:07 - 2012-09-28 19:09 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\HexChat
2014-05-04 16:48 - 2014-05-04 16:46 - 00000000 ____D () C:\Program Files (x86)\Wireshark
2014-05-04 16:46 - 2014-05-04 16:46 - 00001742 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-05-04 16:46 - 2014-05-04 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-05-04 16:46 - 2014-05-04 16:46 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-05-04 00:52 - 2013-05-16 21:24 - 00537006 _____ () C:\Windows\DirectX.log
2014-05-03 21:40 - 2012-09-28 23:06 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\HLSW
2014-05-03 16:10 - 2012-09-28 17:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-03 00:21 - 2014-05-02 16:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-02 18:03 - 2013-10-26 01:26 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-05-01 19:07 - 2012-12-03 20:01 - 00000000 ____D () C:\Users\Robin\AppData\Local\Paint.NET
2014-04-29 15:31 - 2009-07-14 06:45 - 00308144 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-28 21:44 - 2012-09-28 17:50 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 21:44 - 2012-09-28 17:50 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-28 21:44 - 2012-09-28 17:50 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-28 17:10 - 2012-09-28 17:08 - 00068328 _____ () C:\Users\Robin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-28 17:09 - 2013-07-06 12:23 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\SteelSeries
2014-04-28 17:08 - 2014-04-28 17:08 - 00000000 ____D () C:\ProgramData\Razer
2014-04-28 17:08 - 2014-04-23 14:59 - 00090888 _____ () C:\Windows\DPINST.LOG
2014-04-28 17:08 - 2014-04-23 14:28 - 00000000 ____D () C:\Users\Robin\AppData\Local\Razer
2014-04-28 17:08 - 2014-04-23 14:24 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-04-28 17:06 - 2013-07-06 12:22 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries
2014-04-28 17:06 - 2013-07-06 12:22 - 00000000 ____D () C:\ProgramData\SteelSeries
2014-04-28 17:05 - 2013-07-06 12:21 - 00000000 ____D () C:\Program Files\SteelSeries
2014-04-24 16:44 - 2014-04-18 17:47 - 00000823 _____ () C:\Users\Public\Desktop\ESL Wire.lnk
2014-04-24 16:44 - 2013-08-01 20:52 - 00000751 _____ () C:\Users\Robin\Neues Textdokument.txt
2014-04-23 15:07 - 2012-09-28 17:07 - 00000000 ___RD () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-23 15:00 - 2014-04-23 15:00 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzendpt_01009.Wdf
2014-04-23 14:59 - 2014-04-23 14:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2014-04-22 01:04 - 2014-04-22 01:04 - 00000219 _____ () C:\Users\Robin\Desktop\Counter-Strike Global Offensive.url
2014-04-22 01:04 - 2014-04-22 01:04 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-18 17:47 - 2014-04-18 17:47 - 00184968 _____ (<Turtle Entertainment>) C:\Windows\system32\Drivers\ESLWireACD.sys
2014-04-18 17:47 - 2014-04-18 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
2014-04-18 17:47 - 2014-04-18 17:47 - 00000000 ____D () C:\ProgramData\ESL Wire
2014-04-18 17:47 - 2012-09-28 18:00 - 00000000 ____D () C:\Program Files\EslWire
2014-04-18 17:33 - 2012-10-30 14:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-14 20:13 - 2014-05-09 20:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-05-09 20:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-05-09 20:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-05-09 20:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-14 10:12 - 2014-05-08 22:38 - 00000000 ____D () C:\Users\Robin\Desktop\bravo hits 84 - echte tracklist
2014-04-11 20:48 - 2012-09-28 17:37 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-11 16:24 - 2014-04-11 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-11 16:24 - 2014-04-11 16:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-11 16:24 - 2014-04-11 16:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-11 05:45 - 2014-04-11 00:39 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\NetSpeedMonitor
2014-04-11 03:43 - 2014-02-07 00:55 - 00007600 _____ () C:\Users\Robin\AppData\Local\Resmon.ResmonCfg
2014-04-11 00:37 - 2014-04-11 00:37 - 00000000 ____D () C:\Program Files\NetSpeedMonitor
2014-04-10 16:00 - 2014-04-10 15:54 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Opera Software
2014-04-10 16:00 - 2014-04-10 15:54 - 00000000 ____D () C:\Users\Robin\AppData\Local\Opera Software
2014-04-10 16:00 - 2014-04-10 15:53 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-04-10 16:00 - 2012-09-28 17:07 - 00001443 _____ () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-10 16:00 - 2012-09-28 17:07 - 00001409 _____ () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-04-10 15:55 - 2014-04-10 15:55 - 00000000 ____D () C:\Users\Robin\AppData\Local\psynetic-imageconverter
2014-04-10 15:55 - 2014-04-10 15:55 - 00000000 ____D () C:\Program Files (x86)\psynetic

Files to move or delete:
====================
C:\Users\Robin\AppData\Local\Temp\sys32.exe


Some content of TEMP:
====================
C:\Users\Robin\AppData\Local\Temp\avgnt.exe
C:\Users\Robin\AppData\Local\Temp\buddyupdater120910275.exe
C:\Users\Robin\AppData\Local\Temp\buddyupdater43280854.exe
C:\Users\Robin\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Robin\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Robin\AppData\Local\Temp\EslWireSetup-1.15.0.7430-x64.exe
C:\Users\Robin\AppData\Local\Temp\EslWireSetup-1.16.0.7604-x64.exe
C:\Users\Robin\AppData\Local\Temp\EslWireSetup-1.16.0.7619-x64.exe
C:\Users\Robin\AppData\Local\Temp\EslWireSetup-1.16.0.7631-x64.exe
C:\Users\Robin\AppData\Local\Temp\EslWireSetup-1.16.0.7636-x64.exe
C:\Users\Robin\AppData\Local\Temp\EslWireSetup-1.17.0.7639-x64.exe
C:\Users\Robin\AppData\Local\Temp\EslWireSetup-1.17.1.7657-x64.exe
C:\Users\Robin\AppData\Local\Temp\EslWireSetup-1.17.2.7687-x64.exe
C:\Users\Robin\AppData\Local\Temp\EslWireSetup-1.17.3.7769-x64.exe
C:\Users\Robin\AppData\Local\Temp\EslWireSetup-1.17.3.7977-x64.exe
C:\Users\Robin\AppData\Local\Temp\EslWireSetup-1.17.3.8001-x64.exe
C:\Users\Robin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Robin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Robin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Robin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Robin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Robin\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Robin\AppData\Local\Temp\msvcp100.dll
C:\Users\Robin\AppData\Local\Temp\msvcr100.dll
C:\Users\Robin\AppData\Local\Temp\nss3.dll
C:\Users\Robin\AppData\Local\Temp\ose00000.exe
C:\Users\Robin\AppData\Local\Temp\proxy_vole6634886603224604064.dll
C:\Users\Robin\AppData\Local\Temp\Quarantine.exe
C:\Users\Robin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Robin\AppData\Local\Temp\sonarinst.exe
C:\Users\Robin\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Robin\AppData\Local\Temp\sys.exe
C:\Users\Robin\AppData\Local\Temp\sys32.exe
C:\Users\Robin\AppData\Local\Temp\ujwgkhfl.dll
C:\Users\Robin\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Robin\AppData\Local\Temp\x2blapi.dll
C:\Users\Robin\AppData\Local\Temp\yvxzcwyxiw.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 18:11

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 11.05.2014, 13:21   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: auf dem USB-Stick sind nur Verknüpfungen - Standard

Win7: auf dem USB-Stick sind nur Verknüpfungen



FRST öffnen, Haken setzen bei Addition, scannen, poste bitte nur die Addition.txt.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.05.2014, 15:19   #5
Mimify
 
Win7: auf dem USB-Stick sind nur Verknüpfungen - Standard

Win7: auf dem USB-Stick sind nur Verknüpfungen



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014
Ran by Robin at 2014-05-11 15:17:40
Running from C:\Users\Robin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Canon MX920 series Benutzerregistrierung (HKLM-x32\...\Canon MX920 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.2.3442 - CDBurnerXP)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.644 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESL Wire 1.17.3 (HKLM\...\ESL Wire_is1) (Version:  - Turtle Entertainment GmbH)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube to MP3 Converter version 3.11.32.918 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.32.918 - DVDVideoSoft Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
Gyazo 2.0.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HexChat (x64) (HKLM\...\HexChat (x64)_is1) (Version: 2.9.1 - HexChat)
HLSW v1.4.0.2 (HKLM-x32\...\HLSW_is1) (Version:  - Stripf Software)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 7 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170070}) (Version: 1.7.0.70 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Logitech Gaming Software 8.35 (HKLM\...\Logitech Gaming Software) (Version: 8.35.18 - Logitech Inc.)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
Mp3tag v2.52 (HKLM-x32\...\Mp3tag) (Version: v2.52 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MusicBee 2.3 (HKLM-x32\...\MusicBee) (Version: 2.3 - Steven Mayall)
My Game Long Name (HKLM\...\UDK-0f5466c6-26ab-43c3-b43f-521cdbee07ca) (Version:  - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-d73f8acb-a90d-4322-a1c3-4a33cdf551a7) (Version:  - Epic Games, Inc.)
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
NVIDIA 3D Vision Controller-Treiber 337.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.50 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.50 (Version: 337.50 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.989 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Secure Download Manager (HKLM-x32\...\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}) (Version: 3.0.5 - e-academy Inc.)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.445.23476 - SteelSeries)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
TortoiseSVN 1.8.3.24901 (64 bit) (HKLM\...\{85C48946-A8C6-400C-91A8-DCB06AB36032}) (Version: 1.8.24901 - TortoiseSVN)
Tukui Client Installer (HKLM-x32\...\{F47AF0B7-030A-4379-8EF5-90E4B63F3236}) (Version: 2.0.7 - Tukui)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireshark 1.10.7 (32-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.7 - The Wireshark developer community, hxxp://www.wireshark.org)
Xvid 1.1.3 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))

==================== Restore Points  =========================

08-05-2014 17:21:09 Removed iTunes
09-05-2014 17:59:34 Installed Java 7 Update 55

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-12-26 03:21 - 00001297 ____A C:\Windows\system32\Drivers\etc\hosts
255.255.255.255    easyanticheat.se    # misleading site
255.255.255.255    www.easyanticheat.se    # misleading site
255.255.255.255    easyanticheat.com    # misleading site
255.255.255.255    www.easyanticheat.com    # misleading site
255.255.255.255    easyanticheat.info    # misleading site
255.255.255.255    www.easyanticheat.info    # misleading site
255.255.255.255    easyanticheat.org    # misleading site
255.255.255.255    www.easyanticheat.org    # misleading site


==================== Scheduled Tasks (whitelisted) =============

Task: {934824D9-8C5F-4F4A-8EF3-2273F9D7452C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
Task: {992B967C-9DCD-43F4-8CF4-008CD2862396} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-06] (Google Inc.)
Task: {9CEE8305-0205-445F-866D-B0EC2E28D0FF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CAB6DC6B-56BC-480B-8E23-EA0238F776B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {D03D1951-B492-45EF-8AD3-AF02007B2311} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-06] (Google Inc.)
Task: {DB435D86-52A7-43A6-99DC-F4CB568E2277} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {E1B63506-6AEF-4FA5-AB37-50472FC69B03} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-09-28 17:30 - 2014-03-27 04:11 - 00118728 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-18 17:47 - 2014-01-29 19:14 - 00663056 _____ () C:\Program Files\EslWire\service\WireHelperSvc.exe
2012-09-28 18:00 - 2014-02-06 16:38 - 00214016 _____ () C:\Program Files\EslWire\service\NocIPC64.dll
2013-08-16 21:56 - 2013-09-02 14:58 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-27 19:52 - 2013-10-27 19:52 - 00075504 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2013-10-27 19:52 - 2013-10-27 19:52 - 00088304 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2014-04-15 13:02 - 2014-04-15 13:02 - 00801792 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2014-04-15 13:02 - 2014-04-15 13:02 - 00175104 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-04-28 17:09 - 2014-04-28 17:09 - 00089915 _____ () C:\Users\Robin\AppData\Local\Temp\087a7fb9-4ed6-48f7-81cb-0dfb6f1f0a8b\CliSecureRT64.dll
2014-04-15 13:02 - 2014-04-15 13:02 - 00289792 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2014-04-15 13:02 - 2014-04-15 13:02 - 00140288 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2014-04-15 13:02 - 2014-04-15 13:02 - 00148480 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2014-04-15 13:02 - 2014-04-15 13:02 - 00145408 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2013-01-10 07:46 - 2013-01-10 07:46 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-04-15 13:02 - 2014-04-15 13:02 - 09674752 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2013-01-10 07:46 - 2013-01-10 07:46 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2014-04-15 13:02 - 2014-04-15 13:02 - 00209408 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CustomWPFColorPicker.dll
2014-04-15 13:02 - 2014-04-15 13:02 - 00349696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2014-04-15 13:02 - 2014-04-15 13:02 - 00171008 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2014-04-15 13:02 - 2014-04-15 13:02 - 00173056 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2014-04-15 13:02 - 2014-04-15 13:02 - 00171008 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2014-04-15 13:02 - 2014-04-15 13:02 - 00307200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2014-04-15 13:02 - 2014-04-15 13:02 - 00154624 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2014-04-15 13:02 - 2014-04-15 13:02 - 00170496 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2014-04-15 13:02 - 2014-04-15 13:02 - 00169472 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2014-04-15 13:02 - 2014-04-15 13:02 - 00169984 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2014-04-15 13:02 - 2014-04-15 13:02 - 00157184 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2014-04-15 13:02 - 2014-04-15 13:02 - 00170496 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2014-04-15 13:02 - 2014-04-15 13:02 - 00169984 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2014-03-14 14:25 - 2014-03-14 14:25 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-03-14 14:25 - 2014-03-14 14:25 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2014-03-14 14:25 - 2014-03-14 14:25 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2012-07-30 16:13 - 2014-03-14 14:25 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2012-07-30 16:13 - 2014-03-14 14:25 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-03-14 14:25 - 2014-03-14 14:25 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2014-03-14 14:25 - 2014-03-14 14:25 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2012-07-30 16:13 - 2014-03-14 14:25 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-09-15 18:00 - 2014-03-14 14:25 - 00577480 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-03-14 14:25 - 2014-03-14 14:25 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2012-09-28 17:24 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2013-04-27 22:43 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-04-27 22:43 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-04-27 22:43 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-04-27 22:43 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-04-27 22:43 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2014-01-08 13:16 - 2014-04-22 00:55 - 00340480 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-04-23 13:39 - 2014-04-22 00:55 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2013-03-12 18:10 - 2014-04-01 00:09 - 00754688 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2012-09-28 17:42 - 2014-04-24 00:01 - 01092288 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-09-28 17:42 - 2014-03-03 21:15 - 20626624 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-09-28 17:42 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-09-28 17:42 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-09-28 17:42 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-04-25 15:11 - 2014-04-24 02:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2013-10-27 19:07 - 2013-10-27 19:07 - 00065264 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2014-04-25 15:11 - 2014-04-24 02:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-25 15:11 - 2014-04-24 02:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-25 15:11 - 2014-04-24 02:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-25 15:11 - 2014-04-24 02:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-25 15:11 - 2014-04-24 02:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2012-11-24 21:27 - 2014-04-11 18:29 - 36966968 _____ () C:\Users\Robin\AppData\Roaming\Spotify\Data\libcef.dll
2014-01-11 03:17 - 2014-04-11 18:29 - 00602680 _____ () C:\Users\Robin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}
AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Tukui Client Startup.lnk => C:\Windows\pss\Tukui Client Startup.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Robin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Robin\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Robin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/10/2014 02:58:06 PM) (Source: SideBySide) (User: ) (EventID: 80)
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (05/10/2014 09:00:58 PM) (Source: BugCheck) (User: ) (EventID: 1001)
Description: 0x000000f4 (0x0000000000000003, 0xfffffa8005a81b30, 0xfffffa8005a81e10, 0xfffff800035d2350)C:\Windows\MEMORY.DMP051014-13509-01

Error: (05/10/2014 09:00:55 PM) (Source: EventLog) (User: ) (EventID: 6008)
Description: Das System wurde zuvor am ‎10.‎05.‎2014 um 20:59:31 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 44%
Total physical RAM: 6135.11 MB
Available physical RAM: 3377.67 MB
Total Pagefile: 12268.41 MB
Available Pagefile: 8942.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:442.13 GB) (Free:163.35 GB) NTFS
Drive d: () (Fixed) (Total:488.28 GB) (Free:296.46 GB) NTFS
Drive i: (TREKSTOR) (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
Drive j: () (Removable) (Total:3.75 GB) (Free:3.74 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=442 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=488 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: 5DE19DDE)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================
         


Alt 12.05.2014, 12:59   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: auf dem USB-Stick sind nur Verknüpfungen - Standard

Win7: auf dem USB-Stick sind nur Verknüpfungen



Sticks anklemmen, nicht mehr abklemmen.

Panda USB Vaccine - Download - Filepony
Das laufen lassen zum Absichern des Sticks.



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Win7: auf dem USB-Stick sind nur Verknüpfungen

Alt 13.05.2014, 16:02   #7
Mimify
 
Win7: auf dem USB-Stick sind nur Verknüpfungen - Standard

Win7: auf dem USB-Stick sind nur Verknüpfungen



Combofix:

Code:
ATTFilter
ComboFix 14-05-13.01 - Robin 13.05.2014  15:49:21.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6135.3513 [GMT 2:00]
ausgeführt von:: c:\users\Robin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
 ADS - Windows: deleted 12 bytes in 1 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Robin\AppData\Local\Temp\087a7fb9-4ed6-48f7-81cb-0dfb6f1f0a8b\CliSecureRT64.dll
c:\windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-13 bis 2014-05-13  ))))))))))))))))))))))))))))))
.
.
2014-05-13 13:57 . 2014-05-13 13:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-13 13:42 . 2014-05-13 13:42	--------	d-----w-	c:\programdata\Panda Security
2014-05-13 13:42 . 2014-05-13 13:42	--------	d-----w-	c:\program files (x86)\Panda USB Vaccine
2014-05-10 02:13 . 2014-05-11 13:18	--------	d-----w-	C:\FRST
2014-05-10 01:33 . 2014-05-10 01:33	--------	d-----w-	c:\windows\ERUNT
2014-05-09 22:54 . 2014-05-09 22:54	--------	d-----w-	C:\PPFS_TOOLS
2014-05-09 21:37 . 2014-05-09 22:54	--------	d-----w-	C:\PPF_Scan1
2014-05-09 18:02 . 2014-04-14 18:13	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-09 17:39 . 2010-08-30 06:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-05-09 16:50 . 2014-05-10 01:57	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-09 16:49 . 2014-05-09 16:49	--------	d-----w-	c:\programdata\Malwarebytes
2014-05-08 23:26 . 2014-05-09 22:04	--------	d-----w-	C:\Lyrics
2014-05-08 23:26 . 2014-05-09 22:04	--------	d-----w-	c:\users\Robin\AppData\Roaming\MiniLyrics
2014-05-08 23:26 . 2014-05-08 23:26	--------	d-----w-	c:\program files (x86)\MiniLyrics
2014-05-08 21:14 . 2014-05-09 16:40	--------	d-----w-	c:\users\Robin\AppData\Roaming\MusicBee
2014-05-08 21:14 . 2014-05-08 21:14	--------	d-----w-	c:\program files (x86)\MusicBee
2014-05-08 19:52 . 2014-05-08 19:52	--------	d-----w-	c:\users\Robin\AppData\Local\MediaMonkey
2014-05-08 19:52 . 2014-05-08 21:16	--------	d-----w-	c:\users\Robin\AppData\Roaming\MediaMonkey
2014-05-07 17:59 . 2014-05-07 17:59	--------	d-----w-	c:\users\Robin\AppData\Roaming\Wireshark
2014-05-04 14:46 . 2014-05-04 14:46	--------	d-----w-	c:\program files (x86)\WinPcap
2014-05-04 14:46 . 2014-05-04 14:48	--------	d-----w-	c:\program files (x86)\Wireshark
2014-05-02 14:29 . 2014-05-02 22:21	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2014-04-28 15:08 . 2014-04-28 15:08	--------	d-----w-	c:\programdata\Razer
2014-04-23 12:28 . 2014-04-28 15:08	--------	d-----w-	c:\users\Robin\AppData\Local\Razer
2014-04-23 12:24 . 2014-04-28 15:08	--------	d-----w-	c:\program files (x86)\Razer
2014-04-18 15:47 . 2014-04-18 15:47	184968	----a-w-	c:\windows\system32\drivers\ESLWireACD.sys
2014-04-18 15:47 . 2014-05-12 21:09	--------	d-----w-	c:\users\Robin\AppData\Local\ESL Wire Game Client
2014-04-18 15:47 . 2014-04-18 15:47	--------	d-----w-	c:\programdata\ESL Wire
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-28 19:44 . 2012-09-28 15:50	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-28 19:44 . 2012-09-28 15:50	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-02 13:28 . 2014-04-08 20:46	1081112	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-04-02 13:28 . 2014-04-08 20:46	1225920	----a-w-	c:\windows\system32\nvspcap64.dll
2014-03-30 00:09 . 2012-09-28 15:57	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2014-03-27 12:45 . 2014-04-08 20:38	305600	----a-w-	c:\windows\SysWow64\nvoglshim32.dll
2014-03-27 12:45 . 2014-04-08 20:38	2785056	----a-w-	c:\windows\system32\nvcuvenc.dll
2014-03-27 12:45 . 2014-04-08 20:38	891168	----a-w-	c:\windows\system32\NvFBC64.dll
2014-03-27 12:45 . 2014-04-08 20:38	864600	----a-w-	c:\windows\SysWow64\NvIFR.dll
2014-03-27 12:45 . 2014-04-08 20:38	859592	----a-w-	c:\windows\SysWow64\NvFBC.dll
2014-03-27 12:45 . 2014-04-08 20:38	836544	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2014-03-27 12:45 . 2014-04-08 20:38	354016	----a-w-	c:\windows\system32\nvoglshim64.dll
2014-03-27 12:45 . 2014-04-08 20:38	3139928	----a-w-	c:\windows\system32\nvcuvid.dll
2014-03-27 12:45 . 2014-04-08 20:38	25257416	----a-w-	c:\windows\system32\nvcompiler.dll
2014-03-27 12:45 . 2014-04-08 20:38	2413344	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2014-03-27 12:45 . 2014-04-08 20:38	18493952	----a-w-	c:\windows\system32\nvwgf2umx.dll
2014-03-27 12:45 . 2014-04-08 20:38	17561544	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2014-03-27 12:45 . 2014-04-08 20:38	15964736	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2014-03-27 12:45 . 2014-04-08 20:38	2949976	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2014-03-27 12:45 . 2014-04-08 20:38	23785416	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2014-03-27 12:45 . 2014-04-08 20:38	146480	----a-w-	c:\windows\SysWow64\nvinit.dll
2014-03-27 12:45 . 2014-04-08 20:38	9734744	----a-w-	c:\windows\SysWow64\nvcuda.dll
2014-03-27 12:45 . 2014-04-08 20:38	9697128	----a-w-	c:\windows\SysWow64\nvopencl.dll
2014-03-27 12:45 . 2014-04-08 20:38	894752	----a-w-	c:\windows\system32\NvIFR64.dll
2014-03-27 12:45 . 2014-04-08 20:38	1890080	----a-w-	c:\windows\system32\nvdispco6433750.dll
2014-03-27 12:45 . 2014-04-08 20:38	166568	----a-w-	c:\windows\system32\nvinitx.dll
2014-03-27 12:45 . 2014-04-08 20:38	1539416	----a-w-	c:\windows\system32\nvdispgenco6433750.dll
2014-03-27 12:45 . 2014-04-08 20:38	13158232	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2014-03-27 12:45 . 2014-04-08 20:38	11644392	----a-w-	c:\windows\system32\nvcuda.dll
2014-03-27 12:45 . 2014-04-08 20:38	11598560	----a-w-	c:\windows\system32\nvopencl.dll
2014-03-27 12:45 . 2012-09-28 15:30	952440	----a-w-	c:\windows\system32\nvumdshimx.dll
2014-03-27 12:45 . 2012-09-28 15:30	31270856	----a-w-	c:\windows\system32\nvoglv64.dll
2014-03-27 12:45 . 2012-09-28 15:30	3106688	----a-w-	c:\windows\system32\nvapi64.dll
2014-03-27 12:45 . 2012-09-28 15:30	2728160	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-03-27 12:45 . 2012-09-28 15:30	17467048	----a-w-	c:\windows\system32\nvd3dumx.dll
2014-03-27 12:45 . 2012-09-28 15:30	14422856	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2014-03-27 02:11 . 2012-09-28 15:30	6768584	----a-w-	c:\windows\system32\nvcpl.dll
2014-03-27 02:11 . 2012-09-28 15:30	3512664	----a-w-	c:\windows\system32\nvsvc64.dll
2014-03-27 02:11 . 2012-09-28 15:30	927520	----a-w-	c:\windows\system32\nvvsvc.exe
2014-03-27 02:11 . 2012-09-28 15:30	63776	----a-w-	c:\windows\system32\nvshext.dll
2014-03-27 02:11 . 2012-09-28 15:30	386336	----a-w-	c:\windows\system32\nvmctray.dll
2014-03-27 02:11 . 2012-09-28 15:30	2558808	----a-w-	c:\windows\system32\nvsvcr.dll
2014-03-26 21:40 . 2014-04-08 20:44	601432	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2014-03-24 10:31 . 2012-09-28 15:30	3683457	----a-w-	c:\windows\system32\nvcoproc.bin
2014-03-21 19:43 . 2014-04-08 20:38	40392	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2014-03-21 19:43 . 2014-04-08 20:38	37320	----a-w-	c:\windows\system32\nvaudcap64v.dll
2014-03-21 19:43 . 2014-04-08 20:38	33568	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-08 01:02	223432	----a-w-	c:\users\Robin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-08 01:02	223432	----a-w-	c:\users\Robin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-08 01:02	223432	----a-w-	c:\users\Robin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"e58d25491ede6e4712a12d9e905cf881"=".." [X]
"Spotify Web Helper"="c:\users\Robin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-04-11 1171000]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2013-10-30 2990304]
"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2014-04-15 252928]
"mahzhxajyl"="wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"e58d25491ede6e4712a12d9e905cf881"=".." [X]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-20 689744]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"mahzhxajyl"="wscript.exe" [2009-07-14 141824]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-09-27 1279120]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-08-31 452272]
.
c:\users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
mahzhxajyl.vbs [2013-11-24 111536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys;c:\windows\SYSNATIVE\DRIVERS\cv2k1.sys [x]
R3 ESEADriver2;ESEADriver2;c:\users\Robin\AppData\Local\Temp\ESEADriver2.sys;c:\users\Robin\AppData\Local\Temp\ESEADriver2.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys;c:\windows\SYSNATIVE\drivers\ESLWireACD.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe;c:\program files\EslWire\service\WireHelperSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys;c:\windows\SYSNATIVE\DRIVERS\SAlpham64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-25 13:10	1078088	----a-w-	c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-28 19:44]
.
2014-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-06 12:04]
.
2014-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-06 12:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-08 01:02	262344	----a-w-	c:\users\Robin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-08 01:02	262344	----a-w-	c:\users\Robin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-08 01:02	262344	----a-w-	c:\users\Robin\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-02 2199840]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-02 1225920]
"mahzhxajyl"="wscript.exe" [2009-07-14 168960]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Robin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\y41pn33c.default-1387541652877\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Overwolf - c:\program files (x86)\Overwolf\Overwolf.exe
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
   57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:56,e3,68,5c,70,b4,ce,01
.
[HKEY_USERS\S-1-5-21-2158350223-1854945034-3427891744-1000\Software\SecuROM\License information*]
"datasecu"=hex:69,b5,c2,03,c4,d5,0d,a9,6d,29,68,e7,29,86,17,f6,25,88,14,2f,c5,
   b1,58,d1,ab,7b,de,8d,73,fd,ca,34,32,8f,27,b6,b2,5b,83,97,3f,2e,9d,e3,5d,b6,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-05-13  15:59:32
ComboFix-quarantined-files.txt  2014-05-13 13:59
.
Vor Suchlauf: 13 Verzeichnis(se), 173.044.142.080 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 180.857.688.064 Bytes frei
.
- - End Of File - - A8C1543B7C19D7C12899CE32F9B11BF7
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 14.05.2014, 12:50   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: auf dem USB-Stick sind nur Verknüpfungen - Standard

Win7: auf dem USB-Stick sind nur Verknüpfungen



Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:
BleepingComputer.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mahzhxajyl"=-
"e58d25491ede6e4712a12d9e905cf881"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mahzhxajyl"=-
"e58d25491ede6e4712a12d9e905cf881"=-
File::
c:\users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mahzhxajyl.vbs
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win7: auf dem USB-Stick sind nur Verknüpfungen
andere, anderen, angezeigt, bleibe, daten, defekt, gen, gerettet, hoffe, neuinstallation, nichts, nur verknüpfungen, probiert, problem, spiele, troja, usb-stick, verknüpfungen, versteckt, win, win7



Ähnliche Themen: Win7: auf dem USB-Stick sind nur Verknüpfungen


  1. USB-Stick Dateien sind nur noch Verknüpfungen
    Log-Analyse und Auswertung - 17.08.2015 (44)
  2. USB-Stick nur noch mit Verknüpfungen
    Log-Analyse und Auswertung - 01.05.2015 (13)
  3. auf meinem Stick kopierte Dateien werden sofort Verknüpfungen, die nicht mehr löschbar sind ?
    Log-Analyse und Auswertung - 25.09.2014 (25)
  4. VBS Jenxcus - Nur Verknüpfungen auf USB-Stick
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (2)
  5. Win7/32bit - USB Stick und SD Karte beinhalten Verknüpfungen
    Log-Analyse und Auswertung - 24.06.2014 (5)
  6. Win7: Dateien von USB Stick werden als Verknüpfungen angezeigt
    Log-Analyse und Auswertung - 14.03.2014 (19)
  7. Ordner und Dateien auf meinem USB-Stick sind plötzlich Verknüpfungen
    Log-Analyse und Auswertung - 10.03.2014 (14)
  8. Auf USB Stick nur noch Verknüpfungen (Dateien sind versteckt)
    Log-Analyse und Auswertung - 27.02.2014 (19)
  9. USB Stick: Verknüpfungen Windows 8.0
    Plagegeister aller Art und deren Bekämpfung - 24.01.2014 (13)
  10. Nur noch Verknüpfungen auf USB-STick
    Plagegeister aller Art und deren Bekämpfung - 14.11.2013 (33)
  11. USB Stick zeigt nur Verknüpfungen
    Plagegeister aller Art und deren Bekämpfung - 29.04.2013 (20)
  12. Extern USB Stick Verknüpfungen
    Plagegeister aller Art und deren Bekämpfung - 02.04.2012 (25)
  13. Virus/Trojaner - kopierte Dateien auf USB-Stick sind nur Verknüpfungen, bzw Versteckt/Schreibgesch
    Plagegeister aller Art und deren Bekämpfung - 10.01.2012 (38)
  14. Virus/Trojaner - kopierte Dateien auf USB-Stick sind nur Verknüpfungen, bzw Versteckt (Vista)
    Plagegeister aller Art und deren Bekämpfung - 07.01.2012 (1)
  15. USB Stick erstellt nur Verknüpfungen
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (10)
  16. Dateien auf dem USB stick sind nur noch als Verknüpfungen vorhanden
    Log-Analyse und Auswertung - 22.11.2011 (18)
  17. Virus/Trojaner - kopierte Dateien auf USB-Stick sind nur Verknüpfungen, bzw Versteckt/Schreibgesch.
    Plagegeister aller Art und deren Bekämpfung - 16.11.2011 (13)

Zum Thema Win7: auf dem USB-Stick sind nur Verknüpfungen - Hallo an alle Trojaner-Forum-User, folgendes Problem liegt derzeit vor: Wenn ich Daten auf meinen USB-Stick spiele, werden diese als versteckt angezeigt und es bleiben nur noch jeweilige Verknüpfungen vorhanden. Da - Win7: auf dem USB-Stick sind nur Verknüpfungen...
Archiv
Du betrachtest: Win7: auf dem USB-Stick sind nur Verknüpfungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.