Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Adds und Pop-Ups in Browsern und Steam

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.05.2014, 15:47   #1
Vlad
 
Adds und Pop-Ups in Browsern und Steam - Standard

Adds und Pop-Ups in Browsern und Steam



Hallo,
ich melde mich hier weil ich seit einer Woche einige Probleme habe. Angefangen hat das als in den einzelnen Browsern mehr Adds und Pop-Ups als üblich aufgetaucht sind. Anfangs ist mir das wegen Add-Block nicht aufgefallen, aber als sich auch meine Startseite von Google Chrome immer wieder zu v9.com gewechselt hat habe ich einige Guides im web befolgt bis die Symptome nicht mehr da waren. Aber auch in meinem Task Manager war ständig unter der Anwendungen Internet Explorer mit posadi17.com geöffnet. Nach etwas googlen fand ich heraus dass das auch ein Virus ist. Habe ich auch per Internet Guides versucht zu lösen, aber einige Symptome lassen sich nicht beheben (Adds und Pop-Ups in Steam und Browsern; v9.com fügt sich nach wie vor selbst als Startseite ein). Da ich nun wirklich keine Ahnung habe was ich noch außer den Computer neu aufzusetzen tun soll, würde ich mich wirklich über Hilfe freuen.

Hier noch die Links zu den Guides welche ich befolgt habe:

(Befolgte Guide zu Posadi17: hxxp://techfrage.de/question/7726/anleitung-posadi17-browser-virus-entfernen/ )

(Befolgte Guide zu v9.com: https://www.google.de/url?sa=t&rct=j&q=&esrc=s&source=web&cd=16&cad=rja&uact=8&ved=0CHcQFjAFOAo&url=http%3A%2F%2Fmalwaretips.com%2Fblogs%2Fsafe-v9-virus%2F&ei=Pwh6U8boHvH5yAO9iYCQCA&usg=AFQjCNHlSTp4KnawRnze2CxnV4nka6iu4Q&sig2=0iwbL1BVVUwEFEkRqUFSng&bvm=bv.66917471,d.bGQ )

Alt 19.05.2014, 16:02   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adds und Pop-Ups in Browsern und Steam - Standard

Adds und Pop-Ups in Browsern und Steam



Hi,

Logs bitte nicht anhängen, immer direkt posten in CODE-Tags und notfalls aufteilen über mehrere Beiträge

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 19.05.2014, 16:13   #3
Vlad
 
Adds und Pop-Ups in Browsern und Steam - Standard

Adds und Pop-Ups in Browsern und Steam



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-05-2014
Ran by vlad at 2014-05-19 14:20:45
Running from C:\Users\vlad\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Antichamber (HKLM\...\Steam App 219890) (Version:  - Alexander Bruce)
Arma: Cold War Assault (HKLM\...\Steam App 65790) (Version:  - Bohemia Interactive)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2018 - Avast Software)
BattleBlock Theater (HKLM\...\Steam App 238460) (Version:  - The Behemoth)
BioShock (HKLM\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM\...\Steam App 8850) (Version:  - 2K Marin)
BioShock Infinite (HKLM\...\Steam App 8870) (Version:  - Irrational Games)
Borderlands (HKLM\...\Steam App 8980) (Version:  - Gearbox Software)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Cave Story Deluxe (HKLM\...\Cave Story Deluxe) (Version:  - )
Cry of Fear (HKLM\...\Steam App 223710) (Version:  - Team Psykskallar)
Crysis (HKLM\...\Steam App 17300) (Version:  - Crytek)
Disney-Pixar WALL-E (HKLM\...\{B94C6815-7BCC-4124-AC39-9208A06FFFA7}) (Version: 1.00.0000 - THQ)
Dojotech Spotify Recorder (HKLM\...\{D149DB2E-392E-48CC-8036-88BECC09C50A}) (Version: 3.2 - Dojotech Software)
Don't Starve (HKLM\...\Steam App 219740) (Version:  - Klei Entertainment)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Driver Booster (HKLM\...\Driver Booster_is1) (Version: 1.2 - IObit)
Edna & Harvey: Harvey's New Eyes (HKLM\...\Steam App 219910) (Version:  - Daedalic Entertainment)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FINAL FANTASY VII (HKLM\...\Steam App 39140) (Version:  - Square Enix)
Free System Utilities (HKLM\...\{b70d03b1-2a07-4c32-beef-79d2d13a5bee}) (Version: 1.1.3.0 - Covus Freemium GmbH)
Free SystemUtilities (Version: 1.1.3.0 - Covus Freemium GmbH) Hidden
Game Dev Tycoon (HKLM\...\Steam App 239820) (Version:  - Greenheart Games)
GameSpy Comrade (HKLM\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Garry)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM\...\Steam App 12210) (Version:  - Rockstar North)
Greenfish Icon Editor Pro 3.31 (HKLM\...\{27135B83-5AFF-42A3-BCEB-E689BE9E2090}_is1) (Version:  - Greenfish Corporation)
Half-Life (HKLM\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM\...\Steam App 340) (Version:  - Valve)
Half-Life: Blue Shift (HKLM\...\Steam App 130) (Version:  - Gearbox Software)
Half-Life: Opposing Force (HKLM\...\Steam App 50) (Version:  - Gearbox Software)
Hamachi 1.0.3.0 (HKLM\...\Hamachi) (Version:  - )
Hitman 2: Silent Assassin (HKLM\...\Steam App 6850) (Version:  - IO Interactive)
Hitman: Absolution (HKLM\...\Steam App 203140) (Version:  - IO Interactive)
Hitman: Blood Money (HKLM\...\Steam App 6860) (Version:  - IO Interactive)
Hitman: Codename 47 (HKLM\...\Steam App 6900) (Version:  - IO Interactive)
Hitman: Contracts (HKLM\...\Steam App 247430) (Version:  - )
Hitman: Sniper Challenge (HKLM\...\Steam App 205930) (Version:  - IO Interactive)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 45 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Just Cause (HKLM\...\Steam App 6880) (Version:  - Avalanche)
Just Cause 2 (HKLM\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM\...\Steam App 259080) (Version:  - JC2-MP Team)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
lightshot-5.1.0.15 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.0.15 - Skillbrains)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MEDUSA NX USB 5.1 Gaming Headset (HKLM\...\C-Media CM106 Like Sound Driver) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (HKLM\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 24.0 (x86 de) (HKLM\...\Mozilla Firefox 24.0 (x86 de)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
My Game Long Name (HKLM\...\UDK-ca5c1d5d-d51e-436b-b5ea-a8b1d7131cb6) (Version:  - Epic Games, Inc.)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
Outlast (HKLM\...\Steam App 238320) (Version:  - Red Barrels)
Overwolf (HKLM\...\{0A337036-B73E-4C85-8D32-3851F84B7CFE}) (Version: 0.46.271 - Overwolf)
Plus-HD-3.8 (HKLM\...\Plus-HD-3.8) (Version: 1.27.153.11 - Plus HD) <==== ATTENTION
Portal (HKLM\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM\...\Steam App 620) (Version:  - Valve)
POSTAL 2 (HKLM\...\Steam App 223470) (Version:  - Running With Scissors)
Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Q.U.B.E. (HKLM\...\Steam App 203730) (Version:  - Toxic Games)
Razer Game Booster (HKLM\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM\...\Steam App 236830) (Version:  - )
Reus (HKLM\...\Steam App 222730) (Version:  - Abbey Games)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM\...\Steam App 35450) (Version:  - Tripwire Interactive)
Rogue Legacy (HKLM\...\Steam App 241600) (Version:  - Cellar Door Games)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
SketchUp 2013 (HKLM\...\{2C0777B8-E91F-45AA-976B-7EB6B40E5400}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version:  - Valve)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Starbound (HKLM\...\Steam App 211820) (Version:  - )
State of Decay (HKLM\...\Steam App 241540) (Version:  - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Update kb70007 (Version: 1.0.0 - MSR) Hidden
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Plan (HKLM\...\Steam App 250600) (Version:  - Krillbite Studio)
The Sims(TM) 3 (HKLM\...\Steam App 47890) (Version:  - The Sims Studio)
The Stanley Parable (HKLM\...\Steam App 221910) (Version:  - Galactic Cafe)
The Walking Dead (HKLM\...\Steam App 207610) (Version:  - )
The Walking Dead: Season Two (HKLM\...\Steam App 261030) (Version:  - Telltale Games)
Thomas Was Alone (HKLM\...\Steam App 220780) (Version:  - Mike Bithell)
Tomb Raider (HKLM\...\Steam App 203160) (Version:  - Crystal Dynamics)
Tomb Raider (VI): The Angel of Darkness (HKLM\...\Steam App 225020) (Version:  - Core Design)
Tomb Raider I (HKLM\...\Steam App 224960) (Version:  - Core Design)
Tomb Raider II (HKLM\...\Steam App 225300) (Version:  - Core Design)
Tomb Raider III: Adventures of Lara Croft (HKLM\...\Steam App 225320) (Version:  - Core Design)
Tomb Raider: Anniversary (HKLM\...\Steam App 8000) (Version:  - Crystal Dynamics)
Tomb Raider: Chronicles (HKLM\...\Steam App 225000) (Version:  - Core Design)
Tomb Raider: Legend (HKLM\...\Steam App 7000) (Version:  - Crystal Dynamics)
Tomb Raider: The Last Revelation (HKLM\...\Steam App 224980) (Version:  - Core Design)
Tomb Raider: Underworld (HKLM\...\Steam App 8140) (Version:  - Crystal Dynamics)
Unreal Development Kit: 2012-10 (HKLM\...\UDK-9a945cf0-3152-4d4f-a428-35aebc522f71) (Version:  - Epic Games, Inc.)
Update for Microsoft .NET Framework 4.5 (KB2750147) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805221) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805226) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

11-05-2014 19:56:35 Free System Utilities 11.05.2014 21:56:32
15-05-2014 05:11:16 Removed IObit Apps Toolbar v9.1.
15-05-2014 05:12:23 Removed IObit Apps Toolbar v9.1.
15-05-2014 12:06:14 Removed IObit Apps Toolbar v9.1.
15-05-2014 12:09:22 Removed PlayReady PC Runtime X86
15-05-2014 12:11:38 Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU wird entfernt
15-05-2014 12:31:28 Removed Adobe Shockwave Player 11.6.
15-05-2014 12:42:10 Revo Uninstaller's restore point - IObit Apps Toolbar v9.1
15-05-2014 12:42:32 Removed IObit Apps Toolbar v9.1.
15-05-2014 12:52:40 Revo Uninstaller's restore point - Adobe Flash Player 13 ActiveX
15-05-2014 12:53:29 Revo Uninstaller's restore point - Adobe Flash Player 13 Plugin

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0B5B728B-C893-48CD-9612-C161319287B5} - System32\Tasks\Freemium1ClickMaint => C:\Program Files\Covus Freemium\Free System Utilities\1Click.exe [2013-10-09] (Covus Freemium GmbH)
Task: {43A1A5BA-F03D-4D1F-AB04-73507EF3A8FC} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2014-01-10] (IObit)
Task: {546B77E0-2D16-4A99-BE50-BF9A98E0A69D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-13] (Google Inc.)
Task: {597B8412-CAD4-4CF9-9F0E-1AEC902EFD5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-13] (Google Inc.)
Task: {6425BDED-C0D8-49F5-AFEB-3613AFF6F841} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe
Task: {964E9CCF-D038-4D07-8107-8C1B071B4148} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: {CBD415AA-B846-4F3F-AF3E-EDBD7E9136D9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-22] (AVAST Software)
Task: {D8DE037A-B9D5-4AD5-BD12-CC71EB7F3D81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {EF8E9ECD-32D9-4E3F-B9E1-C328774C6DA8} - System32\Tasks\update-S-1-5-21-4018679884-465560905-3469409432-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-4018679884-465560905-3469409432-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (whitelisted) =============

2013-12-07 16:39 - 2014-03-04 14:34 - 00109000 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-10-21 13:43 - 2013-10-20 08:08 - 02136576 _____ () C:\Program Files\AVAST Software\Avast\defs\13102000\algo.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2013-10-21 13:43 - 2013-10-21 13:43 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-17 12:02 - 2014-04-22 00:55 - 00340480 _____ () C:\Program Files\Steam\libavresample-1.dll
2014-05-17 12:02 - 2014-04-22 00:55 - 00471552 _____ () C:\Program Files\Steam\libavutil-53.dll
2014-05-17 12:03 - 2014-04-01 00:09 - 00754688 _____ () C:\Program Files\Steam\SDL2.dll
2014-05-17 12:02 - 2014-04-24 00:01 - 01092288 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2014-05-17 12:02 - 2014-03-03 21:15 - 20626624 _____ () C:\Program Files\Steam\bin\libcef.dll
2014-05-17 12:02 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files\Steam\bin\avcodec-53.dll
2014-05-17 12:02 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files\Steam\bin\avutil-51.dll
2014-05-17 12:02 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files\Steam\bin\avformat-53.dll
2014-05-11 20:29 - 2014-05-08 15:23 - 00018944 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
2014-05-11 20:29 - 2014-05-08 15:23 - 00064000 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\InstallerLibrary.dll
2014-05-11 20:29 - 2014-05-08 15:23 - 00016896 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\Installer.dll
2014-05-11 20:29 - 2014-05-19 13:55 - 00086528 _____ () C:\Program Files\MSR\Privoxy\mgwz.dll
2014-05-14 14:40 - 2014-05-08 01:29 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
2014-05-14 14:40 - 2014-05-08 01:29 - 00674632 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
2014-05-14 14:40 - 2014-05-08 01:29 - 00093000 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\libegl.dll
2014-05-14 14:40 - 2014-05-08 01:29 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\pdf.dll
2014-05-14 14:40 - 2014-05-08 01:29 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
2014-05-14 14:40 - 2014-05-08 01:29 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: DrvUpdater => C:\Users\vlad\AppData\Roaming\DRPSu\DrvUpdater.exe /hide
MSCONFIG\startupreg: Overwolf => C:\Program Files\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Spotify => "C:\Users\vlad\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2014 01:56:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2014 01:42:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2014 06:11:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2014 06:06:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2014 11:45:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 10:52:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 05:03:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 01:54:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.500, Zeitstempel: 0x533d8de2
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x69737265
ID des fehlerhaften Prozesses: 0x8c4
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (05/16/2014 01:53:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 01:51:35 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]


System errors:
=============
Error: (05/19/2014 01:57:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/19/2014 01:55:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎19.‎05.‎2014 um 13:53:47 unerwartet heruntergefahren.

Error: (05/19/2014 01:42:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/19/2014 01:41:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SystemUpdatekb70007" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/19/2014 01:41:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SystemUpdatekb70007 erreicht.

Error: (05/18/2014 06:10:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/18/2014 06:10:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/18/2014 06:10:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.

Error: (05/18/2014 06:07:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/17/2014 11:44:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LiveUpdate" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (05/19/2014 01:56:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2014 01:42:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2014 06:11:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2014 06:06:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2014 11:45:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 10:52:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 05:03:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 01:54:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.500533d8de2unknown0.0.0.000000000c0000005697372658c401cf70fd2e3d108cC:\Program Files\ Malwarebytes Anti-Malware \mbam.exeunknowndcf2a07d-dcf0-11e3-a2a4-3085a94274df

Error: (05/16/2014 01:53:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/16/2014 01:51:35 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 3198.12 MB
Available physical RAM: 1545.27 MB
Total Pagefile: 6394.53 MB
Available Pagefile: 4334.38 MB
Total Virtual: 3071.88 MB
Available Virtual: 2930.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:501.43 GB) NTFS
Drive d: (WALL-E) (CDROM) (Total:3.49 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 61C89B35)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         







Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:16 on 19/05/2014 (vlad)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         





Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=769f41f36249694aba45ac46bc8f7b01
# engine=18300
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-17 12:08:32
# local_time=2014-05-17 02:08:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 76 169642 18556051 0 0
# compatibility_mode=5893 16776573 100 94 7949 151959703 0 0
# scanned=440132
# found=2
# cleaned=2
# scan_time=6362
sh=91A36ECC07C1A2FDFC46A22BE61580DB05B9A07B ft=1 fh=3949443ec6f71fd1 vn="Win32/OutBrowse.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-4018679884-465560905-3469409432-1000\$RBLUKMS.exe"
sh=91A36ECC07C1A2FDFC46A22BE61580DB05B9A07B ft=1 fh=3949443ec6f71fd1 vn="Win32/OutBrowse.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-4018679884-465560905-3469409432-1000\$RPYBXW7.exe"
         




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014
Ran by vlad (administrator) on VLAD-PC on 19-05-2014 14:20:20
Running from C:\Users\vlad\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Spotify Ltd) C:\Users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
() C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(The Privoxy team - www.privoxy.org) C:\Program Files\MSR\Privoxy\privoxy.exe
(Skillbrains) C:\Users\vlad\AppData\Local\Skillbrains\lightshot\5.1.0.15\Lightshot.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6667992 2014-04-16] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-22] (AVAST Software)
HKLM\...\Run: [Cm106Sound] => RunDll32 cm106.cpl,CMICtrlWnd
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [1081112 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1825984 2014-04-24] (Valve Corporation)
HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Spotify Web Helper] => C:\Users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-16] (Spotify Ltd)
HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [LightShot] => C:\Users\vlad\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226592 2014-03-06] ()
HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\MountPoints2: {0991ce67-33f1-11e3-a25e-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\MountPoints2: {632248a1-446a-11e3-a955-3085a94274df} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled ()

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\vlad\AppData\Roaming\Mozilla\Firefox\Profiles\l31jvc68.default-1400128695494
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-13]

Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "https://www.google.de/", "hxxp://www.v9.com/?type=hppp&ts=1400067628&from=irs&uid=HitachiXHDS721010DLE630_MSE523RP09LKLH09LKLHX&i=psd&t=342815dbc", "hxxp://www.msn.com/?pc=AV01"
CHR Extension: (Google Docs) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-13]
CHR Extension: (Adblock Plus) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-12]
CHR Extension: (Google Wallet) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-13]
CHR Extension: (SiteBlock) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2014-05-12]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-22] (AVAST Software)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2011-07-26] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19405768 2014-04-02] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-11-11] (Overwolf Ltd)
R2 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)
R2 SystemUpdatekb70007; C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] ()

==================== Drivers (Whitelisted) ====================

R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [57856 2012-10-25] (Alcor Micro, Corp.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-22] ()
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2013-10-14] (LogMeIn, Inc.)
S3 JRAID; C:\Windows\system32\drivers\jraid.sys [93096 2009-07-18] (JMicron Technology Corp.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30984 2013-01-03] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-21] (NVIDIA Corporation)
S3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1515520 2009-10-01] (C-Media Electronics Inc)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2011-07-26] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2011-07-26] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2011-07-26] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2011-07-26] (Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-19 14:20 - 2014-05-19 14:20 - 00012605 _____ () C:\Users\vlad\Desktop\FRST.txt
2014-05-19 14:20 - 2014-05-19 14:20 - 00000000 ____D () C:\FRST
2014-05-19 14:18 - 2014-05-19 14:18 - 01056768 _____ (Farbar) C:\Users\vlad\Desktop\FRST.exe
2014-05-19 14:16 - 2014-05-19 14:17 - 00000470 _____ () C:\Users\vlad\Downloads\defogger_disable.log
2014-05-19 14:16 - 2014-05-19 14:16 - 00000000 _____ () C:\Users\vlad\defogger_reenable
2014-05-19 14:15 - 2014-05-19 14:15 - 00050477 _____ () C:\Users\vlad\Downloads\Defogger.exe
2014-05-17 16:29 - 2014-05-17 16:29 - 00529265 _____ () C:\Users\vlad\Downloads\epsxe170.zip
2014-05-17 16:20 - 2014-05-17 16:20 - 00000215 _____ () C:\Users\vlad\Desktop\Arma Cold War Assault.url
2014-05-17 12:18 - 2014-05-17 12:18 - 00000000 ____D () C:\Program Files\ESET
2014-05-15 20:57 - 2014-05-15 20:57 - 00000216 _____ () C:\Users\vlad\Desktop\BattleBlock Theater.url
2014-05-15 14:00 - 2014-05-15 14:00 - 01141680 _____ () C:\Users\vlad\Downloads\SteamSetup.exe
2014-05-15 07:12 - 2014-05-15 14:09 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-14 23:04 - 2014-05-14 23:04 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu (1).exe
2014-05-14 20:42 - 2014-05-14 20:42 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu.exe
2014-05-14 20:39 - 2014-05-14 20:39 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-05-14 20:34 - 2014-05-14 20:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\vlad\Downloads\revosetup.exe
2014-05-14 20:34 - 2014-05-14 20:34 - 00001222 _____ () C:\Users\vlad\Downloads\Revo Uninstaller.lnk
2014-05-14 20:34 - 2014-05-14 20:34 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-14 20:14 - 2014-05-14 20:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-14 20:13 - 2014-05-14 20:13 - 10094400 _____ (SurfRight B.V.) C:\Users\vlad\Downloads\HitmanPro.exe
2014-05-14 19:55 - 2014-05-19 13:58 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 19:55 - 2014-05-14 19:55 - 00001060 _____ () C:\Users\vlad\Downloads\ Malwarebytes Anti-Malware .lnk
2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-14 19:54 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-14 19:54 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-14 19:54 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-14 19:53 - 2014-05-14 19:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-14 19:47 - 2014-05-14 19:47 - 01016261 _____ (Thisisu) C:\Users\vlad\Downloads\JRT (1).exe
2014-05-14 19:47 - 2014-05-14 19:47 - 00000000 ____D () C:\Windows\ERUNT
2014-05-14 19:46 - 2014-05-14 19:46 - 01016261 _____ (Thisisu) C:\Users\vlad\Downloads\JRT.exe
2014-05-14 19:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-14 19:39 - 2014-05-14 22:44 - 00000000 ____D () C:\AdwCleaner
2014-05-14 19:30 - 2014-05-14 19:30 - 01325827 _____ () C:\Users\vlad\Downloads\adwcleaner_3.208.exe
2014-05-14 19:28 - 2014-05-14 19:28 - 00002102 _____ () C:\sc-cleaner.txt
2014-05-14 19:27 - 2014-05-14 19:27 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\vlad\Downloads\sc-cleaner.exe
2014-05-14 18:30 - 2014-05-17 20:32 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock2Steam
2014-05-14 18:30 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock2
2014-05-12 19:55 - 2014-05-12 19:55 - 00000216 _____ () C:\Users\vlad\Desktop\The Plan.url
2014-05-11 20:27 - 2014-05-11 20:29 - 00000000 ____D () C:\Program Files\MSR
2014-05-11 20:27 - 2014-05-11 20:27 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\InetStat
2014-05-11 20:26 - 2014-05-11 20:26 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Wise
2014-05-09 23:43 - 2014-05-14 18:25 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock
2014-05-09 23:43 - 2014-05-09 23:48 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock
2014-05-09 23:42 - 2014-05-09 23:43 - 00123394 _____ () C:\Windows\DirectX.log
2014-05-09 20:53 - 2014-05-18 18:30 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock Infinite.url
2014-05-09 20:53 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock 2.url
2014-05-09 20:52 - 2014-05-09 20:52 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock.url
2014-05-09 20:46 - 2014-05-09 20:46 - 00000216 _____ () C:\Users\vlad\Desktop\POSTAL 2.url
2014-04-28 18:14 - 2014-04-28 18:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\CrashRpt
2014-04-24 13:06 - 2014-04-24 13:06 - 00000216 _____ () C:\Users\vlad\Desktop\Red Orchestra 2 Heroes of Stalingrad - Single Player.url
2014-04-24 13:06 - 2014-04-24 13:06 - 00000215 _____ () C:\Users\vlad\Desktop\Rising StormRed Orchestra 2 Multiplayer.url
2014-04-22 04:48 - 2014-04-22 04:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-22 04:48 - 2014-04-22 04:48 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys

==================== One Month Modified Files and Folders =======

2014-05-19 14:20 - 2014-05-19 14:20 - 00012605 _____ () C:\Users\vlad\Desktop\FRST.txt
2014-05-19 14:20 - 2014-05-19 14:20 - 00000000 ____D () C:\FRST
2014-05-19 14:18 - 2014-05-19 14:18 - 01056768 _____ (Farbar) C:\Users\vlad\Desktop\FRST.exe
2014-05-19 14:17 - 2014-05-19 14:16 - 00000470 _____ () C:\Users\vlad\Downloads\defogger_disable.log
2014-05-19 14:16 - 2014-05-19 14:16 - 00000000 _____ () C:\Users\vlad\defogger_reenable
2014-05-19 14:16 - 2013-10-13 12:53 - 00000000 ____D () C:\Users\vlad
2014-05-19 14:15 - 2014-05-19 14:15 - 00050477 _____ () C:\Users\vlad\Downloads\Defogger.exe
2014-05-19 14:15 - 2013-10-14 15:13 - 00001420 _____ () C:\Users\vlad\Desktop\Notizen.txt
2014-05-19 14:08 - 2013-10-14 15:27 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Skype
2014-05-19 14:03 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-19 14:03 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-19 13:58 - 2014-05-14 19:55 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 13:57 - 2013-11-03 11:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-19 13:55 - 2014-03-29 12:54 - 00015485 _____ () C:\Windows\setupact.log
2014-05-19 13:55 - 2013-12-07 16:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-19 13:55 - 2013-10-14 15:32 - 00000000 ____D () C:\Program Files\Steam
2014-05-19 13:55 - 2013-10-13 13:41 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-19 13:55 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-19 13:50 - 2013-10-14 21:11 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Spotify
2014-05-18 22:35 - 2013-10-13 13:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-18 21:24 - 2014-02-22 21:30 - 00000374 _____ () C:\Windows\Tasks\update-sys.job
2014-05-18 20:26 - 2014-02-22 21:30 - 00000374 _____ () C:\Windows\Tasks\update-S-1-5-21-4018679884-465560905-3469409432-1000.job
2014-05-18 19:03 - 2013-10-14 15:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\.minecraft
2014-05-18 18:30 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock Infinite.url
2014-05-17 20:32 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock2Steam
2014-05-17 16:29 - 2014-05-17 16:29 - 00529265 _____ () C:\Users\vlad\Downloads\epsxe170.zip
2014-05-17 16:20 - 2014-05-17 16:20 - 00000215 _____ () C:\Users\vlad\Desktop\Arma Cold War Assault.url
2014-05-17 12:18 - 2014-05-17 12:18 - 00000000 ____D () C:\Program Files\ESET
2014-05-16 22:51 - 2013-12-02 14:08 - 00000000 ____D () C:\ProgramData\ProductData
2014-05-16 17:07 - 2013-10-14 21:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\Spotify
2014-05-15 20:57 - 2014-05-15 20:57 - 00000216 _____ () C:\Users\vlad\Desktop\BattleBlock Theater.url
2014-05-15 15:01 - 2014-03-29 12:53 - 00012994 _____ () C:\Windows\PFRO.log
2014-05-15 14:32 - 2013-10-13 12:52 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-15 14:09 - 2014-05-15 07:12 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-15 14:07 - 2013-10-14 15:48 - 00000000 ____D () C:\Users\vlad\Desktop\Zeug
2014-05-15 14:00 - 2014-05-15 14:00 - 01141680 _____ () C:\Users\vlad\Downloads\SteamSetup.exe
2014-05-15 13:47 - 2013-12-28 19:17 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 13:47 - 2013-10-13 13:18 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 13:47 - 2013-10-13 13:18 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 07:17 - 2013-10-13 12:26 - 01766109 _____ () C:\Windows\WindowsUpdate.log
2014-05-15 07:16 - 2013-10-14 16:06 - 00002551 _____ () C:\Users\Public\Desktop\Free System Utilities.lnk
2014-05-15 07:11 - 2013-10-13 13:08 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\DRPSu
2014-05-15 06:43 - 2013-10-13 12:55 - 00001435 _____ () C:\Users\vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-15 06:39 - 2013-10-13 13:42 - 00002109 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-14 23:04 - 2014-05-14 23:04 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu (1).exe
2014-05-14 22:44 - 2014-05-14 19:39 - 00000000 ____D () C:\AdwCleaner
2014-05-14 22:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\TAPI
2014-05-14 20:42 - 2014-05-14 20:42 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu.exe
2014-05-14 20:39 - 2014-05-14 20:39 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-05-14 20:34 - 2014-05-14 20:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\vlad\Downloads\revosetup.exe
2014-05-14 20:34 - 2014-05-14 20:34 - 00001222 _____ () C:\Users\vlad\Downloads\Revo Uninstaller.lnk
2014-05-14 20:34 - 2014-05-14 20:34 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-14 20:23 - 2014-05-14 20:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-14 20:13 - 2014-05-14 20:13 - 10094400 _____ (SurfRight B.V.) C:\Users\vlad\Downloads\HitmanPro.exe
2014-05-14 19:55 - 2014-05-14 19:55 - 00001060 _____ () C:\Users\vlad\Downloads\ Malwarebytes Anti-Malware .lnk
2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-14 19:53 - 2014-05-14 19:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-14 19:47 - 2014-05-14 19:47 - 01016261 _____ (Thisisu) C:\Users\vlad\Downloads\JRT (1).exe
2014-05-14 19:47 - 2014-05-14 19:47 - 00000000 ____D () C:\Windows\ERUNT
2014-05-14 19:46 - 2014-05-14 19:46 - 01016261 _____ (Thisisu) C:\Users\vlad\Downloads\JRT.exe
2014-05-14 19:30 - 2014-05-14 19:30 - 01325827 _____ () C:\Users\vlad\Downloads\adwcleaner_3.208.exe
2014-05-14 19:28 - 2014-05-14 19:28 - 00002102 _____ () C:\sc-cleaner.txt
2014-05-14 19:27 - 2014-05-14 19:27 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\vlad\Downloads\sc-cleaner.exe
2014-05-14 18:30 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock2
2014-05-14 18:25 - 2014-05-09 23:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock
2014-05-14 13:58 - 2013-11-03 11:40 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 13:58 - 2013-10-13 12:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 21:56 - 2013-10-14 15:39 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\vlc
2014-05-12 19:55 - 2014-05-12 19:55 - 00000216 _____ () C:\Users\vlad\Desktop\The Plan.url
2014-05-12 14:58 - 2013-10-13 12:56 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-12 14:58 - 2013-10-13 12:56 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-11 21:19 - 2013-10-14 23:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Hamachi
2014-05-11 20:32 - 2013-12-02 16:31 - 00000000 ____D () C:\Users\vlad\Desktop\ROM's
2014-05-11 20:29 - 2014-05-11 20:27 - 00000000 ____D () C:\Program Files\MSR
2014-05-11 20:27 - 2014-05-11 20:27 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\InetStat
2014-05-11 20:26 - 2014-05-11 20:26 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Wise
2014-05-11 20:09 - 2013-10-13 13:45 - 00000000 ____D () C:\Users\vlad\Desktop\Hintergrundbilder
2014-05-10 12:28 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-09 23:48 - 2014-05-09 23:43 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock
2014-05-09 23:43 - 2014-05-09 23:42 - 00123394 _____ () C:\Windows\DirectX.log
2014-05-09 20:53 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock 2.url
2014-05-09 20:52 - 2014-05-09 20:52 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock.url
2014-05-09 20:46 - 2014-05-09 20:46 - 00000216 _____ () C:\Users\vlad\Desktop\POSTAL 2.url
2014-05-03 15:08 - 2013-10-14 15:48 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\ftblauncher
2014-05-03 15:08 - 2013-10-14 15:46 - 04588972 _____ () C:\Users\vlad\Desktop\Feed the Beast.exe
2014-05-01 21:13 - 2013-10-14 15:56 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\.technic
2014-05-01 18:23 - 2013-10-22 15:52 - 00000000 ____D () C:\Users\vlad\Desktop\Server
2014-05-01 18:21 - 2013-10-14 15:48 - 02346942 _____ () C:\Users\vlad\Desktop\Tekkit.exe
2014-04-28 18:14 - 2014-04-28 18:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\CrashRpt
2014-04-28 18:13 - 2013-10-14 18:33 - 00000000 ____D () C:\Users\vlad\Documents\My Games
2014-04-25 21:35 - 2013-10-14 15:32 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-04-24 13:06 - 2014-04-24 13:06 - 00000216 _____ () C:\Users\vlad\Desktop\Red Orchestra 2 Heroes of Stalingrad - Single Player.url
2014-04-24 13:06 - 2014-04-24 13:06 - 00000215 _____ () C:\Users\vlad\Desktop\Rising StormRed Orchestra 2 Multiplayer.url
2014-04-22 20:20 - 2013-10-15 20:14 - 00000000 ____D () C:\Riot Games
2014-04-22 04:48 - 2014-04-22 04:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-22 04:48 - 2014-04-22 04:48 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-22 04:48 - 2013-10-13 13:18 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400154447337
2014-04-22 04:48 - 2013-10-13 13:18 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400154447337
2014-04-22 04:48 - 2013-10-13 13:18 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-22 04:48 - 2013-10-13 13:18 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-22 04:48 - 2013-10-13 13:18 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-22 04:48 - 2013-10-13 13:18 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-22 04:48 - 2013-10-13 13:18 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-22 04:48 - 2013-10-13 13:18 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

Some content of TEMP:
====================
C:\Users\vlad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7tahgf.dll
C:\Users\vlad\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2011-07-26 01:49] - [2011-07-26 01:49] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746

C:\Windows\system32\winlogon.exe
[2011-08-15 16:45] - [2011-08-15 16:45] - 0286720 ____A (Microsoft Corporation) 58AACDEE236690C090A86B5A34EC4B77

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe
[2011-07-26 01:46] - [2011-07-26 01:46] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000

C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2011-07-26 01:07] - [2011-07-26 01:07] - 0376832 ____A (Microsoft Corporation) FAFD0AE107BF665CB457608831814B0C

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\system32\Drivers\volsnap.sys
[2011-07-26 02:14] - [2011-07-26 02:14] - 0246144 ____A (Microsoft Corporation) C2232C62CD2E44E40CDADD00BBCFE366



LastRegBack: 2014-05-03 13:59

==================== End Of Log ============================
         
--- --- ---





Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-19 14:48:25
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721010DLE630 rev.MS2OA610 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\vlad\AppData\Local\Temp\kxldypob.sys


---- System - GMER 2.1 ----

SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwAddBootEntry [0xCF226AA0]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwAssignProcessToJobObject [0xCF22757E]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwCreateEvent [0xCF2335C8]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwCreateEventPair [0xCF233614]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwCreateIoCompletion [0xCF2337AE]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwCreateMutant [0xCF233536]
SSDT      \SystemRoot\system32\drivers\aswSP.sys                                                                                  ZwCreateSection [0xCF2DD6D2]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwCreateSemaphore [0xCF23357E]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwCreateThread [0xCF227AB4]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwCreateThreadEx [0xCF227CD0]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwCreateTimer [0xCF233768]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwDebugActiveProcess [0xCF22836C]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwDeleteBootEntry [0xCF226B06]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwDuplicateObject [0xCF22BB40]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwLoadDriver [0xCF2266F2]
SSDT      \SystemRoot\system32\drivers\aswSP.sys                                                                                  ZwMapViewOfSection [0xCF2DD7B2]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwModifyBootEntry [0xCF226B6C]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwNotifyChangeKey [0xCF22BF36]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwNotifyChangeMultipleKeys [0xCF228E54]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwOpenEvent [0xCF2335F2]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwOpenEventPair [0xCF233636]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwOpenIoCompletion [0xCF2337D2]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwOpenMutant [0xCF23355C]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwOpenProcess [0xCF22B43A]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwOpenSection [0xCF2336E6]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwOpenSemaphore [0xCF2335A6]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwOpenThread [0xCF22B822]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwOpenTimer [0xCF23378C]
SSDT      \SystemRoot\system32\drivers\aswSP.sys                                                                                  ZwProtectVirtualMemory [0xCF2DD556]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwQueryObject [0xCF228CC8]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwQueueApcThreadEx [0xCF2289D6]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwSetBootEntryOrder [0xCF226BD2]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwSetBootOptions [0xCF226C38]
SSDT      \SystemRoot\system32\drivers\aswSP.sys                                                                                  ZwSetContextThread [0xCF2DD8AE]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwSetSystemInformation [0xCF22678C]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwSetSystemPowerState [0xCF22695E]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwShutdownSystem [0xCF2268EC]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwSuspendProcess [0xCF228536]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwSuspendThread [0xCF228698]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwSystemDebugControl [0xCF2269E6]
SSDT      \SystemRoot\system32\drivers\aswSP.sys                                                                                  ZwTerminateProcess [0xCF2DD624]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwTerminateThread [0xCF2281C6]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwVdmControl [0xCF226C9E]
SSDT      \SystemRoot\system32\drivers\aswSnx.sys                                                                                 ZwWriteVirtualMemory [0xCF2275DA]

INT 0x51  ?                                                                                                                       C40FBA58
INT 0x52  ?                                                                                                                       C40607D8
INT 0x61  ?                                                                                                                       C40FB558
INT 0x62  ?                                                                                                                       C2FA7058
INT 0x72  ?                                                                                                                       C2FA72D8
INT 0x82  ?                                                                                                                       C2FA77D8
INT 0x92  ?                                                                                                                       C2FA7558
INT 0xA2  ?                                                                                                                       C4060CD8
INT 0xB1  ?                                                                                                                       C2FA7CD8
INT 0xB2  ?                                                                                                                       C4060558

---- Kernel code sections - GMER 2.1 ----

.text     ntkrnlpa.exe!ZwRollbackComplete + 1441                                                                                  E303FE95 1 Byte  [06]
.text     ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                  E3079522 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text     ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                                     E3080760 4 Bytes  [A0, 6A, 22, CF]
.text     ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                                     E30807E8 4 Bytes  [7E, 75, 22, CF] {JLE 0x77; AND CL, BH}
.text     ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                                     E308083C 8 Bytes  [C8, 35, 23, CF, 14, 36, 23, ...] {ENTER 0x2335, 0xcf; ADC AL, 0x36; AND ECX, EDI}
.text     ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                                     E3080848 4 Bytes  [AE, 37, 23, CF] {SCASB ; AAA ; AND ECX, EDI}
.text     ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                                                     E3080864 4 Bytes  [36, 35, 23, CF]
.text     ...                                                                                                                     
PAGE      ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                                             E323C87F 4 Bytes  CALL CF229517 \SystemRoot\system32\drivers\aswSnx.sys
PAGE      ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                                            E32565DD 4 Bytes  CALL CF22952D \SystemRoot\system32\drivers\aswSnx.sys

---- User code sections - GMER 2.1 ----

.text     C:\Windows\system32\csrss.exe[492] kernel32.dll!GetBinaryTypeW + 70                                                     76B969E4 1 Byte  [62]
.text     C:\Windows\system32\svchost.exe[568] kernel32.dll!GetBinaryTypeW + 70                                                   76B969E4 1 Byte  [62]
.text     C:\Windows\system32\wininit.exe[572] kernel32.dll!GetBinaryTypeW + 70                                                   76B969E4 1 Byte  [62]
.text     C:\Windows\system32\csrss.exe[580] kernel32.dll!GetBinaryTypeW + 70                                                     76B969E4 1 Byte  [62]
.text     C:\Windows\system32\services.exe[620] kernel32.dll!GetBinaryTypeW + 70                                                  76B969E4 1 Byte  [62]
.text     ...                                                                                                                     
.text     C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1552] kernel32.dll!SetUnhandledExceptionFilter                       76B7F4EB 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text     C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1552] kernel32.dll!GetBinaryTypeW + 70                               76B969E4 1 Byte  [62]
.text     C:\Windows\system32\Dwm.exe[1756] kernel32.dll!GetBinaryTypeW + 70                                                      76B969E4 1 Byte  [62]
.text     C:\Windows\Explorer.EXE[1784] kernel32.dll!GetBinaryTypeW + 70                                                          76B969E4 1 Byte  [62]
.text     C:\Windows\System32\spoolsv.exe[1924] kernel32.dll!GetBinaryTypeW + 70                                                  76B969E4 1 Byte  [62]
.text     C:\Windows\system32\taskhost.exe[1936] kernel32.dll!GetBinaryTypeW + 70                                                 76B969E4 1 Byte  [62]
.text     ...                                                                                                                     
.text     C:\Program Files\AVAST Software\Avast\AvastUI.exe[2112] kernel32.dll!SetUnhandledExceptionFilter                        76B7F4EB 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text     C:\Program Files\AVAST Software\Avast\AvastUI.exe[2112] kernel32.dll!GetBinaryTypeW + 70                                76B969E4 1 Byte  [62]
.text     C:\Windows\System32\rundll32.exe[2140] kernel32.dll!GetBinaryTypeW + 70                                                 76B969E4 1 Byte  [62]
.text     C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe[2156] kernel32.dll!GetBinaryTypeW + 70                    76B969E4 1 Byte  [62]
.text     C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe[2376] kernel32.dll!GetBinaryTypeW + 70                       76B969E4 1 Byte  [62]
.text     C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe[2460] kernel32.dll!GetBinaryTypeW + 70              76B969E4 1 Byte  [62]
.text     ...                                                                                                                     

---- Registry - GMER 2.1 ----

Reg       HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{0991CE64-33F1-11E3-A25E-806E6F6E6963}  3290915520
Reg       HKLM\SOFTWARE\Classes\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32@                                       %SystemRoot%\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}

---- EOF - GMER 2.1 ----
         




Code:
ATTFilter
<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2014/05/14 20:06:40 +0200</date>

<log>mbam-log-2014-05-14 (19-56-54).xml</log>

<isadmin>yes</isadmin>

</header>


-<engine>

<version>2.00.1.1004</version>

<rules-database>v2014.05.14.08</rules-database>

<swissarmy-database>v2014.03.27.01</swissarmy-database>

<license>trial</license>

<file-protection>enabled</file-protection>

<web-protection>enabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x86</arch>

<username>vlad</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>threat</type>

<result>completed</result>

<objects>236753</objects>

<time>583</time>

<processes>0</processes>

<modules>0</modules>

<keys>2</keys>

<values>0</values>

<datas>0</datas>

<folders>0</folders>

<files>3</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>disabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<shuriken>enabled</shuriken>

<pup>enabled</pup>

<pum>enabled</pum>

</options>


-<items>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path>

<vendor>PUP.Optional.SupTab.A</vendor>

<action>success</action>

<hash>ada30d44295293a3075868bf59a96e92</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\Plus-HD-3.8</path>

<vendor>PUP.Optional.PlusHD.A</vendor>

<action>success</action>

<hash>86cace83166593a361c30c90ea18a759</hash>

</key>


-<file>

<path>C:\$Recycle.Bin\S-1-5-21-4018679884-465560905-3469409432-1000\$R1JS5TN.exe</path>

<vendor>PUP.Optional.OutBrowse</vendor>

<action>success</action>

<hash>ea66aba6d2a9340256fcde9bc73a669a</hash>

</file>


-<file>

<path>C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage</path>

<vendor>PUP.Optional.Superfish.A</vendor>

<action>success</action>

<hash>81cf18392c4fac8a62a4552b847e45bb</hash>

</file>


-<file>

<path>C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Preferences</path>

<vendor>PUP.Optional.V9.A</vendor>

<action>replaced</action>

<baddata> "startup_urls": [ "https://www.google.de/", "hxxp://www.v9.com/?type=hppp&ts=1400067628&from=irs&uid=HitachiXHDS721010DLE630_MSE523RP09LKLH09LKLHX&i=psd&t=342815dbc" ],</baddata>

<gooddata/>

<hash>30203d14e39869cd162ce1945aaa8a76</hash>

</file>

</items>

</mbam-log>
         
__________________

Alt 19.05.2014, 16:28   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adds und Pop-Ups in Browsern und Steam - Standard

Adds und Pop-Ups in Browsern und Steam



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.05.2014, 17:10   #5
Vlad
 
Adds und Pop-Ups in Browsern und Steam - Standard

Adds und Pop-Ups in Browsern und Steam



Code:
ATTFilter
ComboFix 14-05-19.01 - vlad 19.05.2014  16:46:58.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3198.1783 [GMT 2:00]
ausgeführt von:: c:\users\vlad\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\MICROSOFT
c:\windows\MICROSOFT\SystemUpdatekb70007\Installer.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\InstallerLibrary.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\Newtonsoft.Json.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\SQLite.Interop.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\System.Data.SQLite.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\win32.reg
c:\windows\MICROSOFT\SystemUpdatekb70007\WindowsUpdater.exe
c:\windows\system32\SET135A.tmp
c:\windows\system32\SET1639.tmp
c:\windows\system32\SETBC4.tmp
c:\windows\system32\SETFF02.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SystemUpdatekb70007
-------\Service_SystemUpdatekb70007
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-19 bis 2014-05-19  ))))))))))))))))))))))))))))))
.
.
2014-05-19 14:58 . 2014-05-19 14:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-19 13:14 . 2014-05-19 13:14	--------	d-----w-	c:\program files\7-Zip
2014-05-19 12:58 . 2014-05-19 12:58	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DEAB06BB-863E-461B-8945-E826172865E0}\offreg.dll
2014-05-19 12:20 . 2014-05-19 12:21	--------	d-----w-	C:\FRST
2014-05-17 10:18 . 2014-05-17 10:18	--------	d-----w-	c:\program files\ESET
2014-05-14 18:34 . 2014-05-14 18:34	--------	d-----w-	c:\program files\VS Revo Group
2014-05-14 18:14 . 2014-05-14 18:23	--------	d-----w-	c:\programdata\HitmanPro
2014-05-14 17:55 . 2014-05-19 15:01	107736	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-14 17:54 . 2014-05-14 17:54	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2014-05-14 17:54 . 2014-05-14 17:54	--------	d-----w-	c:\programdata\Malwarebytes
2014-05-14 17:54 . 2014-04-03 07:51	51416	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-05-14 17:54 . 2014-04-03 07:51	73432	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-05-14 17:54 . 2014-04-03 07:50	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-05-14 17:47 . 2014-05-14 17:47	--------	d-----w-	c:\windows\ERUNT
2014-05-14 17:40 . 2010-08-30 06:34	536576	----a-w-	c:\windows\system32\sqlite3.dll
2014-05-14 17:39 . 2014-05-14 20:44	--------	d-----w-	C:\AdwCleaner
2014-05-11 18:27 . 2014-05-11 18:29	--------	d-----w-	c:\program files\MSR
2014-05-11 18:27 . 2014-05-11 18:27	--------	d-----w-	c:\users\vlad\AppData\Roaming\InetStat
2014-05-11 18:26 . 2014-05-11 18:26	--------	d-----w-	c:\users\vlad\AppData\Roaming\Wise
2014-05-09 21:43 . 2014-05-14 16:25	--------	d-----w-	c:\users\vlad\AppData\Roaming\Bioshock
2014-04-28 16:14 . 2014-04-28 16:14	--------	d-----w-	c:\users\vlad\AppData\Local\CrashRpt
2014-04-22 02:48 . 2014-04-22 02:48	24184	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-04-22 02:48 . 2014-04-22 02:48	43152	----a-w-	c:\windows\avastSS.scr
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 11:47 . 2013-12-28 17:17	68312	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-05-15 11:47 . 2013-10-13 11:18	411680	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-05-15 11:47 . 2013-10-13 11:18	777488	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-05-14 11:58 . 2013-11-03 09:40	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-05-14 11:58 . 2013-10-13 10:53	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-22 02:48 . 2013-10-13 11:18	411552	----a-w-	c:\windows\system32\drivers\aswsp.sys.1400154447337
2014-04-22 02:48 . 2013-10-13 11:18	81768	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-04-22 02:48 . 2013-10-13 11:18	776976	----a-w-	c:\windows\system32\drivers\aswsnx.sys.1400154447337
2014-04-22 02:48 . 2013-10-13 11:18	180632	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-04-22 02:48 . 2013-10-13 11:18	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-04-22 02:48 . 2013-10-13 11:18	67824	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-04-22 02:48 . 2013-10-13 11:18	271264	----a-w-	c:\windows\system32\aswBoot.exe
2014-04-16 12:06 . 2014-04-16 12:06	3017112	----a-w-	c:\windows\system32\drivers\RTKVHDA.sys
2014-04-16 12:06 . 2014-04-16 12:06	1823320	----a-w-	c:\windows\system32\WavesGUILib.dll
2014-04-16 12:06 . 2014-04-16 12:06	915160	----a-w-	c:\windows\system32\RtkCoInstII.dll
2014-04-16 12:06 . 2014-04-16 12:06	782040	----a-w-	c:\windows\system32\RtkApoApi.dll
2014-04-16 12:06 . 2014-04-16 12:06	56270336	----a-w-	c:\windows\system32\RCoRes.dat
2014-04-16 12:06 . 2014-04-16 12:06	2467544	----a-w-	c:\windows\system32\RtkAPO.dll
2014-04-16 12:06 . 2014-04-16 12:06	948336	----a-w-	c:\windows\system32\MaxxSpeechAPO.dll
2014-04-16 12:06 . 2014-04-16 12:06	785520	----a-w-	c:\windows\system32\MaxxVoiceAPO20.dll
2014-04-16 12:06 . 2014-04-16 12:06	3650136	----a-w-	c:\windows\system32\MaxxAudioVnN.dll
2014-04-16 12:06 . 2014-04-16 12:06	28031576	----a-w-	c:\windows\system32\MaxxAudioVnA.dll
2014-04-16 12:06 . 2014-04-16 12:06	11736152	----a-w-	c:\windows\system32\MaxxVoiceAPO30.dll
2014-04-16 12:06 . 2014-04-16 12:06	1687128	----a-w-	c:\windows\system32\MaxxAudioRealtek2.dll
2014-04-16 12:06 . 2014-04-16 12:06	874584	----a-w-	c:\windows\system32\MaxxAudioAPOShell.dll
2014-04-16 12:06 . 2014-04-16 12:06	1936472	----a-w-	c:\windows\system32\MaxxAudioEQ.dll
2014-04-16 12:06 . 2014-04-16 12:06	14463064	----a-w-	c:\windows\system32\MaxxAudioRealtek.dll
2014-04-16 12:06 . 2014-04-16 12:06	1266776	----a-w-	c:\windows\system32\MaxxAudioAPO60.dll
2014-04-16 12:06 . 2014-04-16 12:06	1143408	----a-w-	c:\windows\system32\MaxxAudioAPO50.dll
2014-04-16 12:06 . 2014-04-16 12:06	1143408	----a-w-	c:\windows\system32\MaxxAudioAPO40.dll
2014-04-16 12:06 . 2014-04-16 12:06	2421792	----a-w-	c:\windows\system32\FMAPO.dll
2014-04-16 12:05 . 2014-04-16 12:05	76872	----a-w-	c:\windows\system32\RtNicProp32.dll
2014-04-16 12:05 . 2014-04-16 12:05	693464	----a-w-	c:\windows\system32\drivers\Rt86win7.sys
2014-04-16 12:05 . 2011-07-26 17:19	100896	----a-w-	c:\windows\system32\RTNUninst32.dll
2014-04-06 15:36 . 2014-04-06 15:36	606968	----a-w-	c:\windows\system32\sltech32.dll
2014-04-06 15:36 . 2014-04-06 15:36	219896	----a-w-	c:\windows\system32\slprp32.dll
2014-04-06 15:36 . 2014-04-06 15:36	964856	----a-w-	c:\windows\system32\slcnt32.dll
2014-04-06 15:36 . 2014-04-06 15:36	827128	----a-w-	c:\windows\system32\sl3apo32.dll
2014-04-06 15:36 . 2014-04-06 15:36	2559192	----a-w-	c:\windows\system32\RtkPgExt.dll
2014-04-06 15:36 . 2014-04-06 15:36	890160	----a-w-	c:\windows\system32\NAHIMICAPOSettingsIPC.dll
2014-04-06 15:36 . 2014-04-06 15:36	5088008	----a-w-	c:\windows\system32\NAHIMICAPOlfx.dll
2014-04-02 13:27 . 2014-01-23 14:20	1081112	----a-w-	c:\windows\system32\nvspcap.dll
2014-03-29 10:43 . 2014-03-29 10:43	646144	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-29 10:43 . 2014-03-29 10:43	61952	----a-w-	c:\windows\system32\iesetup.dll
2014-03-29 10:43 . 2014-03-29 10:43	553472	----a-w-	c:\windows\system32\jscript9diag.dll
2014-03-29 10:43 . 2014-03-29 10:43	51200	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-03-29 10:43 . 2014-03-29 10:43	4244480	----a-w-	c:\windows\system32\jscript9.dll
2014-03-29 10:43 . 2014-03-29 10:43	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-03-29 10:43 . 2014-03-29 10:43	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-03-29 10:43 . 2014-03-29 10:43	1964032	----a-w-	c:\windows\system32\inetcpl.cpl
2014-03-29 10:43 . 2014-03-29 10:43	1820160	----a-w-	c:\windows\system32\wininet.dll
2014-03-29 10:43 . 2014-03-29 10:43	112128	----a-w-	c:\windows\system32\ieUnatt.exe
2014-03-29 10:43 . 2014-03-29 10:43	108032	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-03-29 10:42 . 2014-03-29 10:42	509440	----a-w-	c:\windows\system32\qedit.dll
2014-03-29 10:42 . 2014-03-29 10:42	2357760	----a-w-	c:\windows\system32\win32k.sys
2014-03-29 10:42 . 2014-03-29 10:42	381440	----a-w-	c:\windows\system32\wer.dll
2014-03-29 10:42 . 2014-03-29 10:42	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-03-29 10:41 . 2014-03-29 10:41	185344	----a-w-	c:\windows\system32\wwansvc.dll
2014-03-21 19:43 . 2014-04-08 13:20	34080	----a-w-	c:\windows\system32\drivers\nvvad32v.sys
2014-03-21 19:43 . 2014-01-23 14:19	33568	----a-w-	c:\windows\system32\nvaudcap32v.dll
2014-03-04 14:29 . 2014-03-10 19:09	9690424	----a-w-	c:\windows\system32\nvopencl.dll
2014-03-04 14:29 . 2014-03-10 19:09	865224	----a-w-	c:\windows\system32\NvIFR.dll
2014-03-04 14:29 . 2014-03-10 19:09	847136	----a-w-	c:\windows\system32\NvFBC.dll
2014-03-04 14:29 . 2014-03-10 19:09	409544	----a-w-	c:\windows\system32\nvEncodeAPI.dll
2014-03-04 14:29 . 2014-03-10 19:09	334792	----a-w-	c:\windows\system32\NvIFROpenGL.dll
2014-03-04 14:29 . 2014-03-10 19:09	305600	----a-w-	c:\windows\system32\nvoglshim32.dll
2014-03-04 14:29 . 2014-03-10 19:09	23716640	----a-w-	c:\windows\system32\nvoglv32.dll
2014-03-04 14:29 . 2014-03-10 19:09	148016	----a-w-	c:\windows\system32\nvinit.dll
2014-03-04 14:29 . 2014-03-10 19:09	10523480	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2014-03-04 14:29 . 2014-03-10 19:09	9728064	----a-w-	c:\windows\system32\nvcuda.dll
2014-03-04 14:29 . 2014-03-10 19:09	894296	----a-w-	c:\windows\system32\nvdispgenco3233523.dll
2014-03-04 14:29 . 2014-03-10 19:09	2956632	----a-w-	c:\windows\system32\nvcuvid.dll
2014-03-04 14:29 . 2014-03-10 19:09	2411976	----a-w-	c:\windows\system32\nvcuvenc.dll
2014-03-04 14:29 . 2014-03-10 19:09	1049888	----a-w-	c:\windows\system32\nvdispco3233523.dll
2014-03-04 14:29 . 2014-03-10 19:09	17559384	----a-w-	c:\windows\system32\nvcompiler.dll
2014-03-04 14:29 . 2013-12-07 14:38	832936	----a-w-	c:\windows\system32\nvumdshim.dll
2014-03-04 14:29 . 2013-12-07 14:38	15783992	----a-w-	c:\windows\system32\nvwgf2um.dll
2014-03-04 14:29 . 2013-12-07 14:38	14709720	----a-w-	c:\windows\system32\nvd3dum.dll
2014-03-04 14:29 . 2013-12-07 14:38	2715264	----a-w-	c:\windows\system32\nvapi.dll
2014-03-04 12:34 . 2013-12-07 14:39	4348704	----a-w-	c:\windows\system32\nvcpl.dll
2014-03-04 12:34 . 2013-12-07 14:39	3044696	----a-w-	c:\windows\system32\nvsvc.dll
2014-03-04 12:34 . 2013-12-07 14:39	663896	----a-w-	c:\windows\system32\nvvsvc.exe
2014-03-04 12:34 . 2013-12-07 14:39	62752	----a-w-	c:\windows\system32\nvshext.dll
2014-03-04 12:34 . 2013-12-07 14:39	2556360	----a-w-	c:\windows\system32\nvsvcr.dll
2014-03-04 12:34 . 2013-12-07 14:39	375128	----a-w-	c:\windows\system32\nvmctray.dll
2014-03-04 11:32 . 2014-03-10 19:15	599840	----a-w-	c:\windows\system32\nvStreaming.exe
2014-02-19 13:27 . 2014-02-19 13:27	1892056	----a-w-	c:\windows\system32\RTSndMgr.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-22 02:48	260976	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2014-04-23 1825984]
"Spotify Web Helper"="c:\users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-05-16 1176632]
"LightShot"="c:\users\vlad\AppData\Local\Skillbrains\lightshot\Lightshot.exe" [2014-03-06 226592]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2014-04-16 6667992]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-22 3873704]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-02 2201032]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-04-02 1081112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2013-10-14 625952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Overwolf]
2013-11-11 13:55	35256	----a-w-	c:\program files\Overwolf\Overwolf.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2014-05-16 15:06	6170168	----a-w-	c:\users\vlad\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-05-16 15:06	1176632	----a-w-	c:\users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16	254336	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2013-12-03 2151200]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2011-07-26 15768]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-29 108032]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 494368]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\Overwolf\OverwolfUpdater.exe [2013-11-11 18360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-12-02 14848]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2013-12-08 602216]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-07-25 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-12-02 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-12-02 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-12-02 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [2009-10-01 1515520]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-26 1343400]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-05-15 777488]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-05-15 411680]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-04-22 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-04-22 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-05-15 68312]
S2 MBAMScheduler;MBAMScheduler;c:\program files\ Malwarebytes Anti-Malware \mbamscheduler.exe [2014-04-03 1809720]
S2 MBAMService;MBAMService;c:\program files\ Malwarebytes Anti-Malware \mbamservice.exe [2014-04-03 857912]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-04-02 1615192]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-04-02 19405768]
S2 RzKLService;RzKLService;c:\program files\Razer\Razer Game Booster\RzKLService.exe [2013-11-22 105448]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-03-04 411936]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2012-10-25 57856]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-04-03 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-05-19 107736]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-04-03 51416]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-03-21 34080]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-04-16 693464]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-14 12:36	1077576	----a-w-	c:\program files\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-03 11:58]
.
2014-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-13 11:41]
.
2014-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-13 11:41]
.
2014-05-19 c:\windows\Tasks\update-S-1-5-21-4018679884-465560905-3469409432-1000.job
- c:\program files\Skillbrains\Updater\Updater.exe [2014-02-22 12:37]
.
2014-05-18 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2014-02-22 12:37]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118
FF - ProfilePath - c:\users\vlad\AppData\Roaming\Mozilla\Firefox\Profiles\l31jvc68.default-1400128695494\
FF - ExtSQL: 2014-04-22 04:48; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Cm106Sound - cm106.cpl
MSConfigStartUp-Advanced SystemCare 7 - c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe
MSConfigStartUp-DrvUpdater - c:\users\vlad\AppData\Roaming\DRPSu\DrvUpdater.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4018679884-465560905-3469409432-1000\Software\SecuROM\License information*]
"datasecu"=hex:58,28,08,6b,82,b6,e0,c9,f1,b2,53,bd,d6,49,e6,6f,bb,60,3d,39,6a,
   1d,43,de,d6,68,96,38,fb,16,c6,41,17,88,7e,5c,3d,ea,6a,fc,80,51,0b,3f,7d,a1,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\ Malwarebytes Anti-Malware \mbam.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\rundll32.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\users\vlad\AppData\Local\Skillbrains\lightshot\5.1.0.15\Lightshot.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Steam\SteamService.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-19  17:06:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-05-19 15:06
.
Vor Suchlauf: 10 Verzeichnis(se), 553.522.561.024 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 553.359.802.368 Bytes frei
.
- - End Of File - - A5AA71A72630AFD75B27AD7BBF2463B7
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 20.05.2014, 01:14   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adds und Pop-Ups in Browsern und Steam - Standard

Adds und Pop-Ups in Browsern und Steam



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
--> Adds und Pop-Ups in Browsern und Steam

Alt 20.05.2014, 14:20   #7
Vlad
 
Adds und Pop-Ups in Browsern und Steam - Standard

Adds und Pop-Ups in Browsern und Steam



Code:
ATTFilter
# AdwCleaner v3.210 - Bericht erstellt am 20/05/2014 um 14:00:26
# Aktualisiert 19/05/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : vlad - VLAD-PC
# Gestartet von : C:\Users\vlad\Desktop\adwcleaner_3.210.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\MSR
Ordner Gelöscht : C:\Users\vlad\AppData\Roaming\InetStat
Datei Gelöscht : C:\Windows\System32\Tasks\Freemium1ClickMaint

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B5B728B-C893-48CD-9612-C161319287B5}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B5B728B-C893-48CD-9612-C161319287B5}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\covus freemium gmbh

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\vlad\AppData\Roaming\Mozilla\Firefox\Profiles\l31jvc68.default-1400128695494\prefs.js ]


-\\ Google Chrome v34.0.1847.137

[ Datei : C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Startup_urls] : hxxp://www.v9.com/?type=hppp&ts=1400067628&from=irs&uid=HitachiXHDS721010DLE630_MSE523RP09LKLH09LKLHX&i=psd&t=342815dbc

*************************

AdwCleaner[R0].txt - [8769 octets] - [14/05/2014 19:39:30]
AdwCleaner[R1].txt - [386 octets] - [14/05/2014 20:40:40]
AdwCleaner[R2].txt - [1270 octets] - [14/05/2014 22:40:12]
AdwCleaner[R3].txt - [1918 octets] - [20/05/2014 13:58:48]
AdwCleaner[S0].txt - [8205 octets] - [14/05/2014 19:41:41]
AdwCleaner[S1].txt - [1331 octets] - [14/05/2014 22:44:25]
AdwCleaner[S2].txt - [1847 octets] - [20/05/2014 14:00:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1907 octets] ##########
         


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x86
Ran by vlad on 20.05.2014 at 14:08:45,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.05.2014 at 14:12:27,13
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014
Ran by vlad (administrator) on VLAD-PC on 20-05-2014 14:14:58
Running from C:\Users\vlad\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Spotify Ltd) C:\Users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Skillbrains) C:\Users\vlad\AppData\Local\Skillbrains\lightshot\5.1.0.15\Lightshot.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6667992 2014-04-16] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-22] (AVAST Software)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [1081112 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1825984 2014-04-24] (Valve Corporation)
HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Spotify Web Helper] => C:\Users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-16] (Spotify Ltd)
HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [LightShot] => C:\Users\vlad\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226592 2014-03-06] ()
HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\Users\vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled ()

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\vlad\AppData\Roaming\Mozilla\Firefox\Profiles\l31jvc68.default-1400128695494
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-13]

Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "https://www.google.de/",
			"hxxp://www.msn.com/?pc=AV01"
CHR Extension: (Google Docs) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-13]
CHR Extension: (Adblock Plus) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-12]
CHR Extension: (Google Wallet) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-13]
CHR Extension: (SiteBlock) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2014-05-12]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-22] (AVAST Software)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2011-07-26] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19405768 2014-04-02] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-11-11] (Overwolf Ltd)
R2 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)

==================== Drivers (Whitelisted) ====================

R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [57856 2012-10-25] (Alcor Micro, Corp.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-22] ()
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2013-10-14] (LogMeIn, Inc.)
S3 JRAID; C:\Windows\system32\drivers\jraid.sys [93096 2009-07-18] (JMicron Technology Corp.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30984 2013-01-03] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-21] (NVIDIA Corporation)
S3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1515520 2009-10-01] (C-Media Electronics Inc)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2011-07-26] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2011-07-26] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2011-07-26] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2011-07-26] (Microsoft Corporation)
S3 catchme; \??\C:\Users\vlad\AppData\Local\Temp\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-20 14:14 - 2014-05-20 14:14 - 00011620 _____ () C:\Users\vlad\Desktop\FRST.txt
2014-05-20 14:12 - 2014-05-20 14:12 - 00000767 _____ () C:\Users\vlad\Desktop\JRT.txt
2014-05-20 14:03 - 2014-05-20 14:03 - 00001987 _____ () C:\Users\vlad\Desktop\AdwCleaner[S2].txt
2014-05-20 13:58 - 2014-05-20 13:58 - 01326389 _____ () C:\Users\vlad\Desktop\adwcleaner_3.210.exe
2014-05-19 17:06 - 2014-05-19 17:06 - 00021770 _____ () C:\ComboFix.txt
2014-05-19 16:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-19 16:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-19 16:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-19 16:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-19 16:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-19 16:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-19 16:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-19 16:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-19 16:40 - 2014-05-19 17:06 - 00000000 ____D () C:\Qoobox
2014-05-19 16:39 - 2014-05-19 17:05 - 00000000 ____D () C:\Windows\erdnt
2014-05-19 15:14 - 2014-05-19 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-19 15:14 - 2014-05-19 15:14 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-19 15:13 - 2014-05-19 15:13 - 00961360 _____ (Chip Digital GmbH) C:\Users\vlad\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
2014-05-19 14:20 - 2014-05-20 14:14 - 00000000 ____D () C:\FRST
2014-05-19 14:18 - 2014-05-19 14:18 - 01056768 _____ (Farbar) C:\Users\vlad\Desktop\FRST.exe
2014-05-19 14:16 - 2014-05-19 14:16 - 00000000 _____ () C:\Users\vlad\defogger_reenable
2014-05-19 14:15 - 2014-05-19 14:15 - 00050477 _____ () C:\Users\vlad\Downloads\Defogger.exe
2014-05-17 16:29 - 2014-05-17 16:29 - 00529265 _____ () C:\Users\vlad\Downloads\epsxe170.zip
2014-05-17 16:20 - 2014-05-17 16:20 - 00000215 _____ () C:\Users\vlad\Desktop\Arma Cold War Assault.url
2014-05-17 12:18 - 2014-05-17 12:18 - 00000000 ____D () C:\Program Files\ESET
2014-05-15 20:57 - 2014-05-15 20:57 - 00000216 _____ () C:\Users\vlad\Desktop\BattleBlock Theater.url
2014-05-15 14:00 - 2014-05-15 14:00 - 01141680 _____ () C:\Users\vlad\Downloads\SteamSetup.exe
2014-05-15 07:12 - 2014-05-15 14:09 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-14 23:04 - 2014-05-14 23:04 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu (1).exe
2014-05-14 20:42 - 2014-05-14 20:42 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu.exe
2014-05-14 20:39 - 2014-05-14 20:39 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-05-14 20:34 - 2014-05-14 20:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\vlad\Downloads\revosetup.exe
2014-05-14 20:34 - 2014-05-14 20:34 - 00001222 _____ () C:\Users\vlad\Downloads\Revo Uninstaller.lnk
2014-05-14 20:34 - 2014-05-14 20:34 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-14 20:14 - 2014-05-14 20:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-14 20:13 - 2014-05-14 20:13 - 10094400 _____ (SurfRight B.V.) C:\Users\vlad\Downloads\HitmanPro.exe
2014-05-14 19:55 - 2014-05-20 14:08 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 19:55 - 2014-05-14 19:55 - 00001060 _____ () C:\Users\vlad\Downloads\ Malwarebytes Anti-Malware .lnk
2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-14 19:54 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-14 19:54 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-14 19:54 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-14 19:53 - 2014-05-14 19:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-14 19:47 - 2014-05-14 19:47 - 01016261 _____ (Thisisu) C:\Users\vlad\Downloads\JRT (1).exe
2014-05-14 19:47 - 2014-05-14 19:47 - 00000000 ____D () C:\Windows\ERUNT
2014-05-14 19:46 - 2014-05-14 19:46 - 01016261 _____ (Thisisu) C:\Users\vlad\Desktop\JRT.exe
2014-05-14 19:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-14 19:39 - 2014-05-20 14:00 - 00000000 ____D () C:\AdwCleaner
2014-05-14 19:28 - 2014-05-14 19:28 - 00002102 _____ () C:\sc-cleaner.txt
2014-05-14 19:27 - 2014-05-14 19:27 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\vlad\Downloads\sc-cleaner.exe
2014-05-14 18:30 - 2014-05-17 20:32 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock2Steam
2014-05-14 18:30 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock2
2014-05-12 19:55 - 2014-05-12 19:55 - 00000216 _____ () C:\Users\vlad\Desktop\The Plan.url
2014-05-11 20:26 - 2014-05-11 20:26 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Wise
2014-05-09 23:43 - 2014-05-14 18:25 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock
2014-05-09 23:43 - 2014-05-09 23:48 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock
2014-05-09 23:42 - 2014-05-09 23:43 - 00123394 _____ () C:\Windows\DirectX.log
2014-05-09 20:53 - 2014-05-18 18:30 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock Infinite.url
2014-05-09 20:53 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock 2.url
2014-05-09 20:52 - 2014-05-09 20:52 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock.url
2014-05-09 20:46 - 2014-05-09 20:46 - 00000216 _____ () C:\Users\vlad\Desktop\POSTAL 2.url
2014-04-28 18:14 - 2014-04-28 18:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\CrashRpt
2014-04-24 13:06 - 2014-05-19 19:01 - 00000216 _____ () C:\Users\vlad\Desktop\Red Orchestra 2 Heroes of Stalingrad - Single Player.url
2014-04-24 13:06 - 2014-04-24 13:06 - 00000215 _____ () C:\Users\vlad\Desktop\Rising StormRed Orchestra 2 Multiplayer.url
2014-04-22 04:48 - 2014-04-22 04:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-22 04:48 - 2014-04-22 04:48 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys

==================== One Month Modified Files and Folders =======

2014-05-20 14:15 - 2014-05-20 14:14 - 00011620 _____ () C:\Users\vlad\Desktop\FRST.txt
2014-05-20 14:14 - 2014-05-19 14:20 - 00000000 ____D () C:\FRST
2014-05-20 14:14 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-20 14:14 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-20 14:12 - 2014-05-20 14:12 - 00000767 _____ () C:\Users\vlad\Desktop\JRT.txt
2014-05-20 14:08 - 2014-05-14 19:55 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-20 14:08 - 2013-10-14 15:27 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Skype
2014-05-20 14:07 - 2014-03-29 12:54 - 00016157 _____ () C:\Windows\setupact.log
2014-05-20 14:07 - 2013-10-14 15:32 - 00000000 ____D () C:\Program Files\Steam
2014-05-20 14:07 - 2013-10-13 13:41 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-20 14:06 - 2013-12-07 16:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-20 14:06 - 2013-10-13 12:26 - 01778721 _____ () C:\Windows\WindowsUpdate.log
2014-05-20 14:06 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-20 14:03 - 2014-05-20 14:03 - 00001987 _____ () C:\Users\vlad\Desktop\AdwCleaner[S2].txt
2014-05-20 14:02 - 2014-03-29 12:53 - 00013844 _____ () C:\Windows\PFRO.log
2014-05-20 14:00 - 2014-05-14 19:39 - 00000000 ____D () C:\AdwCleaner
2014-05-20 13:58 - 2014-05-20 13:58 - 01326389 _____ () C:\Users\vlad\Desktop\adwcleaner_3.210.exe
2014-05-20 13:56 - 2013-11-03 11:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-19 22:42 - 2013-10-14 21:11 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Spotify
2014-05-19 22:35 - 2013-10-13 13:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-19 21:38 - 2013-10-14 23:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Hamachi
2014-05-19 21:24 - 2014-02-22 21:30 - 00000374 _____ () C:\Windows\Tasks\update-sys.job
2014-05-19 20:26 - 2014-02-22 21:30 - 00000374 _____ () C:\Windows\Tasks\update-S-1-5-21-4018679884-465560905-3469409432-1000.job
2014-05-19 19:01 - 2014-04-24 13:06 - 00000216 _____ () C:\Users\vlad\Desktop\Red Orchestra 2 Heroes of Stalingrad - Single Player.url
2014-05-19 17:48 - 2013-10-14 21:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\Spotify
2014-05-19 17:06 - 2014-05-19 17:06 - 00021770 _____ () C:\ComboFix.txt
2014-05-19 17:06 - 2014-05-19 16:40 - 00000000 ____D () C:\Qoobox
2014-05-19 17:06 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-05-19 17:06 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-05-19 17:05 - 2014-05-19 16:39 - 00000000 ____D () C:\Windows\erdnt
2014-05-19 17:01 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-05-19 16:59 - 2009-07-14 04:03 - 51380224 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-19 16:59 - 2009-07-14 04:03 - 19922944 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-19 16:59 - 2009-07-14 04:03 - 01835008 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-05-19 16:59 - 2009-07-14 04:03 - 00069632 _____ () C:\Windows\system32\config\SAM.bak
2014-05-19 16:59 - 2009-07-14 04:03 - 00028672 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-19 15:49 - 2013-10-14 15:13 - 00001502 _____ () C:\Users\vlad\Desktop\Notizen.txt
2014-05-19 15:14 - 2014-05-19 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-19 15:14 - 2014-05-19 15:14 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-19 15:13 - 2014-05-19 15:13 - 00961360 _____ (Chip Digital GmbH) C:\Users\vlad\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
2014-05-19 14:18 - 2014-05-19 14:18 - 01056768 _____ (Farbar) C:\Users\vlad\Desktop\FRST.exe
2014-05-19 14:16 - 2014-05-19 14:16 - 00000000 _____ () C:\Users\vlad\defogger_reenable
2014-05-19 14:16 - 2013-10-13 12:53 - 00000000 ____D () C:\Users\vlad
2014-05-19 14:15 - 2014-05-19 14:15 - 00050477 _____ () C:\Users\vlad\Downloads\Defogger.exe
2014-05-18 19:03 - 2013-10-14 15:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\.minecraft
2014-05-18 18:30 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock Infinite.url
2014-05-17 20:32 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock2Steam
2014-05-17 16:29 - 2014-05-17 16:29 - 00529265 _____ () C:\Users\vlad\Downloads\epsxe170.zip
2014-05-17 16:20 - 2014-05-17 16:20 - 00000215 _____ () C:\Users\vlad\Desktop\Arma Cold War Assault.url
2014-05-17 12:18 - 2014-05-17 12:18 - 00000000 ____D () C:\Program Files\ESET
2014-05-16 22:51 - 2013-12-02 14:08 - 00000000 ____D () C:\ProgramData\ProductData
2014-05-15 20:57 - 2014-05-15 20:57 - 00000216 _____ () C:\Users\vlad\Desktop\BattleBlock Theater.url
2014-05-15 14:32 - 2013-10-13 12:52 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-15 14:09 - 2014-05-15 07:12 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-15 14:07 - 2013-10-14 15:48 - 00000000 ____D () C:\Users\vlad\Desktop\Zeug
2014-05-15 14:00 - 2014-05-15 14:00 - 01141680 _____ () C:\Users\vlad\Downloads\SteamSetup.exe
2014-05-15 13:47 - 2013-12-28 19:17 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 13:47 - 2013-10-13 13:18 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 13:47 - 2013-10-13 13:18 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 07:16 - 2013-10-14 16:06 - 00002551 _____ () C:\Users\Public\Desktop\Free System Utilities.lnk
2014-05-15 07:11 - 2013-10-13 13:08 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\DRPSu
2014-05-15 06:43 - 2013-10-13 12:55 - 00001435 _____ () C:\Users\vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-15 06:39 - 2013-10-13 13:42 - 00002109 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-14 23:04 - 2014-05-14 23:04 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu (1).exe
2014-05-14 22:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\TAPI
2014-05-14 20:42 - 2014-05-14 20:42 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu.exe
2014-05-14 20:39 - 2014-05-14 20:39 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-05-14 20:34 - 2014-05-14 20:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\vlad\Downloads\revosetup.exe
2014-05-14 20:34 - 2014-05-14 20:34 - 00001222 _____ () C:\Users\vlad\Downloads\Revo Uninstaller.lnk
2014-05-14 20:34 - 2014-05-14 20:34 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-14 20:23 - 2014-05-14 20:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-14 20:13 - 2014-05-14 20:13 - 10094400 _____ (SurfRight B.V.) C:\Users\vlad\Downloads\HitmanPro.exe
2014-05-14 19:55 - 2014-05-14 19:55 - 00001060 _____ () C:\Users\vlad\Downloads\ Malwarebytes Anti-Malware .lnk
2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-14 19:53 - 2014-05-14 19:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-14 19:47 - 2014-05-14 19:47 - 01016261 _____ (Thisisu) C:\Users\vlad\Downloads\JRT (1).exe
2014-05-14 19:47 - 2014-05-14 19:47 - 00000000 ____D () C:\Windows\ERUNT
2014-05-14 19:46 - 2014-05-14 19:46 - 01016261 _____ (Thisisu) C:\Users\vlad\Desktop\JRT.exe
2014-05-14 19:28 - 2014-05-14 19:28 - 00002102 _____ () C:\sc-cleaner.txt
2014-05-14 19:27 - 2014-05-14 19:27 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\vlad\Downloads\sc-cleaner.exe
2014-05-14 18:30 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock2
2014-05-14 18:25 - 2014-05-09 23:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock
2014-05-14 13:58 - 2013-11-03 11:40 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 13:58 - 2013-10-13 12:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 21:56 - 2013-10-14 15:39 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\vlc
2014-05-12 19:55 - 2014-05-12 19:55 - 00000216 _____ () C:\Users\vlad\Desktop\The Plan.url
2014-05-12 14:58 - 2013-10-13 12:56 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-12 14:58 - 2013-10-13 12:56 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-11 20:32 - 2013-12-02 16:31 - 00000000 ____D () C:\Users\vlad\Desktop\ROM's
2014-05-11 20:26 - 2014-05-11 20:26 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Wise
2014-05-11 20:09 - 2013-10-13 13:45 - 00000000 ____D () C:\Users\vlad\Desktop\Hintergrundbilder
2014-05-10 12:28 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-09 23:48 - 2014-05-09 23:43 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock
2014-05-09 23:43 - 2014-05-09 23:42 - 00123394 _____ () C:\Windows\DirectX.log
2014-05-09 20:53 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock 2.url
2014-05-09 20:52 - 2014-05-09 20:52 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock.url
2014-05-09 20:46 - 2014-05-09 20:46 - 00000216 _____ () C:\Users\vlad\Desktop\POSTAL 2.url
2014-05-03 15:08 - 2013-10-14 15:48 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\ftblauncher
2014-05-03 15:08 - 2013-10-14 15:46 - 04588972 _____ () C:\Users\vlad\Desktop\Feed the Beast.exe
2014-05-01 21:13 - 2013-10-14 15:56 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\.technic
2014-05-01 18:23 - 2013-10-22 15:52 - 00000000 ____D () C:\Users\vlad\Desktop\Server
2014-05-01 18:21 - 2013-10-14 15:48 - 02346942 _____ () C:\Users\vlad\Desktop\Tekkit.exe
2014-04-28 18:14 - 2014-04-28 18:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\CrashRpt
2014-04-28 18:13 - 2013-10-14 18:33 - 00000000 ____D () C:\Users\vlad\Documents\My Games
2014-04-25 21:35 - 2013-10-14 15:32 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-04-24 13:06 - 2014-04-24 13:06 - 00000215 _____ () C:\Users\vlad\Desktop\Rising StormRed Orchestra 2 Multiplayer.url
2014-04-22 20:20 - 2013-10-15 20:14 - 00000000 ____D () C:\Riot Games
2014-04-22 04:48 - 2014-04-22 04:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-22 04:48 - 2014-04-22 04:48 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-22 04:48 - 2013-10-13 13:18 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400154447337
2014-04-22 04:48 - 2013-10-13 13:18 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400154447337
2014-04-22 04:48 - 2013-10-13 13:18 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-22 04:48 - 2013-10-13 13:18 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-22 04:48 - 2013-10-13 13:18 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-22 04:48 - 2013-10-13 13:18 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-22 04:48 - 2013-10-13 13:18 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-22 04:48 - 2013-10-13 13:18 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

Some content of TEMP:
====================
C:\Users\vlad\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2011-07-26 01:49] - [2011-07-26 01:49] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746

C:\Windows\system32\winlogon.exe
[2011-08-15 16:45] - [2011-08-15 16:45] - 0286720 ____A (Microsoft Corporation) 58AACDEE236690C090A86B5A34EC4B77

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe
[2011-07-26 01:46] - [2011-07-26 01:46] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000

C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2011-07-26 01:07] - [2011-07-26 01:07] - 0376832 ____A (Microsoft Corporation) FAFD0AE107BF665CB457608831814B0C

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\system32\Drivers\volsnap.sys
[2011-07-26 02:14] - [2011-07-26 02:14] - 0246144 ____A (Microsoft Corporation) C2232C62CD2E44E40CDADD00BBCFE366



LastRegBack: 2014-05-03 13:59

==================== End Of Log ============================
         
--- --- ---

Alt 20.05.2014, 15:59   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adds und Pop-Ups in Browsern und Steam - Standard

Adds und Pop-Ups in Browsern und Steam



Bitte auch ein neues Addition-Log: Haken setzen bei addition.txt dann auf Scan klicken

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.05.2014, 21:00   #9
Vlad
 
Adds und Pop-Ups in Browsern und Steam - Standard

Adds und Pop-Ups in Browsern und Steam




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014
Ran by vlad (administrator) on VLAD-PC on 20-05-2014 20:55:32
Running from C:\Users\vlad\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Razer Inc.) C:\Program Files\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6667992 2014-04-16] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-22] (AVAST Software)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [1081112 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1825984 2014-04-24] (Valve Corporation)
HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Spotify Web Helper] => C:\Users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-16] (Spotify Ltd)
HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [LightShot] => C:\Users\vlad\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226592 2014-03-06] ()
HKU\S-1-5-21-4018679884-465560905-3469409432-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\Users\vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled ()

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\vlad\AppData\Roaming\Mozilla\Firefox\Profiles\l31jvc68.default-1400128695494
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-13]

Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "https://www.google.de/", "hxxp://www.v9.com/?type=hppp&ts=1400067628&from=irs&uid=HitachiXHDS721010DLE630_MSE523RP09LKLH09LKLHX&i=psd&t=342815dbc", "hxxp://www.msn.com/?pc=AV01"
CHR Extension: (Google Docs) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-13]
CHR Extension: (Adblock Plus) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-12]
CHR Extension: (Google Wallet) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-13]
CHR Extension: (SiteBlock) - C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2014-05-12]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-22] (AVAST Software)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2011-07-26] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19405768 2014-04-02] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files\Overwolf\OverwolfUpdater.exe [18360 2013-11-11] (Overwolf Ltd)
R2 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)

==================== Drivers (Whitelisted) ====================

R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [57856 2012-10-25] (Alcor Micro, Corp.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-04-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-22] ()
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2013-10-14] (LogMeIn, Inc.)
S3 JRAID; C:\Windows\system32\drivers\jraid.sys [93096 2009-07-18] (JMicron Technology Corp.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30984 2013-01-03] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-21] (NVIDIA Corporation)
S3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1515520 2009-10-01] (C-Media Electronics Inc)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2011-07-26] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2011-07-26] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2011-07-26] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2011-07-26] (Microsoft Corporation)
S3 catchme; \??\C:\Users\vlad\AppData\Local\Temp\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-20 20:55 - 2014-05-20 20:55 - 00011217 _____ () C:\Users\vlad\Desktop\FRST.txt
2014-05-19 17:06 - 2014-05-19 17:06 - 00021770 _____ () C:\ComboFix.txt
2014-05-19 16:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-19 16:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-19 16:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-19 16:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-19 16:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-19 16:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-19 16:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-19 16:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-19 16:40 - 2014-05-19 17:06 - 00000000 ____D () C:\Qoobox
2014-05-19 16:39 - 2014-05-19 17:05 - 00000000 ____D () C:\Windows\erdnt
2014-05-19 15:14 - 2014-05-19 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-19 15:14 - 2014-05-19 15:14 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-19 15:13 - 2014-05-19 15:13 - 00961360 _____ (Chip Digital GmbH) C:\Users\vlad\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
2014-05-19 14:20 - 2014-05-20 20:55 - 00000000 ____D () C:\FRST
2014-05-19 14:18 - 2014-05-19 14:18 - 01056768 _____ (Farbar) C:\Users\vlad\Desktop\FRST.exe
2014-05-19 14:16 - 2014-05-19 14:16 - 00000000 _____ () C:\Users\vlad\defogger_reenable
2014-05-19 14:15 - 2014-05-19 14:15 - 00050477 _____ () C:\Users\vlad\Downloads\Defogger.exe
2014-05-17 16:29 - 2014-05-17 16:29 - 00529265 _____ () C:\Users\vlad\Downloads\epsxe170.zip
2014-05-17 16:20 - 2014-05-17 16:20 - 00000215 _____ () C:\Users\vlad\Desktop\Arma Cold War Assault.url
2014-05-17 12:18 - 2014-05-17 12:18 - 00000000 ____D () C:\Program Files\ESET
2014-05-15 20:57 - 2014-05-15 20:57 - 00000216 _____ () C:\Users\vlad\Desktop\BattleBlock Theater.url
2014-05-15 14:00 - 2014-05-15 14:00 - 01141680 _____ () C:\Users\vlad\Downloads\SteamSetup.exe
2014-05-15 07:12 - 2014-05-15 14:09 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-14 23:04 - 2014-05-14 23:04 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu (1).exe
2014-05-14 20:42 - 2014-05-14 20:42 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu.exe
2014-05-14 20:39 - 2014-05-14 20:39 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-05-14 20:34 - 2014-05-14 20:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\vlad\Downloads\revosetup.exe
2014-05-14 20:34 - 2014-05-14 20:34 - 00001222 _____ () C:\Users\vlad\Downloads\Revo Uninstaller.lnk
2014-05-14 20:34 - 2014-05-14 20:34 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-14 20:14 - 2014-05-14 20:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-14 20:13 - 2014-05-14 20:13 - 10094400 _____ (SurfRight B.V.) C:\Users\vlad\Downloads\HitmanPro.exe
2014-05-14 19:55 - 2014-05-20 17:25 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 19:55 - 2014-05-14 19:55 - 00001060 _____ () C:\Users\vlad\Downloads\ Malwarebytes Anti-Malware .lnk
2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-14 19:54 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-14 19:54 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-14 19:54 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-14 19:53 - 2014-05-14 19:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-14 19:47 - 2014-05-14 19:47 - 01016261 _____ (Thisisu) C:\Users\vlad\Downloads\JRT (1).exe
2014-05-14 19:47 - 2014-05-14 19:47 - 00000000 ____D () C:\Windows\ERUNT
2014-05-14 19:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-14 19:39 - 2014-05-20 14:00 - 00000000 ____D () C:\AdwCleaner
2014-05-14 19:28 - 2014-05-14 19:28 - 00002102 _____ () C:\sc-cleaner.txt
2014-05-14 19:27 - 2014-05-14 19:27 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\vlad\Downloads\sc-cleaner.exe
2014-05-14 18:30 - 2014-05-20 18:11 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock2Steam
2014-05-14 18:30 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock2
2014-05-12 19:55 - 2014-05-12 19:55 - 00000216 _____ () C:\Users\vlad\Desktop\The Plan.url
2014-05-11 20:26 - 2014-05-11 20:26 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Wise
2014-05-09 23:43 - 2014-05-14 18:25 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock
2014-05-09 23:43 - 2014-05-09 23:48 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock
2014-05-09 23:42 - 2014-05-09 23:43 - 00123394 _____ () C:\Windows\DirectX.log
2014-05-09 20:53 - 2014-05-18 18:30 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock Infinite.url
2014-05-09 20:53 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock 2.url
2014-05-09 20:52 - 2014-05-09 20:52 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock.url
2014-05-09 20:46 - 2014-05-09 20:46 - 00000216 _____ () C:\Users\vlad\Desktop\POSTAL 2.url
2014-04-28 18:14 - 2014-04-28 18:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\CrashRpt
2014-04-24 13:06 - 2014-05-19 19:01 - 00000216 _____ () C:\Users\vlad\Desktop\Red Orchestra 2 Heroes of Stalingrad - Single Player.url
2014-04-24 13:06 - 2014-04-24 13:06 - 00000215 _____ () C:\Users\vlad\Desktop\Rising StormRed Orchestra 2 Multiplayer.url
2014-04-22 04:48 - 2014-04-22 04:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-22 04:48 - 2014-04-22 04:48 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys

==================== One Month Modified Files and Folders =======

2014-05-20 20:55 - 2014-05-20 20:55 - 00011217 _____ () C:\Users\vlad\Desktop\FRST.txt
2014-05-20 20:55 - 2014-05-19 14:20 - 00000000 ____D () C:\FRST
2014-05-20 20:53 - 2013-10-14 15:27 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Skype
2014-05-20 20:52 - 2013-10-14 21:11 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Spotify
2014-05-20 20:35 - 2013-10-13 13:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-20 20:26 - 2014-02-22 21:30 - 00000374 _____ () C:\Windows\Tasks\update-S-1-5-21-4018679884-465560905-3469409432-1000.job
2014-05-20 20:07 - 2013-10-22 18:00 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\TS3Client
2014-05-20 19:56 - 2013-11-03 11:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-20 18:20 - 2013-10-14 15:32 - 00000000 ____D () C:\Program Files\Steam
2014-05-20 18:11 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock2Steam
2014-05-20 17:35 - 2013-10-13 13:41 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-20 17:32 - 2013-10-13 13:45 - 00000000 ____D () C:\Users\vlad\Desktop\Hintergrundbilder
2014-05-20 17:25 - 2014-05-14 19:55 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-20 17:24 - 2014-02-22 21:30 - 00000374 _____ () C:\Windows\Tasks\update-sys.job
2014-05-20 17:04 - 2013-10-13 12:26 - 01778817 _____ () C:\Windows\WindowsUpdate.log
2014-05-20 14:14 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-20 14:14 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-20 14:07 - 2014-03-29 12:54 - 00016157 _____ () C:\Windows\setupact.log
2014-05-20 14:06 - 2013-12-07 16:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-20 14:06 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-20 14:02 - 2014-03-29 12:53 - 00013844 _____ () C:\Windows\PFRO.log
2014-05-20 14:00 - 2014-05-14 19:39 - 00000000 ____D () C:\AdwCleaner
2014-05-19 21:38 - 2013-10-14 23:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Hamachi
2014-05-19 19:01 - 2014-04-24 13:06 - 00000216 _____ () C:\Users\vlad\Desktop\Red Orchestra 2 Heroes of Stalingrad - Single Player.url
2014-05-19 17:48 - 2013-10-14 21:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\Spotify
2014-05-19 17:06 - 2014-05-19 17:06 - 00021770 _____ () C:\ComboFix.txt
2014-05-19 17:06 - 2014-05-19 16:40 - 00000000 ____D () C:\Qoobox
2014-05-19 17:06 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-05-19 17:06 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-05-19 17:05 - 2014-05-19 16:39 - 00000000 ____D () C:\Windows\erdnt
2014-05-19 17:01 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-05-19 16:59 - 2009-07-14 04:03 - 51380224 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-19 16:59 - 2009-07-14 04:03 - 19922944 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-19 16:59 - 2009-07-14 04:03 - 01835008 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-05-19 16:59 - 2009-07-14 04:03 - 00069632 _____ () C:\Windows\system32\config\SAM.bak
2014-05-19 16:59 - 2009-07-14 04:03 - 00028672 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-19 15:49 - 2013-10-14 15:13 - 00001502 _____ () C:\Users\vlad\Desktop\Notizen.txt
2014-05-19 15:14 - 2014-05-19 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-19 15:14 - 2014-05-19 15:14 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-19 15:13 - 2014-05-19 15:13 - 00961360 _____ (Chip Digital GmbH) C:\Users\vlad\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
2014-05-19 14:18 - 2014-05-19 14:18 - 01056768 _____ (Farbar) C:\Users\vlad\Desktop\FRST.exe
2014-05-19 14:16 - 2014-05-19 14:16 - 00000000 _____ () C:\Users\vlad\defogger_reenable
2014-05-19 14:16 - 2013-10-13 12:53 - 00000000 ____D () C:\Users\vlad
2014-05-19 14:15 - 2014-05-19 14:15 - 00050477 _____ () C:\Users\vlad\Downloads\Defogger.exe
2014-05-18 19:03 - 2013-10-14 15:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\.minecraft
2014-05-18 18:30 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock Infinite.url
2014-05-17 16:29 - 2014-05-17 16:29 - 00529265 _____ () C:\Users\vlad\Downloads\epsxe170.zip
2014-05-17 16:20 - 2014-05-17 16:20 - 00000215 _____ () C:\Users\vlad\Desktop\Arma Cold War Assault.url
2014-05-17 12:18 - 2014-05-17 12:18 - 00000000 ____D () C:\Program Files\ESET
2014-05-16 22:51 - 2013-12-02 14:08 - 00000000 ____D () C:\ProgramData\ProductData
2014-05-15 20:57 - 2014-05-15 20:57 - 00000216 _____ () C:\Users\vlad\Desktop\BattleBlock Theater.url
2014-05-15 14:32 - 2013-10-13 12:52 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-15 14:09 - 2014-05-15 07:12 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-15 14:07 - 2013-10-14 15:48 - 00000000 ____D () C:\Users\vlad\Desktop\Zeug
2014-05-15 14:00 - 2014-05-15 14:00 - 01141680 _____ () C:\Users\vlad\Downloads\SteamSetup.exe
2014-05-15 13:47 - 2013-12-28 19:17 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-15 13:47 - 2013-10-13 13:18 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-15 13:47 - 2013-10-13 13:18 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-15 07:16 - 2013-10-14 16:06 - 00002551 _____ () C:\Users\Public\Desktop\Free System Utilities.lnk
2014-05-15 07:11 - 2013-10-13 13:08 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\DRPSu
2014-05-15 06:43 - 2013-10-13 12:55 - 00001435 _____ () C:\Users\vlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-15 06:39 - 2013-10-13 13:42 - 00002109 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-14 23:04 - 2014-05-14 23:04 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu (1).exe
2014-05-14 22:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\TAPI
2014-05-14 20:42 - 2014-05-14 20:42 - 02347384 _____ (ESET) C:\Users\vlad\Downloads\esetsmartinstaller_deu.exe
2014-05-14 20:39 - 2014-05-14 20:39 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-05-14 20:34 - 2014-05-14 20:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\vlad\Downloads\revosetup.exe
2014-05-14 20:34 - 2014-05-14 20:34 - 00001222 _____ () C:\Users\vlad\Downloads\Revo Uninstaller.lnk
2014-05-14 20:34 - 2014-05-14 20:34 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-14 20:23 - 2014-05-14 20:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-14 20:13 - 2014-05-14 20:13 - 10094400 _____ (SurfRight B.V.) C:\Users\vlad\Downloads\HitmanPro.exe
2014-05-14 19:55 - 2014-05-14 19:55 - 00001060 _____ () C:\Users\vlad\Downloads\ Malwarebytes Anti-Malware .lnk
2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 19:54 - 2014-05-14 19:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-14 19:53 - 2014-05-14 19:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\vlad\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-14 19:47 - 2014-05-14 19:47 - 01016261 _____ (Thisisu) C:\Users\vlad\Downloads\JRT (1).exe
2014-05-14 19:47 - 2014-05-14 19:47 - 00000000 ____D () C:\Windows\ERUNT
2014-05-14 19:28 - 2014-05-14 19:28 - 00002102 _____ () C:\sc-cleaner.txt
2014-05-14 19:27 - 2014-05-14 19:27 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\vlad\Downloads\sc-cleaner.exe
2014-05-14 18:30 - 2014-05-14 18:30 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock2
2014-05-14 18:25 - 2014-05-09 23:43 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Bioshock
2014-05-14 13:58 - 2013-11-03 11:40 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 13:58 - 2013-10-13 12:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 21:56 - 2013-10-14 15:39 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\vlc
2014-05-12 19:55 - 2014-05-12 19:55 - 00000216 _____ () C:\Users\vlad\Desktop\The Plan.url
2014-05-12 14:58 - 2013-10-13 12:56 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-12 14:58 - 2013-10-13 12:56 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-11 20:32 - 2013-12-02 16:31 - 00000000 ____D () C:\Users\vlad\Desktop\ROM's
2014-05-11 20:26 - 2014-05-11 20:26 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\Wise
2014-05-10 12:28 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-09 23:48 - 2014-05-09 23:43 - 00000000 ____D () C:\Users\vlad\Documents\Bioshock
2014-05-09 23:43 - 2014-05-09 23:42 - 00123394 _____ () C:\Windows\DirectX.log
2014-05-09 20:53 - 2014-05-09 20:53 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock 2.url
2014-05-09 20:52 - 2014-05-09 20:52 - 00000214 _____ () C:\Users\vlad\Desktop\BioShock.url
2014-05-09 20:46 - 2014-05-09 20:46 - 00000216 _____ () C:\Users\vlad\Desktop\POSTAL 2.url
2014-05-03 15:08 - 2013-10-14 15:48 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\ftblauncher
2014-05-03 15:08 - 2013-10-14 15:46 - 04588972 _____ () C:\Users\vlad\Desktop\Feed the Beast.exe
2014-05-01 21:13 - 2013-10-14 15:56 - 00000000 ____D () C:\Users\vlad\AppData\Roaming\.technic
2014-05-01 18:23 - 2013-10-22 15:52 - 00000000 ____D () C:\Users\vlad\Desktop\Server
2014-05-01 18:21 - 2013-10-14 15:48 - 02346942 _____ () C:\Users\vlad\Desktop\Tekkit.exe
2014-04-28 18:14 - 2014-04-28 18:14 - 00000000 ____D () C:\Users\vlad\AppData\Local\CrashRpt
2014-04-28 18:13 - 2013-10-14 18:33 - 00000000 ____D () C:\Users\vlad\Documents\My Games
2014-04-25 21:35 - 2013-10-14 15:32 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-04-24 13:06 - 2014-04-24 13:06 - 00000215 _____ () C:\Users\vlad\Desktop\Rising StormRed Orchestra 2 Multiplayer.url
2014-04-22 20:20 - 2013-10-15 20:14 - 00000000 ____D () C:\Riot Games
2014-04-22 04:48 - 2014-04-22 04:48 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-22 04:48 - 2014-04-22 04:48 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-22 04:48 - 2013-10-13 13:18 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1400154447337
2014-04-22 04:48 - 2013-10-13 13:18 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1400154447337
2014-04-22 04:48 - 2013-10-13 13:18 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-22 04:48 - 2013-10-13 13:18 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-22 04:48 - 2013-10-13 13:18 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-22 04:48 - 2013-10-13 13:18 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-22 04:48 - 2013-10-13 13:18 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-22 04:48 - 2013-10-13 13:18 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk

Some content of TEMP:
====================
C:\Users\vlad\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2011-07-26 01:49] - [2011-07-26 01:49] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746

C:\Windows\system32\winlogon.exe
[2011-08-15 16:45] - [2011-08-15 16:45] - 0286720 ____A (Microsoft Corporation) 58AACDEE236690C090A86B5A34EC4B77

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe
[2011-07-26 01:46] - [2011-07-26 01:46] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000

C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2011-07-26 01:07] - [2011-07-26 01:07] - 0376832 ____A (Microsoft Corporation) FAFD0AE107BF665CB457608831814B0C

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\system32\Drivers\volsnap.sys
[2011-07-26 02:14] - [2011-07-26 02:14] - 0246144 ____A (Microsoft Corporation) C2232C62CD2E44E40CDADD00BBCFE366



LastRegBack: 2014-05-03 13:59

==================== End Of Log ============================
         
--- --- ---






Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-05-2014
Ran by vlad at 2014-05-20 20:56:04
Running from C:\Users\vlad\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Antichamber (HKLM\...\Steam App 219890) (Version:  - Alexander Bruce)
Arma: Cold War Assault (HKLM\...\Steam App 65790) (Version:  - Bohemia Interactive)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2018 - Avast Software)
BattleBlock Theater (HKLM\...\Steam App 238460) (Version:  - The Behemoth)
BioShock (HKLM\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM\...\Steam App 8850) (Version:  - 2K Marin)
BioShock Infinite (HKLM\...\Steam App 8870) (Version:  - Irrational Games)
Borderlands (HKLM\...\Steam App 8980) (Version:  - Gearbox Software)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Cave Story Deluxe (HKLM\...\Cave Story Deluxe) (Version:  - )
Cry of Fear (HKLM\...\Steam App 223710) (Version:  - Team Psykskallar)
Crysis (HKLM\...\Steam App 17300) (Version:  - Crytek)
Disney-Pixar WALL-E (HKLM\...\{B94C6815-7BCC-4124-AC39-9208A06FFFA7}) (Version: 1.00.0000 - THQ)
Dojotech Spotify Recorder (HKLM\...\{D149DB2E-392E-48CC-8036-88BECC09C50A}) (Version: 3.2 - Dojotech Software)
Don't Starve (HKLM\...\Steam App 219740) (Version:  - Klei Entertainment)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Driver Booster (HKLM\...\Driver Booster_is1) (Version: 1.2 - IObit)
Edna & Harvey: Harvey's New Eyes (HKLM\...\Steam App 219910) (Version:  - Daedalic Entertainment)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FINAL FANTASY VII (HKLM\...\Steam App 39140) (Version:  - Square Enix)
Free System Utilities (HKLM\...\{b70d03b1-2a07-4c32-beef-79d2d13a5bee}) (Version: 1.1.3.0 - Covus Freemium GmbH)
Free SystemUtilities (Version: 1.1.3.0 - Covus Freemium GmbH) Hidden
Game Dev Tycoon (HKLM\...\Steam App 239820) (Version:  - Greenheart Games)
GameSpy Comrade (HKLM\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Garry)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM\...\Steam App 12210) (Version:  - Rockstar North)
Greenfish Icon Editor Pro 3.31 (HKLM\...\{27135B83-5AFF-42A3-BCEB-E689BE9E2090}_is1) (Version:  - Greenfish Corporation)
Half-Life (HKLM\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM\...\Steam App 340) (Version:  - Valve)
Half-Life: Blue Shift (HKLM\...\Steam App 130) (Version:  - Gearbox Software)
Half-Life: Opposing Force (HKLM\...\Steam App 50) (Version:  - Gearbox Software)
Hamachi 1.0.3.0 (HKLM\...\Hamachi) (Version:  - )
Hitman 2: Silent Assassin (HKLM\...\Steam App 6850) (Version:  - IO Interactive)
Hitman: Absolution (HKLM\...\Steam App 203140) (Version:  - IO Interactive)
Hitman: Blood Money (HKLM\...\Steam App 6860) (Version:  - IO Interactive)
Hitman: Codename 47 (HKLM\...\Steam App 6900) (Version:  - IO Interactive)
Hitman: Contracts (HKLM\...\Steam App 247430) (Version:  - )
Hitman: Sniper Challenge (HKLM\...\Steam App 205930) (Version:  - IO Interactive)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 45 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Just Cause (HKLM\...\Steam App 6880) (Version:  - Avalanche)
Just Cause 2 (HKLM\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM\...\Steam App 259080) (Version:  - JC2-MP Team)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
lightshot-5.1.0.15 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.0.15 - Skillbrains)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MEDUSA NX USB 5.1 Gaming Headset (HKLM\...\C-Media CM106 Like Sound Driver) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (HKLM\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 24.0 (x86 de) (HKLM\...\Mozilla Firefox 24.0 (x86 de)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
My Game Long Name (HKLM\...\UDK-ca5c1d5d-d51e-436b-b5ea-a8b1d7131cb6) (Version:  - Epic Games, Inc.)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
Outlast (HKLM\...\Steam App 238320) (Version:  - Red Barrels)
Overwolf (HKLM\...\{0A337036-B73E-4C85-8D32-3851F84B7CFE}) (Version: 0.46.271 - Overwolf)
Plus-HD-3.8 (HKLM\...\Plus-HD-3.8) (Version: 1.27.153.11 - Plus HD) <==== ATTENTION
Portal (HKLM\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM\...\Steam App 620) (Version:  - Valve)
POSTAL 2 (HKLM\...\Steam App 223470) (Version:  - Running With Scissors)
Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Q.U.B.E. (HKLM\...\Steam App 203730) (Version:  - Toxic Games)
Razer Game Booster (HKLM\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM\...\Steam App 236830) (Version:  - )
Reus (HKLM\...\Steam App 222730) (Version:  - Abbey Games)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM\...\Steam App 35450) (Version:  - Tripwire Interactive)
Rogue Legacy (HKLM\...\Steam App 241600) (Version:  - Cellar Door Games)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
SketchUp 2013 (HKLM\...\{2C0777B8-E91F-45AA-976B-7EB6B40E5400}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version:  - Valve)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Starbound (HKLM\...\Steam App 211820) (Version:  - )
State of Decay (HKLM\...\Steam App 241540) (Version:  - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Update kb70007 (Version: 1.0.0 - MSR) Hidden
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Plan (HKLM\...\Steam App 250600) (Version:  - Krillbite Studio)
The Sims(TM) 3 (HKLM\...\Steam App 47890) (Version:  - The Sims Studio)
The Stanley Parable (HKLM\...\Steam App 221910) (Version:  - Galactic Cafe)
The Walking Dead (HKLM\...\Steam App 207610) (Version:  - )
The Walking Dead: Season Two (HKLM\...\Steam App 261030) (Version:  - Telltale Games)
Thomas Was Alone (HKLM\...\Steam App 220780) (Version:  - Mike Bithell)
Tomb Raider (HKLM\...\Steam App 203160) (Version:  - Crystal Dynamics)
Tomb Raider (VI): The Angel of Darkness (HKLM\...\Steam App 225020) (Version:  - Core Design)
Tomb Raider I (HKLM\...\Steam App 224960) (Version:  - Core Design)
Tomb Raider II (HKLM\...\Steam App 225300) (Version:  - Core Design)
Tomb Raider III: Adventures of Lara Croft (HKLM\...\Steam App 225320) (Version:  - Core Design)
Tomb Raider: Anniversary (HKLM\...\Steam App 8000) (Version:  - Crystal Dynamics)
Tomb Raider: Chronicles (HKLM\...\Steam App 225000) (Version:  - Core Design)
Tomb Raider: Legend (HKLM\...\Steam App 7000) (Version:  - Crystal Dynamics)
Tomb Raider: The Last Revelation (HKLM\...\Steam App 224980) (Version:  - Core Design)
Tomb Raider: Underworld (HKLM\...\Steam App 8140) (Version:  - Crystal Dynamics)
Unreal Development Kit: 2012-10 (HKLM\...\UDK-9a945cf0-3152-4d4f-a428-35aebc522f71) (Version:  - Epic Games, Inc.)
Update for Microsoft .NET Framework 4.5 (KB2750147) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805221) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805226) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

15-05-2014 05:11:16 Removed IObit Apps Toolbar v9.1.
15-05-2014 05:12:23 Removed IObit Apps Toolbar v9.1.
15-05-2014 12:06:14 Removed IObit Apps Toolbar v9.1.
15-05-2014 12:09:22 Removed PlayReady PC Runtime X86
15-05-2014 12:11:38 Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU wird entfernt
15-05-2014 12:31:28 Removed Adobe Shockwave Player 11.6.
15-05-2014 12:42:10 Revo Uninstaller's restore point - IObit Apps Toolbar v9.1
15-05-2014 12:42:32 Removed IObit Apps Toolbar v9.1.
15-05-2014 12:52:40 Revo Uninstaller's restore point - Adobe Flash Player 13 ActiveX
15-05-2014 12:53:29 Revo Uninstaller's restore point - Adobe Flash Player 13 Plugin
19-05-2014 14:44:33 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-14 04:04 - 2014-05-19 17:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {43A1A5BA-F03D-4D1F-AB04-73507EF3A8FC} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2014-01-10] (IObit)
Task: {546B77E0-2D16-4A99-BE50-BF9A98E0A69D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-13] (Google Inc.)
Task: {597B8412-CAD4-4CF9-9F0E-1AEC902EFD5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-13] (Google Inc.)
Task: {6425BDED-C0D8-49F5-AFEB-3613AFF6F841} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe
Task: {964E9CCF-D038-4D07-8107-8C1B071B4148} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: {CBD415AA-B846-4F3F-AF3E-EDBD7E9136D9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-22] (AVAST Software)
Task: {D8DE037A-B9D5-4AD5-BD12-CC71EB7F3D81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {EF8E9ECD-32D9-4E3F-B9E1-C328774C6DA8} - System32\Tasks\update-S-1-5-21-4018679884-465560905-3469409432-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-4018679884-465560905-3469409432-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (whitelisted) =============

2013-12-07 16:39 - 2014-03-04 14:34 - 00109000 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-10-21 13:43 - 2013-10-20 08:08 - 02136576 _____ () C:\Program Files\AVAST Software\Avast\defs\13102000\algo.dll
2013-10-21 13:43 - 2013-10-21 13:43 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Overwolf => C:\Program Files\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Spotify => "C:\Users\vlad\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\vlad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 29%
Total physical RAM: 3198.12 MB
Available physical RAM: 2251.95 MB
Total Pagefile: 6394.53 MB
Available Pagefile: 5169.96 MB
Total Virtual: 3071.88 MB
Available Virtual: 2959.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:514.11 GB) NTFS
Drive d: (WALL-E) (CDROM) (Total:3.49 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 61C89B35)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 20.05.2014, 23:31   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adds und Pop-Ups in Browsern und Steam - Standard

Adds und Pop-Ups in Browsern und Steam



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.05.2014, 13:49   #11
Vlad
 
Adds und Pop-Ups in Browsern und Steam - Standard

Adds und Pop-Ups in Browsern und Steam



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:17-05-2014
Ran by vlad at 2014-05-21 13:47:43 Run:1
Running from C:\Users\vlad\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.

==== End of Fixlog ====
         

Alt 21.05.2014, 23:26   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adds und Pop-Ups in Browsern und Steam - Standard

Adds und Pop-Ups in Browsern und Steam



Okay, dann bitte Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.05.2014, 22:42   #13
Vlad
 
Adds und Pop-Ups in Browsern und Steam - Standard

Adds und Pop-Ups in Browsern und Steam



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 22.05.2014
Suchlauf-Zeit: 22:29:17
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.22.10
Rootkit Datenbank: v2014.05.21.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: vlad

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 248142
Verstrichene Zeit: 7 Min, 9 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 1
PUP.Optional.V9.A, C:\Users\vlad\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "https://www.google.de/", "hxxp://www.v9.com/?type=hppp&ts=1400067628&from=irs&uid=HitachiXHDS721010DLE630_MSE523RP09LKLH09LKLHX&i=psd&t=342815dbc", "hxxp://www.msn.com/?pc=AV01" ],), Ersetzt,[a4ce7fd5413aa4928c71d2aff90b9f61]

Physische Sektoren: 0
(No malicious items detected)


(end)
         



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=769f41f36249694aba45ac46bc8f7b01
# engine=18300
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-17 12:08:32
# local_time=2014-05-17 02:08:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 76 169642 18556051 0 0
# compatibility_mode=5893 16776573 100 94 7949 151959703 0 0
# scanned=440132
# found=2
# cleaned=2
# scan_time=6362
sh=91A36ECC07C1A2FDFC46A22BE61580DB05B9A07B ft=1 fh=3949443ec6f71fd1 vn="Win32/OutBrowse.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-4018679884-465560905-3469409432-1000\$RBLUKMS.exe"
sh=91A36ECC07C1A2FDFC46A22BE61580DB05B9A07B ft=1 fh=3949443ec6f71fd1 vn="Win32/OutBrowse.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-4018679884-465560905-3469409432-1000\$RPYBXW7.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=769f41f36249694aba45ac46bc8f7b01
# engine=18372
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2014-05-22 11:17:40
# local_time=2014-05-23 01:17:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 76 641790 19028199 0 0
# compatibility_mode=5893 16776573 100 94 11606 152431851 0 0
# scanned=445638
# found=2
# cleaned=0
# scan_time=9574
sh=90FD6993499CD49D1F0BD507CB9189D85550E1BA ft=1 fh=ee056a68ff3ffc29 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\vlad\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe"
sh=C2C4EF4212BD52C0E1A37CB10B0568D1871C79D5 ft=0 fh=0000000000000000 vn="Variante von Win64/Toolbar.Widgi.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\1416d29.msi"
         

Alt 24.05.2014, 15:06   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Adds und Pop-Ups in Browsern und Steam - Standard

Adds und Pop-Ups in Browsern und Steam



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\vlad\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
C:\Windows\Installer\1416d29.msi
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.05.2014, 00:11   #15
Vlad
 
Adds und Pop-Ups in Browsern und Steam - Standard

Adds und Pop-Ups in Browsern und Steam



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:24-05-2014 1
Ran by vlad at 2014-05-25 00:10:46 Run:2
Running from C:\Users\vlad\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\vlad\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe
C:\Windows\Installer\1416d29.msi
*****************

C:\Users\vlad\Downloads\7 Zip 32 Bit - CHIP-Downloader.exe => Moved successfully.
C:\Windows\Installer\1416d29.msi => Moved successfully.

==== End of Fixlog ====
         

Antwort

Themen zu Adds und Pop-Ups in Browsern und Steam
.com, ahnung, anwendungen, computer, internet, internet explorer, manager, nicht mehr, pop-up virus, pop-ups, pop-ups in steam, posadi17, posadi17 entfernen, probleme, pup.optional.v9.a, startseite, task manager, v9.com, win32/downloadsponsor.a, win32/outbrowse.r, win64/toolbar.widgi.a, wirklich



Ähnliche Themen: Adds und Pop-Ups in Browsern und Steam


  1. Windows 7: Steam Account durch Virus gehackt und entwendet, Steam infiziert : Win32:Malware-gen
    Log-Analyse und Auswertung - 14.09.2015 (16)
  2. Firefox adds
    Plagegeister aller Art und deren Bekämpfung - 09.04.2015 (20)
  3. Windows 7 : Webseiten sind von werbe adds besetzt und werden ständig zu pop ups umgeleitet
    Log-Analyse und Auswertung - 31.03.2015 (17)
  4. Plötzlich Ballerspiel in den Browsern
    Alles rund um Windows - 26.11.2014 (4)
  5. Pop-Up Fenster in allen Browsern - Win 7
    Log-Analyse und Auswertung - 23.06.2014 (5)
  6. Mozilla Firefox- "adds not by this side" überall
    Log-Analyse und Auswertung - 12.04.2014 (7)
  7. Werbung in allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 27.11.2013 (12)
  8. Wisesearch beim öffnen von Firefox und Adds
    Plagegeister aller Art und deren Bekämpfung - 31.10.2013 (13)
  9. easylifeapp search in den browsern
    Log-Analyse und Auswertung - 04.07.2013 (24)
  10. easylifeapp search in den browsern
    Mülltonne - 30.06.2013 (1)
  11. "Adds to Browse to save" Virus
    Plagegeister aller Art und deren Bekämpfung - 13.02.2013 (19)
  12. Werbung in allen Browsern
    Log-Analyse und Auswertung - 06.12.2012 (22)
  13. Steam(file2.exe) ohne das man Steam installiert hat
    Plagegeister aller Art und deren Bekämpfung - 21.02.2010 (1)
  14. stetig popups bei den Browsern
    Log-Analyse und Auswertung - 17.12.2008 (10)
  15. Probleme mit dem Internet/den Browsern
    Log-Analyse und Auswertung - 14.10.2008 (7)
  16. Probleme mit Browsern
    Plagegeister aller Art und deren Bekämpfung - 01.08.2008 (0)
  17. BSI rät zu anderen Browsern
    Alles rund um Windows - 12.09.2004 (1)

Zum Thema Adds und Pop-Ups in Browsern und Steam - Hallo, ich melde mich hier weil ich seit einer Woche einige Probleme habe. Angefangen hat das als in den einzelnen Browsern mehr Adds und Pop-Ups als üblich aufgetaucht sind. Anfangs - Adds und Pop-Ups in Browsern und Steam...
Archiv
Du betrachtest: Adds und Pop-Ups in Browsern und Steam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.