Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win7 Malwareprobleme

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.06.2014, 10:27   #1
käsenudel
 
Win7 Malwareprobleme - Ausrufezeichen

Win7 Malwareprobleme



Hallo liebe Community,

ich habe folgendes Problem:
Ich nehme an, dass mein PC ziemlich stark mit Viren bzw. Malware infiziert ist. Oft wenn ich Videos im Internet streame oder surfe geht ein Txtfield auf, "Ihr flash player ist nicht auf der aktuellsten Version, bitte laden sie die aktuelle Version hier herunter" Ich kann dann auswählen zwischen ok und "X". Das problem ist nur, sogar wenn ich schließen möchte werde ich auf eine Seite weitergeleitet, auf der automatisch eine Setup datei heruntergeladen wird, die Malwarebytes als gefährlich einstuft. Habe bisher alle diese Dateien in den Papierkorb verschoben und gelöscht. Malwarebytes schon 3 mal drüberlaufen lassen, der hat auch einiges gefunden und gelöscht. Als ich gestern dann mit Avira Anti Vir scannen wollte und dann fertig war bekam ich eine Meldung bei der man die gefundenen Viren einsehen und in Quarantäne oder sonstiges verschieben kann. In dem Fenster waren jedoch keine Virenfunde und keine Auswahlmöglichkeiten zu sehen, obwohl der Scanner vorher angezeigt hatte dass mehrere Viren gefunden wurden. Ich konnte das Fenster dann nicht schließen und Antivir ist hat danach keine Rückmeldung mehr gegeben und ich musste es schließen. Malwarebytes hat jetzt keine Funde mehr, ich befürchte aber dass da noch mehr in Registry und co beschädigt ist.

Ich habe den Avast Virenscanner, Avira Free Antivirus und Malwarebytes installiert.

Vorher hatte ich mal PcCleaner Pro oder so ähnlich installiert, das auch als Fakeprogramm gilt. Wurde dann aber wieder deinstalliert.
Ab und zu trennt sich meine Internetverbindung automatisch und ich habe auch das Gefühl nicht den vollen Umfang meiner 60 MB/s nutzen zu können.
Ich bin über einen FRITZ!WLAN Stick verbunden, der eigentlich immer dauerhaft funktionierte.

Ich hoffe dass mir jemand helfen kann, ich poste die Logdateien sobald ich zuhause bin.

Liebe Grüße, Andreas

Alt 13.06.2014, 10:33   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7 Malwareprobleme - Standard

Win7 Malwareprobleme



Schauen wir uns einfach mal genauer an...




Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab.
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:

Schritt 1


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 13.06.2014, 20:45   #3
käsenudel
 
Win7 Malwareprobleme - Standard

Win7 Malwareprobleme



So, hat n bisschen gedauert aber hier die logs:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by User (administrator) on USER-PC on 14-06-2014 21:42:17
Running from C:\Users\User\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\User\Desktop\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [StereoLinksInstall] => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe [1091416 2014-03-04] (NVIDIA Corporation)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-14] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-4092284354-3438196892-795775571-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4092284354-3438196892-795775571-1000\...\MountPoints2: {822a59fe-a074-11e2-9ab2-a933f5eb007a} - G:\pushinst.exe
HKU\S-1-5-21-4092284354-3438196892-795775571-1000\...\MountPoints2: {a11862a2-f159-11e0-80b5-14dae92d1d8b} - G:\Launcher.exe
HKU\S-1-5-21-4092284354-3438196892-795775571-1000\...\MountPoints2: {a1cef0a5-d567-11e0-9d14-14dae92d1d8b} - F:\Launcher.exe
HKU\S-1-5-21-4092284354-3438196892-795775571-1000\...\MountPoints2: {df6b0e21-313b-11e1-a0dc-14dae92d1d8b} - F:\autorun.exe
HKU\S-1-5-21-4092284354-3438196892-795775571-1000\...\MountPoints2: {df6b0e7a-313b-11e1-a0dc-14dae92d1d8b} - H:\Setup.exe
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA69EB00AF567CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM-x32 - DefaultScope {0B15A8F2-9FA1-4149-B76F-6D50FEE7054F} URL = 
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKCU - {0B15A8F2-9FA1-4149-B76F-6D50FEE7054F} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317893&CUI=UN26203833781572417&UM=2
BHO: grepo - {28A984B0-844D-48EC-AE42-6682BBB4FD33} - C:\Program Files (x86)\Grepo\grepo_x64.dll No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: grepo - {28A984B0-844D-48EC-AE42-6682BBB4FD33} - C:\Program Files (x86)\Grepo\grepo.dll No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default
FF DefaultSearchEngine: RadioTotal4 Customized Web Search
FF SelectedSearchEngine: Conduit Search
FF NetworkProxy: "http", "184.154.198.154"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.4.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll ()
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll ()
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\user.js
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\searchplugins\claro.xml
FF Extension: Claro Toolbar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\Extensions\ffxtlbr@claro.com [2013-03-02]
FF Extension: ProxTube - Unblock YouTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\Extensions\ich@maltegoetz.de [2013-12-12]
FF Extension: Applon Support - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\Extensions\jid1-RYwhP9dQdGfXkQ@jetpack [2013-09-07]
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\Extensions\staged [2014-01-03]
FF Extension: Searchqu Toolbar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012-02-15]
FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012-03-08]
FF Extension: Freemium DE  - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\Extensions\{e66f4171-0f28-4599-a595-58b840522f7e} [2013-12-12]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-10]
FF Extension: No Name - C:\Program Files (x86)\Web Check\WebCheck.xpi []
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\extensions\firefox@whilokii.net.xpi []
FF Extension: No Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\extensions\pricepeep@getpricepeep.com.xpi []

Chrome: 
=======
CHR HomePage: hxxp://www.google.de?hl=de&gl=de
CHR StartupUrls: "hxxp://www.google.de?hl=de&gl=de"
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-11]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-08]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-08]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-06-01]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (YouTube Unblocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2013-12-14]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-08]
CHR HKCU\...\Chrome\Extension: [jbaaieplnliapedmcbfgfijinolepige] - C:\Users\User\AppData\Local\CRE\jbaaieplnliapedmcbfgfijinolepige.crx [2012-05-08]
CHR HKLM-x32\...\Chrome\Extension: [aaokmnpaoippoclepikifeegeknpopea] - C:\Program Files (x86)\ResultsAlpha\aaokmnpaoippoclepikifeegeknpopea.crx [2012-05-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-14]
CHR HKLM-x32\...\Chrome\Extension: [jbaaieplnliapedmcbfgfijinolepige] - C:\Users\User\AppData\Local\CRE\jbaaieplnliapedmcbfgfijinolepige.crx [2014-06-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
S4 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()
S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-14] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S4 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [542552 2012-04-11] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-05-31] ()
S4 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe" [X]
S2 avgwd; "C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe" [X]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [X]
S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [X]
S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [X]

==================== Drivers (Whitelisted) ====================

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [36448 2011-03-23] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-14] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236824 2014-04-01] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-04] (AVM Berlin)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-28] (DT Soft Ltd)
R3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
S0 prohlp02; C:\Windows\SysWOW64\drivers\prohlp02.sys [65504 2004-03-09] (Protection Technology) [File not signed]
S0 prosync1; C:\Windows\SysWOW64\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [File not signed]
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S0 sfhlp01; C:\Windows\SysWOW64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-04-11] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
U3 akt3cwlr; No ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [X]
S3 TEAM; system32\DRIVERS\RtTeam60.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]
S3 VLAN; system32\DRIVERS\RtVLAN60.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-14 21:42 - 2014-06-14 21:42 - 00019122 ____C () C:\Users\User\Desktop\FRST.txt
2014-06-14 21:41 - 2014-06-14 21:41 - 02081792 ____C (Farbar) C:\Users\User\Desktop\FRST64 (1).exe
2014-06-14 00:17 - 2014-06-14 00:17 - 00043152 ____C (AVAST Software) C:\Windows\avastSS.scr
2014-06-14 00:17 - 2014-06-14 00:17 - 00029208 ____C () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-14 00:14 - 2014-06-14 00:14 - 00000000 ___DC () C:\Users\User\AppData\Roaming\Avira
2014-06-13 23:50 - 2014-06-13 23:50 - 00000000 ____C () C:\autoexec.bat
2014-06-13 23:49 - 2014-06-14 00:13 - 00000000 ___DC () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-06-13 23:49 - 2014-06-13 23:49 - 00000000 ___DC () C:\Program Files\Enigma Software Group
2014-06-13 23:48 - 2014-06-13 23:48 - 00728960 ____C (Enigma Software Group USA, LLC.) C:\Users\User\Desktop\SpyHunter-Installer.exe
2014-06-12 14:44 - 2014-06-12 15:52 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 14:44 - 2014-06-12 15:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 14:44 - 2014-06-12 15:52 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 14:44 - 2014-06-12 15:52 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 14:44 - 2014-06-12 15:52 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 14:44 - 2014-06-12 15:52 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 14:44 - 2014-06-12 15:52 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 14:44 - 2014-06-12 15:52 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 14:44 - 2014-06-12 15:52 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 14:44 - 2014-06-12 15:52 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 14:44 - 2014-06-12 15:52 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 14:42 - 2014-06-12 15:53 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 14:42 - 2014-06-12 15:53 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 14:42 - 2014-06-12 15:52 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 14:42 - 2014-06-12 15:52 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 14:42 - 2014-06-12 15:52 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 14:42 - 2014-06-12 15:52 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 14:42 - 2014-06-12 15:52 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 14:42 - 2014-06-12 15:52 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 14:42 - 2014-06-12 15:52 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 14:42 - 2014-06-12 15:52 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 14:42 - 2014-06-12 15:52 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 14:42 - 2014-06-12 15:52 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 14:42 - 2014-06-12 15:52 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 14:42 - 2014-06-12 15:52 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 14:41 - 2014-06-12 15:52 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 14:41 - 2014-06-12 15:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 23:25 - 2014-02-14 02:23 - 00000000 ___DC () C:\Users\User\Desktop\Left Boy - Permanent Midnight (2014)
2014-06-06 19:55 - 2014-05-30 11:07 - 00000000 ___DC () C:\Users\User\Desktop\snumm-c
2014-06-02 05:38 - 2014-06-02 05:39 - 00000000 ___DC () C:\Users\User\AppData\Local\PAYDAY 2
2014-06-02 05:38 - 2014-06-02 05:38 - 00000000 ___DC () C:\Program Files (x86)\AGEIA Technologies
2014-05-31 00:19 - 2014-05-31 00:19 - 00271200 ____C () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-31 00:19 - 2014-05-31 00:19 - 00075136 ____C () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-17 17:17 - 2012-11-21 13:34 - 00000000 ___DC () C:\Users\User\Desktop\Hucci – Novacane EP (2012)
2014-05-17 17:16 - 2014-05-17 17:17 - 88883301 ____C () C:\Users\User\Desktop\Hucci – Novacane EP (2012).rar
2014-05-17 08:54 - 2014-06-14 20:42 - 00000000 ___DC () C:\Users\User\AppData\Roaming\DropboxMaster
2014-05-16 00:06 - 2014-05-11 12:08 - 00000000 ___DC () C:\Users\User\Desktop\FACES
2014-05-15 23:47 - 2014-05-15 23:48 - 92962174 ____C () C:\Users\User\Desktop\mixtape.zip
2014-05-15 18:50 - 2014-05-16 03:02 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 18:50 - 2014-05-16 03:02 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 18:50 - 2014-05-16 03:01 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 18:50 - 2014-05-16 03:01 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 18:50 - 2014-05-16 03:01 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 18:50 - 2014-05-16 03:01 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 18:50 - 2014-05-16 03:01 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 18:50 - 2014-05-16 03:01 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 18:50 - 2014-05-16 03:01 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 18:50 - 2014-05-16 03:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

==================== One Month Modified Files and Folders =======

2014-06-14 21:42 - 2014-06-14 21:42 - 00019122 ____C () C:\Users\User\Desktop\FRST.txt
2014-06-14 21:42 - 2014-01-03 15:39 - 00000000 ___DC () C:\FRST
2014-06-14 21:42 - 2011-09-01 21:37 - 00000000 ___DC () C:\Users\User\AppData\Roaming\Skype
2014-06-14 21:42 - 2011-08-31 16:47 - 00000000 ___DC () C:\Users\User\AppData\Local\Temp
2014-06-14 21:41 - 2014-06-14 21:41 - 02081792 ____C (Farbar) C:\Users\User\Desktop\FRST64 (1).exe
2014-06-14 21:37 - 2011-08-31 16:47 - 01376676 ____C () C:\Windows\WindowsUpdate.log
2014-06-14 21:35 - 2014-02-14 06:32 - 00000000 ___DC () C:\Windows\rescache
2014-06-14 21:33 - 2013-12-11 23:17 - 00001106 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-14 21:30 - 2012-10-21 11:33 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-14 20:42 - 2014-05-17 08:54 - 00000000 ___DC () C:\Users\User\AppData\Roaming\DropboxMaster
2014-06-14 20:42 - 2013-05-11 21:03 - 00000000 ___DC () C:\Users\User\AppData\Roaming\Dropbox
2014-06-14 20:42 - 2009-07-14 06:45 - 00022080 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-14 20:42 - 2009-07-14 06:45 - 00022080 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-14 20:41 - 2013-12-11 23:17 - 00001102 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-14 20:36 - 2009-07-14 05:20 - 00000000 ___DC () C:\Windows\tracing
2014-06-14 20:34 - 2014-01-06 04:56 - 00029420 ____C () C:\Windows\setupact.log
2014-06-14 20:34 - 2013-09-26 17:20 - 00065536 ____C () C:\Windows\system32\Ikeext.etl
2014-06-14 20:34 - 2009-07-14 07:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2014-06-14 13:54 - 2014-04-14 02:11 - 00002036 ____C () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-14 11:28 - 2013-09-26 17:19 - 00450456 ____C () C:\Windows\PFRO.log
2014-06-14 00:18 - 2014-04-14 02:11 - 01039096 ____C (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-14 00:18 - 2014-04-14 02:11 - 00423240 ____C (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-14 00:18 - 2014-04-14 02:11 - 00085328 ____C (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-14 00:17 - 2014-06-14 00:17 - 00043152 ____C (AVAST Software) C:\Windows\avastSS.scr
2014-06-14 00:17 - 2014-06-14 00:17 - 00029208 ____C () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-14 00:17 - 2014-04-14 02:11 - 00334648 ____C (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-14 00:17 - 2014-04-14 02:11 - 00208416 ____C () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-14 00:17 - 2014-04-14 02:11 - 00093568 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-14 00:17 - 2014-04-14 02:11 - 00079184 ____C (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-14 00:17 - 2014-04-14 02:11 - 00065776 ____C () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-14 00:17 - 2014-04-14 02:11 - 00003924 ____C () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-14 00:14 - 2014-06-14 00:14 - 00000000 ___DC () C:\Users\User\AppData\Roaming\Avira
2014-06-14 00:13 - 2014-06-13 23:49 - 00000000 ___DC () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-06-13 23:59 - 2012-05-24 19:30 - 00001813 ____C () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-06-13 23:50 - 2014-06-13 23:50 - 00000000 ____C () C:\autoexec.bat
2014-06-13 23:49 - 2014-06-13 23:49 - 00000000 ___DC () C:\Program Files\Enigma Software Group
2014-06-13 23:48 - 2014-06-13 23:48 - 00728960 ____C (Enigma Software Group USA, LLC.) C:\Users\User\Desktop\SpyHunter-Installer.exe
2014-06-13 23:41 - 2014-04-28 15:38 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 18:00 - 2012-05-23 19:52 - 00000462 ____C () C:\Windows\Tasks\SpeedMaxPc Registration3.job
2014-06-12 15:53 - 2014-06-12 14:42 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 15:53 - 2014-06-12 14:42 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 15:53 - 2013-08-04 15:27 - 00000000 ___DC () C:\Windows\system32\MRT
2014-06-12 15:53 - 2011-08-31 17:35 - 95414520 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 15:52 - 2014-06-12 14:44 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 15:52 - 2014-06-12 14:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 15:52 - 2014-06-12 14:44 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 15:52 - 2014-06-12 14:44 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 15:52 - 2014-06-12 14:44 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 15:52 - 2014-06-12 14:44 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 15:52 - 2014-06-12 14:44 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 15:52 - 2014-06-12 14:44 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 15:52 - 2014-06-12 14:44 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 15:52 - 2014-06-12 14:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 15:52 - 2014-06-12 14:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 15:52 - 2014-06-12 14:42 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 15:52 - 2014-06-12 14:42 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 15:52 - 2014-06-12 14:42 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 15:52 - 2014-06-12 14:42 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 15:52 - 2014-06-12 14:42 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 15:52 - 2014-06-12 14:42 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 15:52 - 2014-06-12 14:42 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 15:52 - 2014-06-12 14:42 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 15:52 - 2014-06-12 14:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 15:52 - 2014-06-12 14:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 15:52 - 2014-06-12 14:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 15:52 - 2014-06-12 14:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 15:52 - 2014-06-12 14:41 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 15:52 - 2014-06-12 14:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-12 15:52 - 2014-05-07 23:41 - 00000000 __SDC () C:\Windows\system32\CompatTel
2014-06-12 01:37 - 2014-04-28 15:38 - 00000947 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-08 04:58 - 2012-05-23 19:52 - 00000342 ____C () C:\Windows\Tasks\SpeedMaxPc.job
2014-06-05 01:33 - 2013-05-26 14:37 - 00001402 ____C () C:\Users\User\Desktop\Neues Textdokument (2).txt
2014-06-02 21:23 - 2012-02-06 21:01 - 00000000 ___DC () C:\Users\User\AppData\Roaming\TS3Client
2014-06-02 05:39 - 2014-06-02 05:38 - 00000000 ___DC () C:\Users\User\AppData\Local\PAYDAY 2
2014-06-02 05:38 - 2014-06-02 05:38 - 00000000 ___DC () C:\Program Files (x86)\AGEIA Technologies
2014-05-31 00:19 - 2014-05-31 00:19 - 00271200 ____C () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-31 00:19 - 2014-05-31 00:19 - 00075136 ____C () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-31 00:19 - 2012-04-30 23:59 - 00271200 ____C () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-05-30 17:53 - 2013-03-25 22:48 - 00000000 __RDC () C:\Program Files (x86)\Skype
2014-05-30 11:07 - 2014-06-06 19:55 - 00000000 ___DC () C:\Users\User\Desktop\snumm-c
2014-05-29 20:07 - 2013-05-11 21:03 - 00000000 ___DC () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-29 20:07 - 2011-08-31 16:47 - 00000000 __RDC () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 17:17 - 2014-05-17 17:16 - 88883301 ____C () C:\Users\User\Desktop\Hucci – Novacane EP (2012).rar
2014-05-16 03:18 - 2011-08-31 16:47 - 00000000 __RDC () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 03:18 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-16 03:02 - 2014-05-15 18:50 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-16 03:02 - 2014-05-15 18:50 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-16 03:01 - 2014-05-15 18:50 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-16 03:01 - 2014-05-15 18:50 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-16 03:01 - 2014-05-15 18:50 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-16 03:01 - 2014-05-15 18:50 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-16 03:01 - 2014-05-15 18:50 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-16 03:01 - 2014-05-15 18:50 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-16 03:01 - 2014-05-15 18:50 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-16 03:01 - 2014-05-15 18:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 23:48 - 2014-05-15 23:47 - 92962174 ____C () C:\Users\User\Desktop\mixtape.zip
2014-05-15 19:18 - 2011-09-01 21:59 - 00000000 ___DC () C:\Windows\System32\Tasks\Games

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\AutoRun.exe
C:\Users\User\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\User\AppData\Local\Temp\drm_dialogs.dll
C:\Users\User\AppData\Local\Temp\drm_dyndata_7340014.dll
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxplmpf.dll
C:\Users\User\AppData\Local\Temp\EAInstall.dll
C:\Users\User\AppData\Local\Temp\eauninstall.exe
C:\Users\User\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\User\AppData\Local\Temp\Need for Speed Carbon_uninst.exe
C:\Users\User\AppData\Local\Temp\RDtemp.exe
C:\Users\User\AppData\Local\Temp\SHSetup.exe
C:\Users\User\AppData\Local\Temp\SIntf16.dll
C:\Users\User\AppData\Local\Temp\SIntf32.dll
C:\Users\User\AppData\Local\Temp\SIntfNT.dll
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 00:15

==================== End Of Log ============================
         
--- --- ---


Und hier die Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by User at 2014-06-14 21:42:43
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AntiVir Desktop (Disabled - Out of date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Disabled - Out of date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.01.14 - ASUSTeK)
ANNO 1503 (HKLM-x32\...\{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}) (Version: 1.04.00 - )
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applon (HKLM-x32\...\Applon) (Version:  - Applon)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.2.2.000 - Asmedia Technology)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4158 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (de-DE) (x32 Version: 14.0.1001.229 - AVG) Hidden
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.204 - AVG) Hidden
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
Call of Duty 4: Modern Warfare (HKLM-x32\...\Steam App 7940) (Version:  - Infinity Ward)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - )
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward - Sledgehammer Games)
CameraHelperMsi (x32 Version: 13.30.1395.0 - Logitech) Hidden
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
CortonAndHomePage (HKLM-x32\...\CortonAndHomePage) (Version:  - CortonAndHomePage)
Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Counter-Strike: Source Beta (HKLM-x32\...\Steam App 260) (Version:  - )
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version:  - Valve)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve )
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
Grepo (HKLM-x32\...\Grepo) (Version:  - Grepo)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Logitech GamePanel Software 3.05.151 (HKLM\...\{BF9FD124-1112-4C8D-8F79-779A11C6287D}) (Version: 3.05.151 - Logitech Inc.)
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.30.1396.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.30.1346.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
mp3-2-wav converter 1.14 (HKLM-x32\...\mp3-2-wav) (Version:  - )
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version:  - )
Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version:  - )
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.8.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Post Apocalyptic Mayhem (HKLM-x32\...\Steam App 91900) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0142 - REALTEK Semiconductor Corp.)
ResultsAlpha (HKLM\...\ResultsAlpha) (Version: 2013.11.20.232030 - ResultsAlpha)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Savings Explorer (HKLM-x32\...\Savings Explorer) (Version: 1.26.153.0 - 215 Apps) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.4.178.g259772ba - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.12 - TeamSpeak Systems GmbH)
The Lord of the Rings: War in the North (HKLM-x32\...\Steam App 32800) (Version:  - Snowblind)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3500.13 - TuneUp Software) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Restore Points  =========================

13-06-2014 21:49:37 Installed SpyHunter
13-06-2014 22:12:42 Removed SpyHunter
13-06-2014 22:16:39 Removed Adobe Reader X (10.1.9) - Deutsch.
13-06-2014 22:17:38 avast! antivirus system restore point

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____C C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0B28D0C9-2164-494E-A8D4-4E8287D54162} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {12795837-019C-437D-9AD1-BF906E112B9B} - System32\Tasks\3811b820 => C:\Users\User\AppData\Local\Temp\\setup940685344.exe <==== ATTENTION
Task: {13679920-7C52-4C93-94B7-0745766C7371} - System32\Tasks\c8b9e200 => C:\Users\User\AppData\Local\Temp\\setup3367625216.exe <==== ATTENTION
Task: {14DE9B70-625D-43D9-9694-C753218D2E50} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {17FDADDF-D979-40AF-92C9-375D8F07286B} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
Task: {1C7547FA-C1A8-4442-BD34-0E89576749B0} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION
Task: {25CD134E-F17D-4453-BF68-B3D6E290D745} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {2645E69D-3369-4B6B-8599-8A50FA0238B3} - System32\Tasks\SpeedMaxPc Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SpeedMaxPc\UUS3\UUS3.dll" RunUns
Task: {278B3C5B-27A4-4DF9-B8D9-D46E005B5BB1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {2854B237-2842-4010-8F4C-52A79B357E95} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe
Task: {2E40DE7F-3B9E-4191-BB42-B1FC143F2E72} - System32\Tasks\e7bad500 => C:\Users\User\AppData\Local\Temp\\setup3887781120.exe <==== ATTENTION
Task: {356C46F8-24E8-4436-87AC-A58EC0D44809} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {3DE4608C-613E-4348-8409-DFCEFDCE4EEC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {45178E82-A9E8-4ED4-B919-8A11B019F58C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {4628B275-DD7A-4767-866F-6C6E0964F33B} - System32\Tasks\1989340 => C:\Users\User\AppData\Local\Temp\\setup26776384.exe <==== ATTENTION
Task: {4734FB9A-3101-4CD5-A441-995FF99D02CF} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {48B94EF0-51FE-4F17-84C8-A807D84C8076} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-11] (Google Inc.)
Task: {60AEB901-5FCF-4E5C-95B7-A88B22B76CB6} - System32\Tasks\158279c0 => C:\Users\User\AppData\Local\Temp\\setup360872384.exe <==== ATTENTION
Task: {646F8675-DB10-4DDB-9272-C414B1BF7B6E} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {687C341B-D343-4957-A5DC-0DBD9D138B60} - System32\Tasks\f7107540 => C:\Users\User\AppData\Local\Temp\\setup4044565920.exe <==== ATTENTION
Task: {69C50DA7-E383-4F04-8429-4333BA44D0B1} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {6DAA9B73-24B0-47E9-8469-0F869FE688C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-09] (Adobe Systems Incorporated)
Task: {808BAD3B-69AC-4F3E-894E-5422F35D779F} - System32\Tasks\{0B451ACA-3B9D-41BE-ACA4-5DD9C5BF63DC} => E:\Steam\SteamApps\common\Just Cause 2\JustCause2.exe [2013-10-30] (Avalanche Studios)
Task: {824D1F57-889B-4440-9B35-39FC32A3A930} - System32\Tasks\4d7b1dc0 => C:\Users\User\AppData\Local\Temp\\setup1299914176.exe <==== ATTENTION
Task: {85996536-3D20-4DF0-BA3E-ED3C016C4FD4} - System32\Tasks\SpeedMaxPc => E:\Programme\Max PC\SpeedMaxPc\SpeedMaxPc.exe
Task: {9156D650-4518-476B-9CE9-03DE8DF911B8} - System32\Tasks\61e85940 => C:\Users\User\AppData\Local\Temp\\setup3927979424.exe <==== ATTENTION
Task: {A482E9A3-C913-47A5-BBD3-2BA2F7869C93} - System32\Tasks\383002e0 => C:\Users\User\AppData\Local\Temp\\setup942670560.exe <==== ATTENTION
Task: {A68A8A5A-9644-4DD9-AACE-24442A053D69} - System32\Tasks\{1FA92E8F-701D-4EB5-9B18-C8C1D5A97120} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {A79D230E-353C-45AE-AAA1-AF21109DDA4A} - System32\Tasks\Updater21058.exe => C:\Users\User\AppData\Local\Updater21058\Updater21058.exe <==== ATTENTION
Task: {A9EE7895-540C-460C-8551-E2DDF8636266} - System32\Tasks\{8B314421-745C-4966-A099-DA19B2C8F5A4} => F:\Setup.exe
Task: {ACDA4449-A330-4032-89E9-D24DBD05CB85} - System32\Tasks\{7AC7F861-81B4-4D42-BB8B-DDD3B3D760A5} => D:\setup.exe
Task: {B4EF026D-C9F7-4A42-816D-24079F41E41B} - System32\Tasks\Google Updater and Installer => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {BB2D6C94-2A3D-44EC-9FAF-5A5AB2251D04} - System32\Tasks\9150c960 => C:\Users\User\AppData\Local\Temp\\setup2437990752.exe <==== ATTENTION
Task: {BED04F96-925F-4EFF-ACBE-9FE43F5B5F27} - System32\Tasks\f34b6d20 => C:\Users\User\AppData\Local\Temp\\setup4081806624.exe <==== ATTENTION
Task: {C1464C8B-BA9B-4F8E-A82C-ABCFC33286D6} - System32\Tasks\34cb46a0 => C:\Users\User\AppData\Local\Temp\\setup885737120.exe <==== ATTENTION
Task: {C71D5F73-62CC-4F22-8B80-B565B36EB6E6} - System32\Tasks\9c872660 => C:\Users\User\AppData\Local\Temp\\setup1561421056.exe <==== ATTENTION
Task: {CC94DD85-C251-48AA-AD56-105DEC89FFF1} - System32\Tasks\4ded2620 => C:\Users\User\AppData\Local\Temp\\setup1307387424.exe <==== ATTENTION
Task: {CF17C1E7-5EC3-4CB8-AFEE-813B7318C0F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-11] (Google Inc.)
Task: {DAD4B66D-1753-438C-887F-075C0592BF6C} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe
Task: {DC364436-E619-4BA3-A03C-79A32191EF33} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-14] (AVAST Software)
Task: {DD80861F-6637-4B73-ABC6-38ED25BCAE09} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {E9842E41-541C-459A-97BC-BF5193234C98} - System32\Tasks\849e3340 => C:\Users\User\AppData\Local\Temp\\setup2224960320.exe <==== ATTENTION
Task: {F8497C47-7EF8-4F23-BDB8-2570CCA37162} - System32\Tasks\a3cc7dc0 => C:\Users\User\AppData\Local\Temp\\setup2748087744.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SpeedMaxPc Registration3.job => C:\Program Files (x86)\Common Files\SpeedMaxPc\UUS3\UUS3.dll
Task: C:\Windows\Tasks\SpeedMaxPc.job => E:\Programme\Max PC\SpeedMaxPc\SpeedMaxPc.exe

==================== Loaded Modules (whitelisted) =============

2012-05-23 20:17 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-31 00:19 - 2014-05-31 00:19 - 00075136 ____C () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-14 13:53 - 2014-06-14 13:53 - 02775040 ____C () C:\Program Files\AVAST Software\Avast\defs\14061300\algo.dll
2014-04-14 02:11 - 2014-04-14 02:11 - 19336120 ____C () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-14 20:42 - 2014-06-14 20:42 - 00043008 ____C () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxplmpf.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 ____C () C:\Users\User\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-17 00:36 - 2014-03-15 02:50 - 00051016 ____C () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-17 00:36 - 2014-03-15 02:50 - 00716616 ____C () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-17 00:36 - 2014-03-15 02:50 - 00100168 ____C () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-17 00:36 - 2014-03-15 02:50 - 04061000 ____C () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-17 00:36 - 2014-03-15 02:50 - 00394568 ____C () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-17 00:36 - 2014-03-15 02:50 - 01647432 ____C () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-17 00:36 - 2014-03-15 02:50 - 13637448 ____C () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: asHmComSvc => 2
MSCONFIG\Services: AsSysCtrlService => 2
MSCONFIG\Services: AVM WLAN Connection Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssSrv => 2
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: Realtek11nSU => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk => C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: AVMWlanClient => C:\Program Files (x86)\avmwlanstick\wlangui.exe
MSCONFIG\startupreg: Download Protect => C:\ProgramData\dlprotect.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iTunesHelper => "E:\Programme\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: Launch LCDMon => "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
MSCONFIG\startupreg: Launch LgDeviceAgent => "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Skytel => C:\Program Files\Realtek\Audio\HDA\Skytel.exe
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: Steam => "E:\Steam\steam.exe" -silent

==================== Faulty Device Manager Devices =============

Name: AT1A0S1H IDE Controller
Description: AT1A0S1H IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: akt3cwlr
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2014 09:33:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi

Error: (06/14/2014 09:29:03 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (06/14/2014 08:56:16 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi

Error: (06/14/2014 08:42:04 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi

Error: (06/14/2014 08:38:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (06/14/2014 08:36:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2014 03:06:57 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi

Error: (06/14/2014 02:33:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi

Error: (06/14/2014 02:06:57 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi

Error: (06/14/2014 01:58:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.


System errors:
=============
Error: (06/14/2014 08:37:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (06/14/2014 08:37:51 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (06/14/2014 08:35:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
prodrv06
prohlp02
prosync1
sfhlp01

Error: (06/14/2014 08:35:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Skype Click to Call PNR Service" wurde nicht richtig gestartet.

Error: (06/14/2014 08:34:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AVG PC TuneUp Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/14/2014 08:34:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Hotspot Shield Monitoring Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/14/2014 08:34:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AVG WatchDog" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/14/2014 08:34:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AVGIDSAgent" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/14/2014 08:34:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\prodrv06.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/14/2014 01:56:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069


Microsoft Office Sessions:
=========================
Error: (06/14/2014 09:33:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/14/2014 09:29:03 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*e:\programme\spybot - search & destroy\DelZip179.dlle:\programme\spybot - search & destroy\DelZip179.dll8

Error: (06/14/2014 08:56:16 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/14/2014 08:42:04 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/14/2014 08:38:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: 16000000003ED302003FD30200600B0000

Error: (06/14/2014 08:36:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2014 03:06:57 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/14/2014 02:33:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/14/2014 02:06:57 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/14/2014 01:58:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: 16000000003ED302003FD30200600B0000


CodeIntegrity Errors:
===================================
  Date: 2013-11-14 19:17:58.378
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-14 19:17:58.321
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-14 19:17:58.247
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-14 19:17:58.200
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-14 19:16:44.036
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-14 19:16:43.989
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-14 19:16:43.928
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-14 19:16:43.882
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-12 19:03:46.418
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-12 19:03:46.366
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\RtkAPO64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 30%
Total physical RAM: 8173.26 MB
Available physical RAM: 5692.74 MB
Total Pagefile: 16344.7 MB
Available Pagefile: 13756.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Magersüchtiges Laufwerk :D) (Fixed) (Total:55.8 GB) (Free:19.85 GB) NTFS
Drive e: (Fettes Laufwerk :D) (Fixed) (Total:1863.01 GB) (Free:1443.37 GB) NTFS
Drive g: () (Removable) (Total:7.59 GB) (Free:4.49 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: AD128681)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 56 GB) (Disk ID: 94DA5E1D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=56 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=8 GB) - (Type=0B)

==================== End Of Log ============================
         

danke für deine schnelle Antwort
__________________

Alt 13.06.2014, 21:19   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7 Malwareprobleme - Standard

Win7 Malwareprobleme



Hi,

Code:
ATTFilter
FF NetworkProxy: "http", "184.154.198.154"
FF NetworkProxy: "http_port", 8080
         
Kann der weg?


Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4158 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (de-DE) (x32 Version: 14.0.1001.229 - AVG) Hidden
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.204 - AVG) Hidden
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
         
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Navigiere anschließend über
    zu und drücke den "Aktualisieren" Button.


Info

Mehrere Antivirusprogramme:
Ich habe in den Logs festgestellt, dass auf diesem Rechner mehr als ein Antivirusprogramm mit Echtzeitschutz installiert ist.
Das erzeugt antagonistische Effekte und vermindert dadurch die Schutzleistung.
Die Sicherheit wird damit nicht erhöht. Bitte deinstalliere einen der beiden Scanner.




Schritt 2

Bitte deinstalliere folgende Programme:

Avira
AVG 2014
AVG PC TuneUp 2014
Google Update Helper
Java 7 Update 45
Savings Explorer


Versuche es bei Windows 7 zunächst über Systemsteuerung/Programme deinstallieren.

Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhier herunter. Entpacke die zip-Datei auf den Desktop.
  • Starte die Revouninstaller.exe
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den oben angegebenen Programmen und wähle sie einzeln aus.
    Klicke jedesmal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Schritt 3
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 4
Scan mit Malwarebytes Antimalware
Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
Poste mir den Inhalt der Logdatei. Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 5
Downloade Dir HitmanProauf Deinen Desktop:

HitmanPro - 32 Bit
HitmanPro - 64 Bit
  • Starte die HitmanPro.exe
  • Klicke auf Weiter und akzeptiere die Lizenzbedingungen. Klicke auf Weiter.
  • Wähle "Nein, ich möchte nur einen Einmalscan zur Überprüfung dieses Computers ausführen" aus und klicke auf Weiter.
  • Lass am Ende des Suchlaufs alle auftretende Funde in die Quarantäne verschieben und klicke auf Weiter.
  • Wähle unten links auf der Button-Leiste Logdatei speichern und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro.

Poste bitte den Inhalt der HitmanPro_<Datum_Uhrzeit>.txt mit Deiner nächsten Antwort.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 13.06.2014, 23:49   #5
käsenudel
 
Win7 Malwareprobleme - Standard

Win7 Malwareprobleme



Macht es Sinn den proxy zu behalten?

AVG ließ sich nicht deinstallieren auch nicht mit dem Uninstaller.

Wie komme ich nochmal an den ersten Log von adwarecleaner ran?
Ich hatte den vorhin schon in die antwort kopiert & hitman hat dann meinen browser abgeschossen.

Hier auf jeden Fall mal der Log von Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 15.06.2014
Scan Time: 00:21:23
Logfile: 
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.13.09
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 274864
Time Elapsed: 4 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
         

Und dann der von Hitman:


Code:
ATTFilter
HitmanPro 3.7.9.216
www.hitmanpro.com

   Computer name . . . . : USER-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : User-PC\User
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-06-15 00:35:15
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 58s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 274

   Objects scanned . . . : 1.488.035
   Files scanned . . . . : 64.724
   Remnants scanned  . . : 441.874 files / 981.437 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFFA8006906CB0
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA80066C92C0 +0
   Solution
      DriverObject . . . : FFFFFA8006906CB0
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF88000E074D8 \SystemRoot\system32\drivers\ataport.SYS+29912

Suspicious files ____________________________________________________________

   C:\Users\User\AppData\Local\PunkBuster\COD4\pb\dll\wc002301.dll
      Size . . . . . . . : 967.213 bytes
      Age  . . . . . . . : 749.5 days (2012-05-26 12:57:53)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4BD30C84D354E3B8B5236F48F62718D6E4F2A6DAA303365B6DFCE45D21DFE853
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\User\AppData\Local\PunkBuster\COD4\pb\pbcl.dll
      Size . . . . . . . : 967.213 bytes
      Age  . . . . . . . : 651.9 days (2012-09-01 02:23:22)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4BD30C84D354E3B8B5236F48F62718D6E4F2A6DAA303365B6DFCE45D21DFE853
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\User\AppData\Local\PunkBuster\COD4\pb\pbclold.dll
      Size . . . . . . . : 967.213 bytes
      Age  . . . . . . . : 775.0 days (2012-04-30 23:58:59)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4BD30C84D354E3B8B5236F48F62718D6E4F2A6DAA303365B6DFCE45D21DFE853
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\User\AppData\Local\PunkBuster\COD4\pb\PnkBstrK.sys
      Size . . . . . . . : 138.160 bytes
      Age  . . . . . . . : 775.0 days (2012-04-30 23:59:28)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 171C32702C73ECD6EAD6A120C5E0BCE649444BE4068C4ECA4C548644DF151A5E
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\User\AppData\Local\PunkBuster\HEROES\pb\dll\wc002323.dll
      Size . . . . . . . : 956.648 bytes
      Age  . . . . . . . : 404.0 days (2013-05-07 01:01:43)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E88505208F2EA9F150F451C73EEFE57D54A7F50E9D24CB9E647D95A1E826A052
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\User\AppData\Local\PunkBuster\HEROES\pb\pbcl.dll
      Size . . . . . . . : 956.648 bytes
      Age  . . . . . . . : 404.0 days (2013-05-07 01:34:55)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E88505208F2EA9F150F451C73EEFE57D54A7F50E9D24CB9E647D95A1E826A052
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\User\AppData\Local\PunkBuster\HEROES\pb\pbclold.dll
      Size . . . . . . . : 956.648 bytes
      Age  . . . . . . . : 404.0 days (2013-05-07 00:56:07)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E88505208F2EA9F150F451C73EEFE57D54A7F50E9D24CB9E647D95A1E826A052
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\User\AppData\Local\PunkBuster\HEROES\pb\PnkBstrK.sys
      Size . . . . . . . : 139.648 bytes
      Age  . . . . . . . : 404.0 days (2013-05-07 00:56:42)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 164A5F0B9153B75F8955C44BFAE12B594B8D53922AE090132695FF2DAD191C8A
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\c\ (Claro)
   HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\2E4A8FA31C5CBF34AB8A9A1FEEC064D1\F092B960893592640A90584BCB4B1B9B (Claro)
   HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9\ (AskBar)
   HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Unknown\shell\openas\command\Advanced System Protector.bak (AdvSysProtector)
   HKLM\SOFTWARE\Classes\Unknown\shell\opendlg\command\Advanced System Protector.bak (AdvSysProtector)
   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\2E4A8FA31C5CBF34AB8A9A1FEEC064D1\F092B960893592640A90584BCB4B1B9B (Claro)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964\ (FLV Player)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7\ (Claro)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467\ (FLV Player)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9FAC99E2D8280F4482F22004D09FBA2\ (Claro)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE26D37B0FFFAE4559860C5C4D938B71\ (Claro)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F092B960893592640A90584BCB4B1B9B\ (Claro)
   HKU\S-1-5-21-4092284354-3438196892-795775571-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-4092284354-3438196892-795775571-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
   HKU\S-1-5-21-4092284354-3438196892-795775571-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{9D717F81-9148-4F12-8568-69135F087DB0} (SearchQU)
   HKU\S-1-5-21-4092284354-3438196892-795775571-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe (FLV Player)
   HKU\S-1-5-21-4092284354-3438196892-795775571-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0B15A8F2-9FA1-4149-B76F-6D50FEE7054F}\ (Conduit)
   HKU\S-1-5-21-4092284354-3438196892-795775571-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
   HKU\S-1-5-21-4092284354-3438196892-795775571-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find)
   HKU\S-1-5-21-4092284354-3438196892-795775571-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0},\ (SearchQU)

Cookies _____________________________________________________________________

   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adnet.de
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.auditude.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.inpulds.info
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.movad.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.propellerads.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.velmedia.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adsrvmedia.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cinamuse.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cinemaden.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.escinteractive.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.filmlush.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.flixaddict.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ibtracking.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mail3x.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.moviease.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pornerbros.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pushplay.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.reddollars.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.reelvidz.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.smartstream.tv
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.trafficjunky.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserv.me
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adreactor.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.directcorp.de
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultadworld.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultfriendfinder.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertizenet.rotator.hadj7.adjuggler.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:anyporn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:anysex.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:brazzers.myporno.biz
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:cnt.winporn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:collectionofbestporn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:conrad.122.2o7.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:delivery.trafficforce.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:einfachporno.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.pgmediaserve.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.phn.doublepimp.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.streamate.doublepimp.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:eporner.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:epornercams.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:epornik.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ero-advertising.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:hellporno.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:img.mediaplex.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:livejasmin.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:partypoker.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:pinkpornstars.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornburger.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:porndig.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornme.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornoid.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornorc.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornsharing.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:porntube.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexad.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.dealtime.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.complex.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:sunporno.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:survey.g.doubleclick.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:teensexcouple.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:thenewporn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubepornstars.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ultra-pornstars.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:vporn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:winporn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.amazesex.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.eporner.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pinkpornstars.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.porndig.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pornoid.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pornorc.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.porntube.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sexanzeigen69.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.thenewporn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.tubepornstars.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.ultra-pornstars.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.winporn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.youporn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:xp2.zedo.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:xxxpornvideos.eu
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:youporn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\1NT61OKX.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\1VUTUVYN.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\416YPR9Y.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\6QOIMK8U.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\7VV2DAS8.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\F5V276J2.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\FK15LN8A.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\FVUBFOJR.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\GY84ZMSK.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\MCEELPO0.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\MI5K1J4N.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\MV4D0YK4.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\MVSZN186.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\O5R1Q5GP.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\V4909VFT.txt
   C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\X2D1UPL2.txt
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:2o7.net
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:3teensex.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:4porn.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:4tube.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:ad.12mnkys.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:adultadworld.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:alphaporno.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:anyporn.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:anysex.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:befuck.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:brazzers.myporno.biz
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:carlson.112.2o7.net
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:celebsxxx.info
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:de.sitestat.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:delivery.hornyspots.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:doubleclick.net
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:eporner.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:ext.myshopres.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:f.brazzers.myporno.biz
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:fr.sitestat.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:freehdporn.ws
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:fucked-tube.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:happy-porn.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:hardcoreteen-porn.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:hardcoreteenporni.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:hardexxx.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:hardsextube.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:hdcollegesex.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:hdpussy.xxx
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:hdteenporn.xxx
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:hellporno.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:hoeporntube.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:hot-sex-tube.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:invitemedia.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:mofosex.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:mysexgames.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:oracle.112.2o7.net
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:pornerbrosextrem.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:pornexa.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:porngames.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:pornhub.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:pornhubgold.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:pornmd.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:pornojizzhut.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:pornsharing.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:porntube.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:sexyteengirlz.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:stat.dealtime.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:statcounter.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:stats.complex.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:stats.paypal.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:superiorpornhub.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:teenporn.pro
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:teensextube.xxx
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:teensinporno.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:teensporntube.org
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:track.usamp.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:userporn.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:viporn.net
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:www.4tube.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:www.befuck.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:www.eporner.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:www.etracker.de
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:www.googleadservices.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:www.hoeporntube.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:www.mofosex.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:www.pornexa.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:www.porngames.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:www.pornhub.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:www.pornhubgold.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:www.pornmd.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:www.porntube.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:www.teenporn.pro
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:xiti.com
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:yadro.ru
   C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0iza4jt1.default\cookies.sqlite:youngpussyporn.com
         


Alt 14.06.2014, 12:02   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7 Malwareprobleme - Standard

Win7 Malwareprobleme



Adwarecleaner-Log kannst Du hier finden:

Code:
ATTFilter
C:\AdwCleaner\AdwCleaner[Sx].txt.
         
Poste es zusammen mit den nächsten Schritten...

Ist auch immer besser, wenn man bei Scans alle Anwendungen schließt.

Wegen dem Proxy: https://support.mozilla.org/de/kb/Ei...itt#w_netzwerk (siehe Verbindungseinstellungen)


Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 2



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________
--> Win7 Malwareprobleme

Antwort

Themen zu Win7 Malwareprobleme
antivir, antivirus, avast, avira, datei, dateien, flash player, folge, free, gefährlich, infiziert, internet, keine rückmeldung, keine rückmeldung mehr, malware, malwarebytes, problem, registry, scan, schließen, seite, setup, stick, verbindung, viren, wlan



Ähnliche Themen: Win7 Malwareprobleme


  1. Div. Bluescreens bei Win7 und Win7-Installation nach durchgeb. Netzteil
    Alles rund um Windows - 24.11.2013 (8)
  2. Win7 32 bit auf 64bit win7 updeaten
    Alles rund um Windows - 08.09.2013 (10)
  3. GVU Trojaner Win7
    Log-Analyse und Auswertung - 18.08.2013 (9)
  4. Gvu/bka 2.12 win7
    Log-Analyse und Auswertung - 30.07.2013 (1)
  5. gvu trojaner auf win7
    Plagegeister aller Art und deren Bekämpfung - 29.06.2013 (21)
  6. GVU Win7 64 Bit
    Log-Analyse und Auswertung - 14.05.2013 (15)
  7. Win7 GVU Sperre
    Log-Analyse und Auswertung - 18.02.2013 (10)
  8. GVU Trojaner Win7
    Plagegeister aller Art und deren Bekämpfung - 09.01.2013 (1)
  9. GVU Trojaner in Win7
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (3)
  10. Win7 32-bit: GVU 2.07 mit Kamera
    Log-Analyse und Auswertung - 05.11.2012 (45)
  11. GVU Trojaner Win7
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (11)
  12. Win7 64-bit GVU 2.07
    Plagegeister aller Art und deren Bekämpfung - 24.09.2012 (3)
  13. Win7 GVU 2.07 Trojaner
    Plagegeister aller Art und deren Bekämpfung - 15.09.2012 (13)
  14. BKA Trojaner Win7
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (17)
  15. Verschlüsselungstrojaner Win7
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (1)
  16. Ist Win7 Starter genau so sicher wie das normale Win7?
    Alles rund um Windows - 28.07.2011 (2)
  17. Tastaturprobleme Win7
    Alles rund um Windows - 09.02.2011 (12)

Zum Thema Win7 Malwareprobleme - Hallo liebe Community, ich habe folgendes Problem: Ich nehme an, dass mein PC ziemlich stark mit Viren bzw. Malware infiziert ist. Oft wenn ich Videos im Internet streame oder surfe - Win7 Malwareprobleme...
Archiv
Du betrachtest: Win7 Malwareprobleme auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.