Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Virus oder Malware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.07.2014, 22:37   #1
Whais
 
Virus oder Malware - Standard

Virus oder Malware



Guten Abend Forum, ich habe seit einiger zeit ein gewisses Problem das ich keine Admin Rechte mehr habe. Im Windows-TaskManager befinde sich unter der Leiste "Dienste" viele laufende Progamme die ich nicht kenne. Zudem habe ich ein FRST und ein OTL Scan gemacht.

FRST:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by Johan (administrator) on JOHAN-HP on 02-07-2014 22:00:41
Running from C:\Users\Johan\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Akamai Technologies, Inc.) C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\Johan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Akamai Technologies, Inc.) C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(OldTimer Tools) C:\Users\Johan\Desktop\OTL.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-15] (PDF Complete Inc)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-09] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Run: [Google Update] => C:\Users\Johan\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.)
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Run: [Spotify] => C:\Users\Johan\AppData\Roaming\Spotify\Spotify.exe [6189624 2014-06-27] (Spotify Ltd)
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Run: [Spotify Web Helper] => C:\Users\Johan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-27] (Spotify Ltd)
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Policies\system: [DisableChangePassword] 0
Startup: C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x41DD82C4DC3FCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {12063E56-B000-4E34-AB0F-F240CEFB0419} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {68EC1921-C837-408A-8431-BB316D5AC3EA} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {68EC1921-C837-408A-8431-BB316D5AC3EA} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPD36B0EF8-3392-4E33-9A47-071FD043B17D&q={searchTerms}&SSPV=
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPD36B0EF8-3392-4E33-9A47-071FD043B17D&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=78DC643150317328&affID=119357&tt=160913_m2&tsp=5013
SearchScopes: HKCU - {544493B5-8D06-4B85-80FD-44586D80FB6F} URL = 
SearchScopes: HKCU - {555BB94F-6762-4164-8A24-37F8C0023A6B} URL = 
SearchScopes: HKCU - {68EC1921-C837-408A-8431-BB316D5AC3EA} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {8768D5EA-5412-4810-A032-09AD2A726C69} hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab
DPF: HKLM-x32 {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} hxxp://dl.pmang.com/common/pmangctl/pmangax.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\wjarvfn1.default
FF Homepage: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPD36B0EF8-3392-4E33-9A47-071FD043B17D&SSPV=
FF SelectedSearchEngine: Conduit Search
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @pmang.com/npPMangFX - C:\Windows\system32\npPMangFX.dll No File
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Johan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Johan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\wjarvfn1.default\Extensions\staged [2014-01-17]
FF Extension: No Name - C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\wjarvfn1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi []

Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\Johan\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Johan\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Johan\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Kalydo Player Plugin for Mozilla) - C:\Users\Johan\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (YouTube) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Google-Suche) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (YTBoiokMark) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcbnelmanpcpbbhocfmhagblobmpacl [2014-01-17]
CHR Extension: (SmallringFX DarkBlue Theme) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfijmgohofmpjlcgmjplbpmkpchdhpk [2014-01-12]
CHR Extension: (Google Wallet) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (YouTube Unblocker) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2013-11-28]
CHR Extension: (Google Mail) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR Extension: (Extutil) - C:\Users\Johan\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-02-12]
CHR Extension: (Managera) - C:\Users\Johan\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-02-12]
CHR Extension: (YTBoiokMark) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcbnelmanpcpbbhocfmhagblobmpacl\1.1 [2014-01-17]
CHR HKCU\...\Chrome\Extension: [bjninacglmmmbabmlkaegnanopeoiong] - C:\Users\Johan\AppData\Local\CRE\bjninacglmmmbabmlkaegnanopeoiong.crx [2013-08-28]
CHR HKCU\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\Johan\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2013-08-28]
CHR HKCU\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Johan\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Johan\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.24.0.crx [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [bjninacglmmmbabmlkaegnanopeoiong] - C:\Users\Johan\AppData\Local\CRE\bjninacglmmmbabmlkaegnanopeoiong.crx [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\Johan\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [mdomagjabmmppgcpbmkjojjkhonolopp] - C:\ProgramData\Download and Sa\mdomagjabmmppgcpbmkjojjkhonolopp.crx [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Johan\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [2013-08-28]
CHR StartMenuInternet: Google Chrome - C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-04-07] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [281440 2012-06-26] (BullGuard Ltd.)
S2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [199520 2012-06-05] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [379744 2012-06-18] (BullGuard Ltd.)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5827072 2011-12-16] (Native Instruments GmbH) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4159984 2010-12-08] (INCA Internet Co., Ltd.) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-15] (PDF Complete Inc)
S2 SystemStoreService; C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [297984 2014-03-02] () [File not signed]

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 arcvad_ds2dhw; C:\Windows\System32\drivers\ArcVad.sys [27136 2008-10-28] (ArcSoft, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2011-06-11] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [66272 2012-07-03] (BullGuard Ltd.)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-08-13] (AnchorFree Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2011-06-11] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-05-11] (Duplex Secure Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [290376 2012-07-03] (BitDefender S.R.L.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 dump_wmimmc; \??\C:\Neowiz\Pmang\S4League\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-02 22:00 - 2014-07-02 22:00 - 00024699 _____ () C:\Users\Johan\Desktop\FRST.txt
2014-07-02 21:56 - 2014-07-02 21:56 - 02083840 _____ (Farbar) C:\Users\Johan\Desktop\FRST64.exe
2014-07-02 21:46 - 2014-07-02 21:46 - 00071420 _____ () C:\Users\Johan\Desktop\Extras.Txt
2014-07-02 21:45 - 2014-07-02 21:45 - 00129950 _____ () C:\Users\Johan\Desktop\OTL.Txt
2014-07-02 16:53 - 2014-07-02 16:53 - 00000945 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-07-02 16:50 - 2014-07-02 16:50 - 00018976 _____ () C:\Users\Johan\Desktop\dds.txt
2014-07-02 16:50 - 2014-07-02 16:50 - 00005258 _____ () C:\Users\Johan\Desktop\attach.txt
2014-07-02 16:44 - 2014-07-02 16:44 - 00602112 _____ (OldTimer Tools) C:\Users\Johan\Desktop\OTL.exe
2014-07-02 16:43 - 2014-07-02 16:43 - 00688992 ____R (Swearware) C:\Users\Johan\Desktop\dds.scr
2014-07-02 16:34 - 2014-07-02 16:36 - 02672232 _____ () C:\Users\Johan\Desktop\mp3tagv260setup.exe
2014-07-02 00:16 - 2014-07-02 00:16 - 00001749 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files\iTunes
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files\iPod
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-02 00:16 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-07-02 00:12 - 2014-07-02 00:12 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-02 00:12 - 2014-07-02 00:12 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-07-01 12:57 - 2014-07-01 13:00 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\TS3Client
2014-06-30 16:13 - 2014-06-30 16:13 - 00000000 ____D () C:\Users\Johan\Desktop\Daten
2014-06-30 16:12 - 2014-06-30 16:12 - 00000000 ____D () C:\Users\Johan\Documents\Native Instruments
2014-06-30 14:31 - 2014-06-30 14:31 - 00000000 ____D () C:\Users\Johan\AppData\Local\Spotify
2014-06-29 01:59 - 2014-06-29 01:59 - 00000000 __SHD () C:\Users\Mr.SmitchFuckof12345\AppData\Local\EmieUserList
2014-06-29 01:59 - 2014-06-29 01:59 - 00000000 __SHD () C:\Users\Mr.SmitchFuckof12345\AppData\Local\EmieSiteList
2014-06-29 01:57 - 2014-06-29 01:57 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\CrashDumps
2014-06-29 01:39 - 2014-06-29 01:39 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Win7codecs
2014-06-28 14:46 - 2014-06-28 14:46 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Apple
2014-06-28 14:45 - 2014-06-28 14:45 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Avira
2014-06-28 14:41 - 2014-06-28 14:41 - 00098840 _____ () C:\Users\Mr.SmitchFuckof12345\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-28 14:40 - 2014-06-28 14:41 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\ArcSoft
2014-06-28 14:40 - 2014-06-28 14:40 - 00001387 _____ () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\ATI
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Apple Computer
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Adobe
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\PDFC
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\ATI
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\ArcSoft
2014-06-28 14:39 - 2014-06-28 14:39 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\VirtualStore
2014-06-28 14:37 - 2014-06-30 09:35 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345
2014-06-28 14:37 - 2014-06-28 14:37 - 00000020 ___SH () C:\Users\Mr.SmitchFuckof12345\ntuser.ini
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Vorlagen
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Startmenü
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Netzwerkumgebung
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Lokale Einstellungen
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Eigene Dateien
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Druckumgebung
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Documents\Eigene Musik
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Documents\Eigene Bilder
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Verlauf
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Anwendungsdaten
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Anwendungsdaten
2014-06-28 14:37 - 2012-05-28 13:15 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\Documents\Visual Studio 2010
2014-06-28 14:37 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-28 14:37 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-27 13:35 - 2014-07-02 21:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-27 13:32 - 2014-06-27 13:32 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-27 13:32 - 2014-06-27 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-27 13:32 - 2014-06-27 13:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-27 13:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-27 13:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-27 13:32 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-22 16:38 - 2014-06-22 16:38 - 00000000 ____D () C:\Program Files\VirtualDJ
2014-06-22 16:30 - 2014-06-27 12:11 - 00000000 ____D () C:\Program Files (x86)\VirtualDJ
2014-06-22 15:53 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-22 15:53 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-22 15:53 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-22 15:53 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-22 15:53 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-22 15:53 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-22 15:53 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-22 15:53 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-22 15:53 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-22 15:53 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-22 15:53 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-22 15:53 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-22 15:52 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-22 15:52 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-22 15:52 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-22 15:52 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-22 15:52 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-22 15:52 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-22 15:52 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-22 15:52 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-22 15:52 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-22 15:52 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-22 15:52 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-22 15:52 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-22 15:52 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-22 15:52 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-22 15:52 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-22 15:52 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-22 15:52 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-22 15:52 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-22 15:52 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-22 15:52 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-22 15:52 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-22 15:52 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-22 15:52 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-22 15:52 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-22 15:52 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-22 15:52 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-22 15:52 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-22 15:52 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-22 15:52 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-22 15:52 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-22 15:52 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-22 15:52 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-22 15:52 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-22 15:52 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-22 15:52 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-22 15:52 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-22 15:52 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-22 15:52 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-22 15:52 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-22 15:52 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-22 15:52 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-22 15:52 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-22 15:52 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-22 15:52 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-22 15:52 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-22 15:52 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-22 15:52 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-22 15:52 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-22 15:52 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-22 15:52 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-22 15:52 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-22 15:52 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-22 15:50 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-22 15:50 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 13:34 - 2014-06-06 13:34 - 00029220 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-06-05 12:42 - 2014-06-05 12:42 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\DigitalVolcano
2014-06-05 12:41 - 2014-06-05 12:41 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Free
2014-06-04 12:55 - 2014-06-04 12:55 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

==================== One Month Modified Files and Folders =======

2014-07-02 22:01 - 2014-07-02 22:00 - 00024699 _____ () C:\Users\Johan\Desktop\FRST.txt
2014-07-02 22:00 - 2013-06-28 21:40 - 00000000 ____D () C:\FRST
2014-07-02 21:57 - 2011-10-22 19:06 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA.job
2014-07-02 21:57 - 2011-10-22 19:06 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core.job
2014-07-02 21:56 - 2014-07-02 21:56 - 02083840 _____ (Farbar) C:\Users\Johan\Desktop\FRST64.exe
2014-07-02 21:53 - 2012-07-23 07:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-02 21:46 - 2014-07-02 21:46 - 00071420 _____ () C:\Users\Johan\Desktop\Extras.Txt
2014-07-02 21:45 - 2014-07-02 21:45 - 00129950 _____ () C:\Users\Johan\Desktop\OTL.Txt
2014-07-02 21:37 - 2011-02-21 21:36 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Skype
2014-07-02 21:35 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-02 21:35 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-02 21:30 - 2014-06-27 13:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 21:28 - 2011-02-24 21:32 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-02 21:27 - 2013-04-29 20:30 - 00052959 _____ () C:\Windows\setupact.log
2014-07-02 21:27 - 2011-11-07 22:32 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-07-02 21:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-02 17:09 - 2011-02-21 21:24 - 01648841 _____ () C:\Windows\WindowsUpdate.log
2014-07-02 17:01 - 2014-04-25 14:56 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Mp3tag
2014-07-02 16:53 - 2014-07-02 16:53 - 00000945 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-07-02 16:53 - 2014-04-25 14:54 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-07-02 16:53 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-02 16:50 - 2014-07-02 16:50 - 00018976 _____ () C:\Users\Johan\Desktop\dds.txt
2014-07-02 16:50 - 2014-07-02 16:50 - 00005258 _____ () C:\Users\Johan\Desktop\attach.txt
2014-07-02 16:44 - 2014-07-02 16:44 - 00602112 _____ (OldTimer Tools) C:\Users\Johan\Desktop\OTL.exe
2014-07-02 16:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-07-02 16:43 - 2014-07-02 16:43 - 00688992 ____R (Swearware) C:\Users\Johan\Desktop\dds.scr
2014-07-02 16:39 - 2011-02-22 16:16 - 00000000 ____D () C:\Users\Johan\AppData\Local\CrashDumps
2014-07-02 16:38 - 2013-06-19 12:04 - 00004208 _____ () C:\Windows\System32\Tasks\Software Updater
2014-07-02 16:36 - 2014-07-02 16:34 - 02672232 _____ () C:\Users\Johan\Desktop\mp3tagv260setup.exe
2014-07-02 16:23 - 2011-02-24 21:32 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-02 15:29 - 2013-03-30 17:44 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\vlc
2014-07-02 00:16 - 2014-07-02 00:16 - 00001749 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files\iTunes
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files\iPod
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-02 00:12 - 2014-07-02 00:12 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-02 00:12 - 2014-07-02 00:12 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-07-01 13:00 - 2014-07-01 12:57 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\TS3Client
2014-06-30 16:13 - 2014-06-30 16:13 - 00000000 ____D () C:\Users\Johan\Desktop\Daten
2014-06-30 16:12 - 2014-06-30 16:12 - 00000000 ____D () C:\Users\Johan\Documents\Native Instruments
2014-06-30 14:31 - 2014-06-30 14:31 - 00000000 ____D () C:\Users\Johan\AppData\Local\Spotify
2014-06-30 14:31 - 2013-10-03 10:02 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Spotify
2014-06-30 14:30 - 2011-02-21 21:28 - 00000000 ____D () C:\Users\Johan
2014-06-30 09:35 - 2014-06-28 14:37 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345
2014-06-30 09:34 - 2014-06-01 18:33 - 00000000 ___HD () C:\ProgramData\{7707EA53-E29B-48FC-B28B-C8EE171EA0EB}
2014-06-30 09:34 - 2014-06-01 18:30 - 00000000 ___HD () C:\ProgramData\{A2A4D724-2D08-46E4-BAA8-EC9EE875D133}
2014-06-30 09:34 - 2014-06-01 18:29 - 00000000 ___HD () C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2014-06-30 09:34 - 2014-06-01 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-06-30 09:34 - 2014-06-01 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-30 09:34 - 2014-06-01 18:29 - 00000000 ____D () C:\Program Files\Native Instruments
2014-06-30 09:34 - 2014-06-01 18:29 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments
2014-06-30 09:34 - 2014-04-26 02:20 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-30 09:34 - 2014-04-26 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-30 09:34 - 2014-04-25 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-06-30 09:34 - 2014-02-17 12:07 - 00000000 ____D () C:\Users\Johan\Documents\FL Studio Projects
2014-06-30 09:34 - 2014-01-18 02:43 - 00000000 ____D () C:\Games
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\fbwuser\AppData\Local\Torch
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\fbwuser\AppData\Local\Google
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\fbwuser\AppData\Local\Comodo
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator
2014-06-30 09:34 - 2013-12-25 14:19 - 00000000 ____D () C:\Users\Johan\Documents\wiibackupmanager_build78
2014-06-30 09:34 - 2013-12-15 23:05 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-30 09:34 - 2013-11-24 03:36 - 00000000 ____D () C:\Users\Johan\Documents\Image-Line
2014-06-30 09:34 - 2013-11-24 03:36 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-06-30 09:34 - 2013-11-24 03:36 - 00000000 ____D () C:\Program Files\Image-Line
2014-06-30 09:34 - 2013-11-24 03:30 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-06-30 09:34 - 2013-11-24 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LMMS 0.4.15
2014-06-30 09:34 - 2013-11-24 03:16 - 00000000 ____D () C:\Program Files (x86)\LMMS
2014-06-30 09:34 - 2013-11-19 22:38 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-06-30 09:34 - 2013-11-19 22:38 - 00000000 ____D () C:\Users\Johan\AppData\Local\TeamSpeak 3 Client
2014-06-30 09:34 - 2013-09-26 15:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-30 09:34 - 2013-09-09 21:44 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-06-30 09:34 - 2013-04-28 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-30 09:34 - 2013-04-28 21:17 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-06-30 09:34 - 2013-04-15 17:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-30 09:34 - 2013-04-02 23:59 - 00000000 ____D () C:\Program Files (x86)\BP DOWNLOADER
2014-06-30 09:34 - 2013-04-02 17:29 - 00000000 ____D () C:\Program Files (x86)\alaplaya
2014-06-30 09:34 - 2012-12-27 16:02 - 00000000 ____D () C:\Users\Johan\Documents\Runes of Magic Kalydo
2014-06-30 09:34 - 2012-11-19 17:12 - 00000000 ____D () C:\Users\Johan\Documents\Wii
2014-06-30 09:34 - 2012-10-12 14:47 - 00000000 ____D () C:\Users\Johan\.android
2014-06-30 09:34 - 2012-08-30 17:03 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-30 09:34 - 2012-08-30 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-30 09:34 - 2012-05-26 23:28 - 00000000 ____D () C:\Users\Johan\Documents\Visual Studio 2010
2014-06-30 09:34 - 2011-07-15 19:12 - 00000000 ____D () C:\Users\Johan\Documents\Psp
2014-06-30 09:34 - 2011-03-12 17:26 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-30 09:34 - 2011-02-21 23:06 - 00000000 ____D () C:\Download
2014-06-30 09:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-30 09:33 - 2011-04-20 09:27 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Mozilla
2014-06-30 09:33 - 2011-04-17 08:40 - 00000000 ____D () C:\Users\Johan\AppData\Local\Mozilla
2014-06-30 09:33 - 2011-02-21 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya
2014-06-30 09:32 - 2013-06-27 11:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-30 09:32 - 2011-09-08 13:42 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-06-29 02:57 - 2014-02-09 17:55 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-06-29 01:59 - 2014-06-29 01:59 - 00000000 __SHD () C:\Users\Mr.SmitchFuckof12345\AppData\Local\EmieUserList
2014-06-29 01:59 - 2014-06-29 01:59 - 00000000 __SHD () C:\Users\Mr.SmitchFuckof12345\AppData\Local\EmieSiteList
2014-06-29 01:57 - 2014-06-29 01:57 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\CrashDumps
2014-06-29 01:57 - 2014-02-12 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2014-06-29 01:57 - 2011-02-21 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2014-06-29 01:39 - 2014-06-29 01:39 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Win7codecs
2014-06-29 01:39 - 2011-10-06 19:42 - 00000000 ____D () C:\ProgramData\Win7codecs
2014-06-29 01:38 - 2011-10-06 09:39 - 00000000 ____D () C:\ProgramData\Shark007
2014-06-29 01:28 - 2013-05-08 09:39 - 00260206 _____ () C:\Windows\PFRO.log
2014-06-28 19:03 - 2013-04-16 15:27 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-06-28 18:34 - 2011-10-09 13:39 - 00000000 ____D () C:\Users\Johan\AppData\Local\Deployment
2014-06-28 14:46 - 2014-06-28 14:46 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Apple
2014-06-28 14:45 - 2014-06-28 14:45 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Avira
2014-06-28 14:41 - 2014-06-28 14:41 - 00098840 _____ () C:\Users\Mr.SmitchFuckof12345\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-28 14:41 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\ArcSoft
2014-06-28 14:40 - 2014-06-28 14:40 - 00001387 _____ () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\ATI
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Apple Computer
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Adobe
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\PDFC
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\ATI
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\ArcSoft
2014-06-28 14:39 - 2014-06-28 14:39 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\VirtualStore
2014-06-28 14:37 - 2014-06-28 14:37 - 00000020 ___SH () C:\Users\Mr.SmitchFuckof12345\ntuser.ini
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Vorlagen
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Startmenü
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Netzwerkumgebung
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Lokale Einstellungen
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Eigene Dateien
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Druckumgebung
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Documents\Eigene Musik
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Documents\Eigene Bilder
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Verlauf
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Anwendungsdaten
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Anwendungsdaten
2014-06-27 19:07 - 2011-01-11 02:27 - 00699868 _____ () C:\Windows\system32\perfh007.dat
2014-06-27 19:07 - 2011-01-11 02:27 - 00149750 _____ () C:\Windows\system32\perfc007.dat
2014-06-27 19:07 - 2009-07-14 07:13 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-27 13:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2014-06-27 13:32 - 2014-06-27 13:32 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-27 13:32 - 2014-06-27 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-27 13:32 - 2014-06-27 13:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-27 12:25 - 2013-04-29 20:31 - 00098840 _____ () C:\Users\Johan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-27 12:23 - 2013-04-29 20:30 - 00351032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-27 12:23 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-27 12:13 - 2013-07-18 14:19 - 00000000 ____D () C:\Program Files\Vuze
2014-06-27 12:11 - 2014-06-22 16:30 - 00000000 ____D () C:\Program Files (x86)\VirtualDJ
2014-06-27 11:43 - 2013-03-30 19:34 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Malwarebytes
2014-06-27 11:43 - 2013-03-30 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-27 11:43 - 2013-03-30 19:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-25 21:52 - 2011-10-22 19:06 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA
2014-06-25 21:52 - 2011-10-22 19:06 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core
2014-06-25 21:18 - 2011-02-24 21:32 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 21:18 - 2011-02-24 21:32 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-25 12:34 - 2011-02-22 15:54 - 00000000 ____D () C:\Program Files (x86)\Runes of Magic
2014-06-25 11:38 - 2011-04-15 19:28 - 00000000 ____D () C:\Users\Johan\AppData\Local\PMB Files
2014-06-25 11:38 - 2011-04-15 19:28 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-24 13:56 - 2013-03-29 22:39 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-24 01:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-22 22:32 - 2013-08-27 23:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-22 22:29 - 2011-02-22 18:34 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-22 22:28 - 2014-04-30 14:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-22 21:59 - 2013-03-07 21:35 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Azureus
2014-06-22 16:38 - 2014-06-22 16:38 - 00000000 ____D () C:\Program Files\VirtualDJ
2014-06-21 22:28 - 2011-10-13 17:14 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\ArcSoft
2014-06-21 17:05 - 2013-11-24 03:36 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\FlowStone
2014-06-16 00:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-08 11:13 - 2014-06-22 15:50 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-22 15:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 13:34 - 2014-06-06 13:34 - 00029220 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-06-05 12:42 - 2014-06-05 12:42 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\DigitalVolcano
2014-06-05 12:41 - 2014-06-05 12:41 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Free
2014-06-04 13:51 - 2011-09-08 13:41 - 00000000 ____D () C:\ProgramData\Apple
2014-06-04 12:55 - 2014-06-04 12:55 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-06-03 13:42 - 2013-03-29 22:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

Some content of TEMP:
====================
C:\Users\Johan\AppData\Local\Temp\avgnt.exe
C:\Users\Johan\AppData\Local\Temp\bassmod.dll
C:\Users\Johan\AppData\Local\Temp\bitool.dll
C:\Users\Johan\AppData\Local\Temp\dsp_ipp.dll
C:\Users\Johan\AppData\Local\Temp\HssInstaller.exe
C:\Users\Johan\AppData\Local\Temp\hsspk.exe
C:\Users\Johan\AppData\Local\Temp\ildownloader_install.exe
C:\Users\Johan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Johan\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Johan\AppData\Local\Temp\PCSpeedMaximizer.exe
C:\Users\Johan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Johan\AppData\Local\Temp\Tsu8B9F2206.dll
C:\Users\Johan\AppData\Local\Temp\TUUUninstallHelper.exe
C:\Users\Johan\AppData\Local\Temp\uninst1.exe
C:\Users\Johan\AppData\Local\Temp\vlc-2.1.1-win64.exe
C:\Users\Johan\AppData\Local\Temp\vlc-2.1.3-win64.exe
C:\Users\Mr.SmitchFuckof12345\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 00:02

==================== End Of Log ============================
         

Alt 02.07.2014, 22:40   #2
Whais
 
Virus oder Malware - Standard

Virus oder Malware



OTL:
Code:
ATTFilter
OTL logfile created on: 02.07.2014 21:29:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Johan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 48,78% Memory free
5,50 Gb Paging File | 3,88 Gb Available in Paging File | 70,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,71 Gb Total Space | 289,04 Gb Free Space | 63,43% Space Free | Partition Type: NTFS
Drive D: | 9,95 Gb Total Space | 1,01 Gb Free Space | 10,17% Space Free | Partition Type: NTFS
 
Computer Name: JOHAN-HP | User Name: Johan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.07.02 16:44:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johan\Desktop\OTL.exe
PRC - [2014.06.27 12:05:19 | 001,176,632 | ---- | M] (Spotify Ltd) -- C:\Users\Johan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014.06.24 13:56:26 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014.06.24 13:56:15 | 001,028,688 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2014.06.24 13:56:11 | 000,750,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014.06.24 13:56:11 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014.05.12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
PRC - [2014.05.12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
PRC - [2014.05.12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
PRC - [2014.04.17 21:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.06.26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013.06.26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.04.23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009.10.15 01:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2009.04.07 10:54:10 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008.11.20 20:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014.04.23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014.04.23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014.05.30 11:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012.06.26 14:37:34 | 000,281,440 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV:64bit: - [2012.06.18 14:34:30 | 000,379,744 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV:64bit: - [2012.06.05 14:09:14 | 000,199,520 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV:64bit: - [2011.12.16 11:37:38 | 005,827,072 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2010.08.26 03:57:14 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014.06.24 13:56:26 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014.06.24 13:56:15 | 001,028,688 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2014.06.24 13:56:11 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014.05.14 13:53:19 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.05.12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe -- (MBAMService)
SRV - [2014.05.12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014.03.02 14:01:04 | 000,297,984 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe -- (SystemStoreService)
SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.09.11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013.09.11 04:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013.06.26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.12.08 01:25:00 | 004,159,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009.10.15 01:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.07 10:54:10 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014.07.02 21:30:10 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014.06.24 13:56:11 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014.06.03 13:42:39 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014.05.12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014.05.12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.11.19 12:42:57 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.08.13 01:07:58 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013.06.26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013.06.26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013.06.26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013.06.26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.12.04 02:13:00 | 000,095,344 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2012.12.04 02:13:00 | 000,021,872 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2012.07.03 11:16:44 | 000,066,272 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BdSpy.sys -- (BdSpy)
DRV:64bit: - [2012.07.03 11:16:40 | 000,290,376 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.11 18:30:07 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.06.11 18:29:58 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.05.11 16:45:47 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.01.01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010.12.02 10:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.26 05:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.26 03:20:56 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010.07.01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010.04.29 06:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010.04.09 01:12:00 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.03.10 02:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.12.21 20:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.10.23 10:26:14 | 000,046,592 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.10.08 02:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.10.08 02:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.09.19 05:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.10.28 11:27:52 | 000,027,136 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcVad.sys -- (arcvad_ds2dhw)
DRV:64bit: - [2008.05.16 11:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 11:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic)
DRV:64bit: - [2008.05.16 11:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV:64bit: - [2008.05.16 11:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 11:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5)
DRV:64bit: - [2008.05.16 11:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.bing.com/search?q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{12063E56-B000-4E34-AB0F-F240CEFB0419}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{555BB94F-6762-4164-8A24-37F8C0023A6B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{68EC1921-C837-408A-8431-BB316D5AC3EA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.bing.com/search?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{555BB94F-6762-4164-8A24-37F8C0023A6B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{68EC1921-C837-408A-8431-BB316D5AC3EA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQDSK/4
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/CQDSK/4
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQDSK/4
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/CQDSK/4
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2478615884-895137908-1883612811-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-2478615884-895137908-1883612811-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2478615884-895137908-1883612811-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2478615884-895137908-1883612811-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 DD 82 C4 DC 3F CC 01  [binary data]
IE - HKU\S-1-5-21-2478615884-895137908-1883612811-1001\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-2478615884-895137908-1883612811-1001\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPD36B0EF8-3392-4E33-9A47-071FD043B17D&q={searchTerms}&SSPV=
IE - HKU\S-1-5-21-2478615884-895137908-1883612811-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=78DC643150317328&affID=119357&tt=160913_m2&tsp=5013
IE - HKU\S-1-5-21-2478615884-895137908-1883612811-1001\..\SearchScopes\{12063E56-B000-4E34-AB0F-F240CEFB0419}: "URL" = hxxp://www.bing.com/search?FORM=UP74DF&PC=UP74&dt=040813&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2478615884-895137908-1883612811-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE475
IE - HKU\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPD36B0EF8-3392-4E33-9A47-071FD043B17D&SSPV="
FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@kuaiyong.yrtd.com,version=1.0.1.1:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@pmang.com/npPMangFX: C:\Windows\system32\npPMangFX.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Johan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Johan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.07.31 23:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\extensions
[2011.04.20 09:27:30 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2012.07.31 23:18:14 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2013.09.25 13:14:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.06.23 12:00:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2012.09.16 21:44:49 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
[2013.04.21 22:16:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\Profiles\extensions\searchplugins
[2012.09.16 22:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\staged
[2013.06.28 13:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\Profiles\toolbar@ask.com\extensions
[2014.06.30 09:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\Profiles\wjarvfn1.default\extensions
[2014.06.30 09:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johan\AppData\Roaming\mozilla\Firefox\Profiles\wjarvfn1.default\extensions\staged
[2013.04.15 17:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\JOHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WJARVFN1.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Johan\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Johan\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Johan\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Kalydo Player Plugin for Mozilla (Enabled) = C:\Users\Johan\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: YouTube = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcbnelmanpcpbbhocfmhagblobmpacl\1.1\
CHR - Extension: SmallringFX DarkBlue Theme = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfijmgohofmpjlcgmjplbpmkpchdhpk\1.7_0\
CHR - Extension: Google Wallet = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: YouTube Unblocker = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.5.6_0\
CHR - Extension: Google Mail = C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.06.30 19:19:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKU\S-1-5-21-2478615884-895137908-1883612811-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2478615884-895137908-1883612811-1001..\Run: [Akamai NetSession Interface] C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2478615884-895137908-1883612811-1001..\Run: [Spotify] C:\Users\Johan\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2478615884-895137908-1883612811-1001..\Run: [Spotify Web Helper] C:\Users\Johan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2478615884-895137908-1883612811-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2478615884-895137908-1883612811-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2478615884-895137908-1883612811-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2478615884-895137908-1883612811-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab (DownStarter2 Control)
O16 - DPF: {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} hxxp://dl.pmang.com/common/pmangctl/pmangax.cab (Session2 Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24D00668-9EE8-4DA2-B8D4-78F9E326BAE3}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.07.02 16:44:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johan\Desktop\OTL.exe
[2014.07.02 16:43:08 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Johan\Desktop\dds.scr
[2014.07.02 00:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014.07.02 00:16:48 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2014.07.02 00:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014.07.02 00:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014.07.02 00:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014.07.02 00:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014.07.02 00:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014.07.02 00:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014.07.01 12:57:37 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\TS3Client
[2014.06.30 16:13:24 | 000,000,000 | ---D | C] -- C:\Users\Johan\Desktop\Daten
[2014.06.30 16:12:02 | 000,000,000 | ---D | C] -- C:\Users\Johan\Documents\Native Instruments
[2014.06.30 14:31:05 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Local\Spotify
[2014.06.29 01:39:31 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\Win7codecs
[2014.06.27 13:35:39 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.06.27 13:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2014.06.27 13:32:17 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.06.27 13:32:17 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.06.27 13:32:17 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.06.27 13:32:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2014.06.22 16:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2014.06.22 16:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2014.06.22 15:53:48 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014.06.22 15:53:37 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014.06.22 15:53:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014.06.22 15:53:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014.06.22 15:53:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014.06.22 15:53:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014.06.22 15:52:57 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.06.22 15:52:57 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.06.22 15:52:57 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.06.22 15:52:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.06.22 15:52:56 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.06.22 15:52:55 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.06.22 15:52:53 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.06.22 15:52:53 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.06.22 15:52:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.06.22 15:52:51 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.06.22 15:52:51 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.06.22 15:52:51 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.06.22 15:52:51 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.06.22 15:52:51 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.06.22 15:52:50 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.06.22 15:52:50 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.06.22 15:52:49 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.06.22 15:52:49 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.06.22 15:52:49 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.06.22 15:52:48 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.06.22 15:52:48 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.06.22 15:52:48 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.06.22 15:52:47 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.06.22 15:52:47 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.06.22 15:52:46 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.06.22 15:52:46 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.06.22 15:52:46 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.06.22 15:52:46 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.06.22 15:52:46 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.06.22 15:52:45 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.06.22 15:52:45 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.06.22 15:52:44 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.06.22 15:52:44 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.06.22 15:50:42 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.06.22 15:50:41 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.06.05 12:42:45 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\DigitalVolcano
[2014.06.05 12:41:15 | 000,000,000 | ---D | C] -- C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Free
[2014.06.04 12:55:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014.06.04 12:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014.06.04 12:54:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
 
========== Files - Modified Within 30 Days ==========
 
[2014.07.02 21:35:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.07.02 21:35:39 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.07.02 21:30:10 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.07.02 21:28:52 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.07.02 21:27:19 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014.07.02 21:27:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.07.02 21:27:05 | 2214,027,264 | -HS- | M] () -- C:\hiberfil.sys
[2014.07.02 16:57:33 | 006,507,371 | ---- | M] () -- C:\Users\Johan\Desktop\Bonobo - Duals.mp3
[2014.07.02 16:57:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA.job
[2014.07.02 16:53:18 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2014.07.02 16:53:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.07.02 16:44:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johan\Desktop\OTL.exe
[2014.07.02 16:43:34 | 012,801,592 | ---- | M] () -- C:\Users\Johan\Desktop\Les LeBas (Bonobo Remix).mp3
[2014.07.02 16:43:21 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Johan\Desktop\dds.scr
[2014.07.02 16:39:17 | 000,645,078 | ---- | M] () -- C:\Users\Johan\Desktop\147930.jpg
[2014.07.02 16:36:19 | 002,672,232 | ---- | M] () -- C:\Users\Johan\Desktop\mp3tagv260setup.exe
[2014.07.02 16:23:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.07.02 00:16:55 | 000,001,749 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014.07.02 00:00:10 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core.job
[2014.07.01 18:07:49 | 008,263,262 | ---- | M] () -- C:\Users\Johan\Desktop\Da Tweekaz - Drum Tool.mp3
[2014.07.01 12:57:28 | 015,681,165 | ---- | M] () -- C:\Users\Johan\Desktop\Coldplay - A Sky Full Of Stars (The Unofficial Remix by Max Enforcer).mp3
[2014.06.27 19:07:39 | 001,622,164 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.06.27 19:07:39 | 000,699,868 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.06.27 19:07:39 | 000,654,706 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.06.27 19:07:39 | 000,149,750 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.06.27 19:07:39 | 000,122,320 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.06.27 13:32:21 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.06.27 12:23:23 | 000,351,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.06.24 13:56:11 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014.06.08 11:13:05 | 000,506,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.06.08 11:08:04 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.06.06 13:34:20 | 000,029,220 | ---- | M] () -- C:\Windows\SysWow64\collectionCache.bnk
[2014.06.03 13:42:39 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
 
========== Files Created - No Company Name ==========
 
[2014.07.02 16:53:18 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2014.07.02 16:43:21 | 012,801,592 | ---- | C] () -- C:\Users\Johan\Desktop\Les LeBas (Bonobo Remix).mp3
[2014.07.02 16:39:16 | 000,645,078 | ---- | C] () -- C:\Users\Johan\Desktop\147930.jpg
[2014.07.02 16:38:08 | 006,507,371 | ---- | C] () -- C:\Users\Johan\Desktop\Bonobo - Duals.mp3
[2014.07.02 16:34:50 | 002,672,232 | ---- | C] () -- C:\Users\Johan\Desktop\mp3tagv260setup.exe
[2014.07.02 00:16:55 | 000,001,749 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014.07.01 18:07:33 | 008,263,262 | ---- | C] () -- C:\Users\Johan\Desktop\Da Tweekaz - Drum Tool.mp3
[2014.07.01 12:57:08 | 015,681,165 | ---- | C] () -- C:\Users\Johan\Desktop\Coldplay - A Sky Full Of Stars (The Unofficial Remix by Max Enforcer).mp3
[2014.06.27 13:32:21 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.06.06 13:34:20 | 000,029,220 | ---- | C] () -- C:\Windows\SysWow64\collectionCache.bnk
[2014.06.04 12:55:36 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.12.14 16:41:03 | 000,000,702 | ---- | C] () -- C:\Users\Johan\Bibliotheken - Verknüpfung.lnk
[2013.11.28 22:16:43 | 000,001,464 | ---- | C] () -- C:\Users\Johan\AppData\Local\RecConfig.xml
[2013.11.26 21:33:10 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013.11.26 21:33:09 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.09.22 12:36:51 | 000,289,632 | ---- | C] ( ) -- C:\Windows\SysWow64\npPMangFX.dll
[2013.06.30 18:58:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.30 18:58:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.30 18:58:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.30 18:58:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.30 18:58:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.30 18:53:31 | 000,696,942 | ---- | C] () -- C:\Users\Johan\AppData\Roaming\c.png
[2013.03.30 18:38:59 | 000,000,032 | ---- | C] () -- C:\Users\Johan\AppData\Roaming\temp
[2013.03.30 18:19:18 | 001,508,372 | ---- | C] () -- C:\Users\Johan\AppData\Roaming\ss.png
[2012.12.27 16:08:38 | 000,000,857 | ---- | C] () -- C:\Windows\client.config.ini
[2012.10.26 11:26:28 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.09.18 22:19:51 | 003,440,641 | ---- | C] () -- C:\Windows\SysWow64\drivers\mconfig.sys
[2011.10.11 14:55:33 | 000,020,992 | ---- | C] () -- C:\Users\Johan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.28 19:50:53 | 000,000,275 | ---- | C] () -- C:\Users\Johan\AppData\Local\HamsterVideoConverterSettings.cfg
[2011.06.24 18:50:55 | 000,001,334 | ---- | C] () -- C:\Users\Johan\IDCAS.ini
[2011.05.29 21:15:02 | 000,459,184 | ---- | C] () -- C:\Users\Johan\AppData\Local\Tempsuck3.png
[2011.05.26 21:49:33 | 000,633,247 | ---- | C] () -- C:\Users\Johan\AppData\Local\TempTheGUI.png
[2011.05.06 16:51:53 | 000,000,000 | ---- | C] () -- C:\Users\Johan\AppData\Local\{1FA67548-52CF-492D-8144-52D778348673}
[2011.03.30 13:37:57 | 000,032,594 | ---- | C] () -- C:\Users\Johan\AppData\Local\Tempsplash.jpg
[2011.02.21 05:20:16 | 000,018,926 | ---- | C] () -- C:\Users\Johan\AppData\Local\Temps4l.jpg
[2011.02.09 19:07:42 | 000,135,386 | ---- | C] () -- C:\Users\Johan\AppData\Local\TempCyberLinK BG1.jpg
[2011.02.03 19:48:32 | 000,047,157 | ---- | C] () -- C:\Users\Johan\AppData\Local\TempDrawWithMe_by_altiz_studio.jpg
[2011.02.02 20:56:58 | 000,005,756 | ---- | C] () -- C:\Users\Johan\AppData\Local\Tempangryfumbi.jpg
 
========== ZeroAccess Check ==========
 
[2013.05.07 20:56:57 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2013.11.15 23:02:31 | 104,496,569 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㬺歜ᵌ˜
[2013.11.15 11:02:52 | 104,496,569 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㬺歜ᵌ˜
[2013.11.11 17:48:26 | 103,716,811 | ---- | M] ()(C:\Windows\SysWow64\???U) -- C:\Windows\SysWow64\酰쟡ᵌU
[2013.11.11 17:48:26 | 103,716,811 | ---- | C] ()(C:\Windows\SysWow64\???U) -- C:\Windows\SysWow64\酰쟡ᵌU
[2013.10.31 19:30:28 | 104,433,978 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\旁ᵌ•
[2013.10.31 19:30:28 | 104,433,978 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\旁ᵌ•
[2013.10.17 22:09:51 | 101,604,844 | ---- | M] ()(C:\Windows\SysWow64\???«) -- C:\Windows\SysWow64\狘ᵌ«
[2013.10.17 22:09:51 | 101,604,844 | ---- | C] ()(C:\Windows\SysWow64\???«) -- C:\Windows\SysWow64\狘ᵌ«
[2013.10.09 19:36:27 | 100,163,860 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\阾ࡻᵌ
[2013.10.09 19:36:27 | 100,163,860 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\阾ࡻᵌ
[2013.10.07 23:32:32 | 099,820,400 | ---- | M] ()(C:\Windows\SysWow64\???¸) -- C:\Windows\SysWow64\⅖དᵌ¸
[2013.10.07 11:39:35 | 099,820,400 | ---- | C] ()(C:\Windows\SysWow64\???¸) -- C:\Windows\SysWow64\⅖དᵌ¸
[2013.10.05 02:49:37 | 099,319,274 | ---- | M] ()(C:\Windows\SysWow64\???G) -- C:\Windows\SysWow64\ꗭᒁᵌG
[2013.10.04 20:49:45 | 099,319,274 | ---- | C] ()(C:\Windows\SysWow64\???G) -- C:\Windows\SysWow64\ꗭᒁᵌG
[2013.09.25 17:09:00 | 097,729,025 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\뫺껛ᵌ™
[2013.09.25 17:09:00 | 097,729,025 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\뫺껛ᵌ™
[2013.09.24 19:33:38 | 097,540,783 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\⣋쬸ᵌš
[2013.09.24 19:33:38 | 097,540,783 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\⣋쬸ᵌš
[2013.09.16 22:33:33 | 097,845,400 | ---- | M] ()(C:\Windows\SysWow64\???O) -- C:\Windows\SysWow64\㤣讫ᵌO
[2013.09.16 16:33:47 | 097,845,400 | ---- | C] ()(C:\Windows\SysWow64\???O) -- C:\Windows\SysWow64\㤣讫ᵌO
[2013.09.15 19:19:24 | 097,671,483 | ---- | M] ()(C:\Windows\SysWow64\???') -- C:\Windows\SysWow64\╇䬦ᵌ'
[2013.09.15 19:19:24 | 097,671,483 | ---- | C] ()(C:\Windows\SysWow64\???') -- C:\Windows\SysWow64\╇䬦ᵌ'
[2013.09.11 19:30:27 | 097,170,353 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\뙲໩ᵌ˜
[2013.09.11 19:30:27 | 097,170,353 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\뙲໩ᵌ˜
[2013.09.10 20:10:52 | 096,985,259 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\⛯鎔ᵌ
[2013.09.10 20:10:52 | 096,985,259 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\⛯鎔ᵌ
[2013.09.05 18:13:28 | 096,141,916 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\솑䣧ᵌ—
[2013.09.05 18:13:28 | 096,141,916 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\솑䣧ᵌ—
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:AD022376

< End of report >
         
__________________


Alt 02.07.2014, 22:41   #3
Whais
 
Virus oder Malware - Standard

Virus oder Malware



Extras:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by Johan (administrator) on JOHAN-HP on 02-07-2014 22:00:41
Running from C:\Users\Johan\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Akamai Technologies, Inc.) C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\Johan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Akamai Technologies, Inc.) C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(OldTimer Tools) C:\Users\Johan\Desktop\OTL.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-15] (PDF Complete Inc)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-09] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Run: [Google Update] => C:\Users\Johan\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-22] (Google Inc.)
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Run: [Spotify] => C:\Users\Johan\AppData\Roaming\Spotify\Spotify.exe [6189624 2014-06-27] (Spotify Ltd)
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Run: [Spotify Web Helper] => C:\Users\Johan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-27] (Spotify Ltd)
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Policies\system: [DisableChangePassword] 0
Startup: C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x41DD82C4DC3FCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {12063E56-B000-4E34-AB0F-F240CEFB0419} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {68EC1921-C837-408A-8431-BB316D5AC3EA} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {68EC1921-C837-408A-8431-BB316D5AC3EA} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPD36B0EF8-3392-4E33-9A47-071FD043B17D&q={searchTerms}&SSPV=
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPD36B0EF8-3392-4E33-9A47-071FD043B17D&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=78DC643150317328&affID=119357&tt=160913_m2&tsp=5013
SearchScopes: HKCU - {544493B5-8D06-4B85-80FD-44586D80FB6F} URL = 
SearchScopes: HKCU - {555BB94F-6762-4164-8A24-37F8C0023A6B} URL = 
SearchScopes: HKCU - {68EC1921-C837-408A-8431-BB316D5AC3EA} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {8768D5EA-5412-4810-A032-09AD2A726C69} hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab
DPF: HKLM-x32 {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} hxxp://dl.pmang.com/common/pmangctl/pmangax.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\wjarvfn1.default
FF Homepage: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPD36B0EF8-3392-4E33-9A47-071FD043B17D&SSPV=
FF SelectedSearchEngine: Conduit Search
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @pmang.com/npPMangFX - C:\Windows\system32\npPMangFX.dll No File
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Johan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Johan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\wjarvfn1.default\Extensions\staged [2014-01-17]
FF Extension: No Name - C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\wjarvfn1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi []

Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\Johan\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Johan\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Johan\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Kalydo Player Plugin for Mozilla) - C:\Users\Johan\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (YouTube) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Google-Suche) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (YTBoiokMark) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcbnelmanpcpbbhocfmhagblobmpacl [2014-01-17]
CHR Extension: (SmallringFX DarkBlue Theme) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfijmgohofmpjlcgmjplbpmkpchdhpk [2014-01-12]
CHR Extension: (Google Wallet) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (YouTube Unblocker) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2013-11-28]
CHR Extension: (Google Mail) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR Extension: (Extutil) - C:\Users\Johan\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-02-12]
CHR Extension: (Managera) - C:\Users\Johan\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-02-12]
CHR Extension: (YTBoiokMark) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcbnelmanpcpbbhocfmhagblobmpacl\1.1 [2014-01-17]
CHR HKCU\...\Chrome\Extension: [bjninacglmmmbabmlkaegnanopeoiong] - C:\Users\Johan\AppData\Local\CRE\bjninacglmmmbabmlkaegnanopeoiong.crx [2013-08-28]
CHR HKCU\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\Johan\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2013-08-28]
CHR HKCU\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Johan\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Johan\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.24.0.crx [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [bjninacglmmmbabmlkaegnanopeoiong] - C:\Users\Johan\AppData\Local\CRE\bjninacglmmmbabmlkaegnanopeoiong.crx [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\Johan\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [mdomagjabmmppgcpbmkjojjkhonolopp] - C:\ProgramData\Download and Sa\mdomagjabmmppgcpbmkjojjkhonolopp.crx [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Johan\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [2013-08-28]
CHR StartMenuInternet: Google Chrome - C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-04-07] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [281440 2012-06-26] (BullGuard Ltd.)
S2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [199520 2012-06-05] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [379744 2012-06-18] (BullGuard Ltd.)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5827072 2011-12-16] (Native Instruments GmbH) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4159984 2010-12-08] (INCA Internet Co., Ltd.) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-15] (PDF Complete Inc)
S2 SystemStoreService; C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [297984 2014-03-02] () [File not signed]

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 arcvad_ds2dhw; C:\Windows\System32\drivers\ArcVad.sys [27136 2008-10-28] (ArcSoft, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2011-06-11] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [66272 2012-07-03] (BullGuard Ltd.)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-08-13] (AnchorFree Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2011-06-11] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-05-11] (Duplex Secure Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [290376 2012-07-03] (BitDefender S.R.L.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 dump_wmimmc; \??\C:\Neowiz\Pmang\S4League\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-02 22:00 - 2014-07-02 22:00 - 00024699 _____ () C:\Users\Johan\Desktop\FRST.txt
2014-07-02 21:56 - 2014-07-02 21:56 - 02083840 _____ (Farbar) C:\Users\Johan\Desktop\FRST64.exe
2014-07-02 21:46 - 2014-07-02 21:46 - 00071420 _____ () C:\Users\Johan\Desktop\Extras.Txt
2014-07-02 21:45 - 2014-07-02 21:45 - 00129950 _____ () C:\Users\Johan\Desktop\OTL.Txt
2014-07-02 16:53 - 2014-07-02 16:53 - 00000945 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-07-02 16:50 - 2014-07-02 16:50 - 00018976 _____ () C:\Users\Johan\Desktop\dds.txt
2014-07-02 16:50 - 2014-07-02 16:50 - 00005258 _____ () C:\Users\Johan\Desktop\attach.txt
2014-07-02 16:44 - 2014-07-02 16:44 - 00602112 _____ (OldTimer Tools) C:\Users\Johan\Desktop\OTL.exe
2014-07-02 16:43 - 2014-07-02 16:43 - 00688992 ____R (Swearware) C:\Users\Johan\Desktop\dds.scr
2014-07-02 16:34 - 2014-07-02 16:36 - 02672232 _____ () C:\Users\Johan\Desktop\mp3tagv260setup.exe
2014-07-02 00:16 - 2014-07-02 00:16 - 00001749 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files\iTunes
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files\iPod
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-02 00:16 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-07-02 00:12 - 2014-07-02 00:12 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-02 00:12 - 2014-07-02 00:12 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-07-01 12:57 - 2014-07-01 13:00 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\TS3Client
2014-06-30 16:13 - 2014-06-30 16:13 - 00000000 ____D () C:\Users\Johan\Desktop\Daten
2014-06-30 16:12 - 2014-06-30 16:12 - 00000000 ____D () C:\Users\Johan\Documents\Native Instruments
2014-06-30 14:31 - 2014-06-30 14:31 - 00000000 ____D () C:\Users\Johan\AppData\Local\Spotify
2014-06-29 01:59 - 2014-06-29 01:59 - 00000000 __SHD () C:\Users\Mr.SmitchFuckof12345\AppData\Local\EmieUserList
2014-06-29 01:59 - 2014-06-29 01:59 - 00000000 __SHD () C:\Users\Mr.SmitchFuckof12345\AppData\Local\EmieSiteList
2014-06-29 01:57 - 2014-06-29 01:57 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\CrashDumps
2014-06-29 01:39 - 2014-06-29 01:39 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Win7codecs
2014-06-28 14:46 - 2014-06-28 14:46 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Apple
2014-06-28 14:45 - 2014-06-28 14:45 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Avira
2014-06-28 14:41 - 2014-06-28 14:41 - 00098840 _____ () C:\Users\Mr.SmitchFuckof12345\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-28 14:40 - 2014-06-28 14:41 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\ArcSoft
2014-06-28 14:40 - 2014-06-28 14:40 - 00001387 _____ () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\ATI
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Apple Computer
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Adobe
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\PDFC
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\ATI
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\ArcSoft
2014-06-28 14:39 - 2014-06-28 14:39 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\VirtualStore
2014-06-28 14:37 - 2014-06-30 09:35 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345
2014-06-28 14:37 - 2014-06-28 14:37 - 00000020 ___SH () C:\Users\Mr.SmitchFuckof12345\ntuser.ini
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Vorlagen
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Startmenü
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Netzwerkumgebung
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Lokale Einstellungen
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Eigene Dateien
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Druckumgebung
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Documents\Eigene Musik
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Documents\Eigene Bilder
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Verlauf
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Anwendungsdaten
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Anwendungsdaten
2014-06-28 14:37 - 2012-05-28 13:15 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\Documents\Visual Studio 2010
2014-06-28 14:37 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-28 14:37 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-27 13:35 - 2014-07-02 21:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-27 13:32 - 2014-06-27 13:32 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-27 13:32 - 2014-06-27 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-27 13:32 - 2014-06-27 13:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-27 13:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-27 13:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-27 13:32 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-22 16:38 - 2014-06-22 16:38 - 00000000 ____D () C:\Program Files\VirtualDJ
2014-06-22 16:30 - 2014-06-27 12:11 - 00000000 ____D () C:\Program Files (x86)\VirtualDJ
2014-06-22 15:53 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-22 15:53 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-22 15:53 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-22 15:53 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-22 15:53 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-22 15:53 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-22 15:53 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-22 15:53 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-22 15:53 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-22 15:53 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-22 15:53 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-22 15:53 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-22 15:52 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-22 15:52 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-22 15:52 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-22 15:52 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-22 15:52 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-22 15:52 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-22 15:52 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-22 15:52 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-22 15:52 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-22 15:52 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-22 15:52 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-22 15:52 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-22 15:52 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-22 15:52 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-22 15:52 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-22 15:52 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-22 15:52 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-22 15:52 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-22 15:52 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-22 15:52 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-22 15:52 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-22 15:52 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-22 15:52 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-22 15:52 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-22 15:52 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-22 15:52 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-22 15:52 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-22 15:52 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-22 15:52 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-22 15:52 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-22 15:52 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-22 15:52 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-22 15:52 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-22 15:52 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-22 15:52 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-22 15:52 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-22 15:52 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-22 15:52 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-22 15:52 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-22 15:52 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-22 15:52 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-22 15:52 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-22 15:52 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-22 15:52 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-22 15:52 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-22 15:52 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-22 15:52 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-22 15:52 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-22 15:52 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-22 15:52 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-22 15:52 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-22 15:52 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-22 15:50 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-22 15:50 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 13:34 - 2014-06-06 13:34 - 00029220 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-06-05 12:42 - 2014-06-05 12:42 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\DigitalVolcano
2014-06-05 12:41 - 2014-06-05 12:41 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Free
2014-06-04 12:55 - 2014-06-04 12:55 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

==================== One Month Modified Files and Folders =======

2014-07-02 22:01 - 2014-07-02 22:00 - 00024699 _____ () C:\Users\Johan\Desktop\FRST.txt
2014-07-02 22:00 - 2013-06-28 21:40 - 00000000 ____D () C:\FRST
2014-07-02 21:57 - 2011-10-22 19:06 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA.job
2014-07-02 21:57 - 2011-10-22 19:06 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core.job
2014-07-02 21:56 - 2014-07-02 21:56 - 02083840 _____ (Farbar) C:\Users\Johan\Desktop\FRST64.exe
2014-07-02 21:53 - 2012-07-23 07:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-02 21:46 - 2014-07-02 21:46 - 00071420 _____ () C:\Users\Johan\Desktop\Extras.Txt
2014-07-02 21:45 - 2014-07-02 21:45 - 00129950 _____ () C:\Users\Johan\Desktop\OTL.Txt
2014-07-02 21:37 - 2011-02-21 21:36 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Skype
2014-07-02 21:35 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-02 21:35 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-02 21:30 - 2014-06-27 13:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 21:28 - 2011-02-24 21:32 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-02 21:27 - 2013-04-29 20:30 - 00052959 _____ () C:\Windows\setupact.log
2014-07-02 21:27 - 2011-11-07 22:32 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-07-02 21:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-02 17:09 - 2011-02-21 21:24 - 01648841 _____ () C:\Windows\WindowsUpdate.log
2014-07-02 17:01 - 2014-04-25 14:56 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Mp3tag
2014-07-02 16:53 - 2014-07-02 16:53 - 00000945 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-07-02 16:53 - 2014-04-25 14:54 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-07-02 16:53 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-02 16:50 - 2014-07-02 16:50 - 00018976 _____ () C:\Users\Johan\Desktop\dds.txt
2014-07-02 16:50 - 2014-07-02 16:50 - 00005258 _____ () C:\Users\Johan\Desktop\attach.txt
2014-07-02 16:44 - 2014-07-02 16:44 - 00602112 _____ (OldTimer Tools) C:\Users\Johan\Desktop\OTL.exe
2014-07-02 16:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-07-02 16:43 - 2014-07-02 16:43 - 00688992 ____R (Swearware) C:\Users\Johan\Desktop\dds.scr
2014-07-02 16:39 - 2011-02-22 16:16 - 00000000 ____D () C:\Users\Johan\AppData\Local\CrashDumps
2014-07-02 16:38 - 2013-06-19 12:04 - 00004208 _____ () C:\Windows\System32\Tasks\Software Updater
2014-07-02 16:36 - 2014-07-02 16:34 - 02672232 _____ () C:\Users\Johan\Desktop\mp3tagv260setup.exe
2014-07-02 16:23 - 2011-02-24 21:32 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-02 15:29 - 2013-03-30 17:44 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\vlc
2014-07-02 00:16 - 2014-07-02 00:16 - 00001749 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files\iTunes
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files\iPod
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-02 00:12 - 2014-07-02 00:12 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-02 00:12 - 2014-07-02 00:12 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-07-01 13:00 - 2014-07-01 12:57 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\TS3Client
2014-06-30 16:13 - 2014-06-30 16:13 - 00000000 ____D () C:\Users\Johan\Desktop\Daten
2014-06-30 16:12 - 2014-06-30 16:12 - 00000000 ____D () C:\Users\Johan\Documents\Native Instruments
2014-06-30 14:31 - 2014-06-30 14:31 - 00000000 ____D () C:\Users\Johan\AppData\Local\Spotify
2014-06-30 14:31 - 2013-10-03 10:02 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Spotify
2014-06-30 14:30 - 2011-02-21 21:28 - 00000000 ____D () C:\Users\Johan
2014-06-30 09:35 - 2014-06-28 14:37 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345
2014-06-30 09:34 - 2014-06-01 18:33 - 00000000 ___HD () C:\ProgramData\{7707EA53-E29B-48FC-B28B-C8EE171EA0EB}
2014-06-30 09:34 - 2014-06-01 18:30 - 00000000 ___HD () C:\ProgramData\{A2A4D724-2D08-46E4-BAA8-EC9EE875D133}
2014-06-30 09:34 - 2014-06-01 18:29 - 00000000 ___HD () C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
2014-06-30 09:34 - 2014-06-01 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-06-30 09:34 - 2014-06-01 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-30 09:34 - 2014-06-01 18:29 - 00000000 ____D () C:\Program Files\Native Instruments
2014-06-30 09:34 - 2014-06-01 18:29 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments
2014-06-30 09:34 - 2014-04-26 02:20 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-30 09:34 - 2014-04-26 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-30 09:34 - 2014-04-25 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-06-30 09:34 - 2014-02-17 12:07 - 00000000 ____D () C:\Users\Johan\Documents\FL Studio Projects
2014-06-30 09:34 - 2014-01-18 02:43 - 00000000 ____D () C:\Games
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\fbwuser\AppData\Local\Torch
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\fbwuser\AppData\Local\Google
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\fbwuser\AppData\Local\Comodo
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator
2014-06-30 09:34 - 2013-12-25 14:19 - 00000000 ____D () C:\Users\Johan\Documents\wiibackupmanager_build78
2014-06-30 09:34 - 2013-12-15 23:05 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-30 09:34 - 2013-11-24 03:36 - 00000000 ____D () C:\Users\Johan\Documents\Image-Line
2014-06-30 09:34 - 2013-11-24 03:36 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-06-30 09:34 - 2013-11-24 03:36 - 00000000 ____D () C:\Program Files\Image-Line
2014-06-30 09:34 - 2013-11-24 03:30 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-06-30 09:34 - 2013-11-24 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LMMS 0.4.15
2014-06-30 09:34 - 2013-11-24 03:16 - 00000000 ____D () C:\Program Files (x86)\LMMS
2014-06-30 09:34 - 2013-11-19 22:38 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-06-30 09:34 - 2013-11-19 22:38 - 00000000 ____D () C:\Users\Johan\AppData\Local\TeamSpeak 3 Client
2014-06-30 09:34 - 2013-09-26 15:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-30 09:34 - 2013-09-09 21:44 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-06-30 09:34 - 2013-04-28 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-30 09:34 - 2013-04-28 21:17 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-06-30 09:34 - 2013-04-15 17:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-30 09:34 - 2013-04-02 23:59 - 00000000 ____D () C:\Program Files (x86)\BP DOWNLOADER
2014-06-30 09:34 - 2013-04-02 17:29 - 00000000 ____D () C:\Program Files (x86)\alaplaya
2014-06-30 09:34 - 2012-12-27 16:02 - 00000000 ____D () C:\Users\Johan\Documents\Runes of Magic Kalydo
2014-06-30 09:34 - 2012-11-19 17:12 - 00000000 ____D () C:\Users\Johan\Documents\Wii
2014-06-30 09:34 - 2012-10-12 14:47 - 00000000 ____D () C:\Users\Johan\.android
2014-06-30 09:34 - 2012-08-30 17:03 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-30 09:34 - 2012-08-30 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-30 09:34 - 2012-05-26 23:28 - 00000000 ____D () C:\Users\Johan\Documents\Visual Studio 2010
2014-06-30 09:34 - 2011-07-15 19:12 - 00000000 ____D () C:\Users\Johan\Documents\Psp
2014-06-30 09:34 - 2011-03-12 17:26 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-30 09:34 - 2011-02-21 23:06 - 00000000 ____D () C:\Download
2014-06-30 09:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-30 09:33 - 2011-04-20 09:27 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Mozilla
2014-06-30 09:33 - 2011-04-17 08:40 - 00000000 ____D () C:\Users\Johan\AppData\Local\Mozilla
2014-06-30 09:33 - 2011-02-21 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya
2014-06-30 09:32 - 2013-06-27 11:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-30 09:32 - 2011-09-08 13:42 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-06-29 02:57 - 2014-02-09 17:55 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-06-29 01:59 - 2014-06-29 01:59 - 00000000 __SHD () C:\Users\Mr.SmitchFuckof12345\AppData\Local\EmieUserList
2014-06-29 01:59 - 2014-06-29 01:59 - 00000000 __SHD () C:\Users\Mr.SmitchFuckof12345\AppData\Local\EmieSiteList
2014-06-29 01:57 - 2014-06-29 01:57 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\CrashDumps
2014-06-29 01:57 - 2014-02-12 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2014-06-29 01:57 - 2011-02-21 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2014-06-29 01:39 - 2014-06-29 01:39 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Win7codecs
2014-06-29 01:39 - 2011-10-06 19:42 - 00000000 ____D () C:\ProgramData\Win7codecs
2014-06-29 01:38 - 2011-10-06 09:39 - 00000000 ____D () C:\ProgramData\Shark007
2014-06-29 01:28 - 2013-05-08 09:39 - 00260206 _____ () C:\Windows\PFRO.log
2014-06-28 19:03 - 2013-04-16 15:27 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-06-28 18:34 - 2011-10-09 13:39 - 00000000 ____D () C:\Users\Johan\AppData\Local\Deployment
2014-06-28 14:46 - 2014-06-28 14:46 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Apple
2014-06-28 14:45 - 2014-06-28 14:45 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Avira
2014-06-28 14:41 - 2014-06-28 14:41 - 00098840 _____ () C:\Users\Mr.SmitchFuckof12345\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-28 14:41 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\ArcSoft
2014-06-28 14:40 - 2014-06-28 14:40 - 00001387 _____ () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\ATI
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Apple Computer
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Adobe
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\PDFC
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\ATI
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\ArcSoft
2014-06-28 14:39 - 2014-06-28 14:39 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\VirtualStore
2014-06-28 14:37 - 2014-06-28 14:37 - 00000020 ___SH () C:\Users\Mr.SmitchFuckof12345\ntuser.ini
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Vorlagen
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Startmenü
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Netzwerkumgebung
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Lokale Einstellungen
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Eigene Dateien
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Druckumgebung
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Documents\Eigene Musik
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Documents\Eigene Bilder
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Verlauf
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Anwendungsdaten
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Anwendungsdaten
2014-06-27 19:07 - 2011-01-11 02:27 - 00699868 _____ () C:\Windows\system32\perfh007.dat
2014-06-27 19:07 - 2011-01-11 02:27 - 00149750 _____ () C:\Windows\system32\perfc007.dat
2014-06-27 19:07 - 2009-07-14 07:13 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-27 13:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2014-06-27 13:32 - 2014-06-27 13:32 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-27 13:32 - 2014-06-27 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-27 13:32 - 2014-06-27 13:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-27 12:25 - 2013-04-29 20:31 - 00098840 _____ () C:\Users\Johan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-27 12:23 - 2013-04-29 20:30 - 00351032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-27 12:23 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-27 12:13 - 2013-07-18 14:19 - 00000000 ____D () C:\Program Files\Vuze
2014-06-27 12:11 - 2014-06-22 16:30 - 00000000 ____D () C:\Program Files (x86)\VirtualDJ
2014-06-27 11:43 - 2013-03-30 19:34 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Malwarebytes
2014-06-27 11:43 - 2013-03-30 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-27 11:43 - 2013-03-30 19:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-25 21:52 - 2011-10-22 19:06 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA
2014-06-25 21:52 - 2011-10-22 19:06 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core
2014-06-25 21:18 - 2011-02-24 21:32 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 21:18 - 2011-02-24 21:32 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-25 12:34 - 2011-02-22 15:54 - 00000000 ____D () C:\Program Files (x86)\Runes of Magic
2014-06-25 11:38 - 2011-04-15 19:28 - 00000000 ____D () C:\Users\Johan\AppData\Local\PMB Files
2014-06-25 11:38 - 2011-04-15 19:28 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-24 13:56 - 2013-03-29 22:39 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-24 01:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-22 22:32 - 2013-08-27 23:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-22 22:29 - 2011-02-22 18:34 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-22 22:28 - 2014-04-30 14:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-22 21:59 - 2013-03-07 21:35 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Azureus
2014-06-22 16:38 - 2014-06-22 16:38 - 00000000 ____D () C:\Program Files\VirtualDJ
2014-06-21 22:28 - 2011-10-13 17:14 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\ArcSoft
2014-06-21 17:05 - 2013-11-24 03:36 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\FlowStone
2014-06-16 00:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-08 11:13 - 2014-06-22 15:50 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-22 15:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 13:34 - 2014-06-06 13:34 - 00029220 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-06-05 12:42 - 2014-06-05 12:42 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\DigitalVolcano
2014-06-05 12:41 - 2014-06-05 12:41 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Free
2014-06-04 13:51 - 2011-09-08 13:41 - 00000000 ____D () C:\ProgramData\Apple
2014-06-04 12:55 - 2014-06-04 12:55 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-06-03 13:42 - 2013-03-29 22:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

Some content of TEMP:
====================
C:\Users\Johan\AppData\Local\Temp\avgnt.exe
C:\Users\Johan\AppData\Local\Temp\bassmod.dll
C:\Users\Johan\AppData\Local\Temp\bitool.dll
C:\Users\Johan\AppData\Local\Temp\dsp_ipp.dll
C:\Users\Johan\AppData\Local\Temp\HssInstaller.exe
C:\Users\Johan\AppData\Local\Temp\hsspk.exe
C:\Users\Johan\AppData\Local\Temp\ildownloader_install.exe
C:\Users\Johan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Johan\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Johan\AppData\Local\Temp\PCSpeedMaximizer.exe
C:\Users\Johan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Johan\AppData\Local\Temp\Tsu8B9F2206.dll
C:\Users\Johan\AppData\Local\Temp\TUUUninstallHelper.exe
C:\Users\Johan\AppData\Local\Temp\uninst1.exe
C:\Users\Johan\AppData\Local\Temp\vlc-2.1.1-win64.exe
C:\Users\Johan\AppData\Local\Temp\vlc-2.1.3-win64.exe
C:\Users\Mr.SmitchFuckof12345\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 00:02

==================== End Of Log ============================
         
--- --- ---


Einen Anti-Malware Scan wollte ich auch durchführen den kann ich aber nur ohne eine Internetverbindung durchführen . Das Programm hängt sich nach ein Paar Sekunden auf wenn mein Pc am Internet verbunden ist. Dies geschieht auch bei einem update versucht der Angezeigt wird.

Danke im vorraus
__________________

Alt 04.07.2014, 15:12   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus oder Malware - Standard

Virus oder Malware



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Außerdem fehlt das andere Log von FRST (addition.txt) bitte nachreichen!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.07.2014, 15:58   #5
Whais
 
Virus oder Malware - Standard

Virus oder Malware



Die addition.txt Datei wurde nicht erstellt und ist auch nicht vorhanden. Ich habe grade Malwarebytes runtergeladen. Es hat sich 2 mal geöffnet aber mit 2 verschiedenen Datenbankversionen. Ich mache eben überall einen neuen scan.


Alt 04.07.2014, 16:00   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus oder Malware - Standard

Virus oder Malware



Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

__________________
--> Virus oder Malware

Alt 04.07.2014, 16:25   #7
Whais
 
Virus oder Malware - Standard

Virus oder Malware



FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by Johan (ATTENTION: The logged in user is not administrator) on JOHAN-HP on 04-07-2014 16:09:25
Running from C:\Users\Johan\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [187984 2014-06-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2478615884-895137908-1883612811-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2478615884-895137908-1883612811-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2478615884-895137908-1883612811-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2478615884-895137908-1883612811-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x41DD82C4DC3FCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {12063E56-B000-4E34-AB0F-F240CEFB0419} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {68EC1921-C837-408A-8431-BB316D5AC3EA} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {68EC1921-C837-408A-8431-BB316D5AC3EA} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPD36B0EF8-3392-4E33-9A47-071FD043B17D&q={searchTerms}&SSPV=
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPD36B0EF8-3392-4E33-9A47-071FD043B17D&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=78DC643150317328&affID=119357&tt=160913_m2&tsp=5013
SearchScopes: HKCU - {544493B5-8D06-4B85-80FD-44586D80FB6F} URL = 
SearchScopes: HKCU - {555BB94F-6762-4164-8A24-37F8C0023A6B} URL = 
SearchScopes: HKCU - {68EC1921-C837-408A-8431-BB316D5AC3EA} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {8768D5EA-5412-4810-A032-09AD2A726C69} hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab
DPF: HKLM-x32 {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} hxxp://dl.pmang.com/common/pmangctl/pmangax.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\wjarvfn1.default
FF Homepage: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPD36B0EF8-3392-4E33-9A47-071FD043B17D&SSPV=
FF SelectedSearchEngine: Conduit Search
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @pmang.com/npPMangFX - C:\Windows\system32\npPMangFX.dll No File
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Johan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Johan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Extension: No Name - C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\wjarvfn1.default\Extensions\staged [2014-01-17]
FF Extension: No Name - C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\wjarvfn1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi []

Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://google.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\Johan\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Johan\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Johan\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Kalydo Player Plugin for Mozilla) - C:\Users\Johan\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (YouTube) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (Google-Suche) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (Avira Browser Safety) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-07-04]
CHR Extension: (YTBoiokMark) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcbnelmanpcpbbhocfmhagblobmpacl [2014-01-17]
CHR Extension: (SmallringFX DarkBlue Theme) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfijmgohofmpjlcgmjplbpmkpchdhpk [2014-01-12]
CHR Extension: (Google Wallet) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (YouTube Unblocker) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2013-11-28]
CHR Extension: (Google Mail) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR Extension: (Extutil) - C:\Users\Johan\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-02-12]
CHR Extension: (Managera) - C:\Users\Johan\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-02-12]
CHR Extension: (YTBoiokMark) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmcbnelmanpcpbbhocfmhagblobmpacl\1.1 [2014-01-17]
CHR HKCU\...\Chrome\Extension: [bjninacglmmmbabmlkaegnanopeoiong] - C:\Users\Johan\AppData\Local\CRE\bjninacglmmmbabmlkaegnanopeoiong.crx [2013-08-28]
CHR HKCU\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\Johan\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2013-08-28]
CHR HKCU\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Johan\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Johan\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.24.0.crx [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [bjninacglmmmbabmlkaegnanopeoiong] - C:\Users\Johan\AppData\Local\CRE\bjninacglmmmbabmlkaegnanopeoiong.crx [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\Johan\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [mdomagjabmmppgcpbmkjojjkhonolopp] - C:\ProgramData\Download and Sa\mdomagjabmmppgcpbmkjojjkhonolopp.crx [2013-08-28]
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Johan\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [2013-08-28]
CHR StartMenuInternet: Google Chrome - C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-04-07] (ArcSoft Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [138832 2014-06-30] (Avira Operations GmbH & Co. KG)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [281440 2012-06-26] (BullGuard Ltd.)
S2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [199520 2012-06-05] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [379744 2012-06-18] (BullGuard Ltd.)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5827072 2011-12-16] (Native Instruments GmbH) [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4159984 2010-12-08] (INCA Internet Co., Ltd.) [File not signed]
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-15] (PDF Complete Inc)
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S4 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S4 SystemStoreService; "C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe"  -displayname "System Store" -servicename "SystemStoreService" [X]

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 arcvad_ds2dhw; C:\Windows\System32\drivers\ArcVad.sys [27136 2008-10-28] (ArcSoft, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2011-06-11] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [66272 2012-07-03] (BullGuard Ltd.)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-08-13] (AnchorFree Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2011-06-11] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-05-11] (Duplex Secure Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [290376 2012-07-03] (BitDefender S.R.L.)
R4 avkmgr; system32\DRIVERS\avkmgr.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 dump_wmimmc; \??\C:\Neowiz\Pmang\S4League\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-04 15:27 - 2014-07-04 15:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 15:27 - 2014-07-04 15:27 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 15:27 - 2014-07-04 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-04 15:27 - 2014-07-04 15:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-04 15:27 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-04 15:27 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-04 15:27 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-04 15:25 - 2014-07-04 15:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Johan\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-04 15:14 - 2014-07-04 15:14 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\AVG2014
2014-07-04 15:14 - 2014-07-04 15:14 - 00000000 ____D () C:\Users\Johan\AppData\Local\Avg2014
2014-07-04 15:12 - 2014-07-04 15:12 - 00000947 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-07-04 15:11 - 2014-07-04 15:13 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-04 15:11 - 2014-07-04 15:11 - 00000000 ___HD () C:\$AVG
2014-07-04 15:10 - 2014-07-04 15:10 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-07-04 15:08 - 2014-07-04 15:15 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-04 15:01 - 2014-07-04 15:05 - 141865920 _____ () C:\Users\Johan\Desktop\avira_free_antivirus45_de.exe
2014-07-04 14:56 - 2014-07-04 14:56 - 00001103 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-04 14:19 - 2014-07-04 14:19 - 00000680 __RSH () C:\Users\Johan\ntuser.pol
2014-07-04 13:15 - 2014-07-04 13:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johan\Desktop\revosetup95.exe
2014-07-04 13:15 - 2014-07-04 13:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-03 16:40 - 2014-07-04 14:09 - 00000000 ____D () C:\Users\Mr.Smith
2014-07-03 16:15 - 2014-07-03 16:16 - 00652353 _____ () C:\Users\Johan\Desktop\OTL+Extras 3.07.14.txt
2014-07-03 15:56 - 2014-07-03 15:57 - 00000000 ____D () C:\Windows\pss
2014-07-02 22:28 - 2014-07-02 22:44 - 00186014 _____ () C:\Users\Johan\Desktop\Trojaner Board.txt
2014-07-02 22:00 - 2014-07-04 16:17 - 00021902 _____ () C:\Users\Johan\Desktop\FRST.txt
2014-07-02 21:56 - 2014-07-02 21:56 - 02083840 _____ (Farbar) C:\Users\Johan\Desktop\FRST64.exe
2014-07-02 21:46 - 2014-07-03 16:12 - 00059458 _____ () C:\Users\Johan\Desktop\Extras.Txt
2014-07-02 21:45 - 2014-07-03 16:12 - 01245220 _____ () C:\Users\Johan\Desktop\OTL.Txt
2014-07-02 16:50 - 2014-07-02 16:50 - 00018976 _____ () C:\Users\Johan\Desktop\dds.txt
2014-07-02 16:50 - 2014-07-02 16:50 - 00005258 _____ () C:\Users\Johan\Desktop\attach.txt
2014-07-02 16:44 - 2014-07-02 16:44 - 00602112 _____ (OldTimer Tools) C:\Users\Johan\Desktop\OTL.exe
2014-07-02 16:43 - 2014-07-02 16:43 - 00688992 ____R (Swearware) C:\Users\Johan\Desktop\dds.scr
2014-07-02 00:16 - 2014-07-02 00:16 - 00001749 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files\iTunes
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files\iPod
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-02 00:16 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-07-01 12:57 - 2014-07-01 13:00 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\TS3Client
2014-06-30 16:13 - 2014-07-04 15:18 - 00000000 ____D () C:\Users\Johan\Desktop\Daten
2014-06-29 01:39 - 2014-06-29 01:39 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Win7codecs
2014-06-28 14:37 - 2014-07-03 16:30 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345
2014-06-22 16:38 - 2014-06-22 16:38 - 00000000 ____D () C:\Program Files\VirtualDJ
2014-06-22 15:53 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-22 15:53 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-22 15:53 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-22 15:53 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-22 15:53 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-22 15:53 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-22 15:53 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-22 15:53 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-22 15:53 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-22 15:53 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-22 15:53 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-22 15:53 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-22 15:52 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-22 15:52 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-22 15:52 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-22 15:52 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-22 15:52 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-22 15:52 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-22 15:52 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-22 15:52 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-22 15:52 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-22 15:52 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-22 15:52 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-22 15:52 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-22 15:52 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-22 15:52 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-22 15:52 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-22 15:52 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-22 15:52 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-22 15:52 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-22 15:52 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-22 15:52 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-22 15:52 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-22 15:52 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-22 15:52 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-22 15:52 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-22 15:52 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-22 15:52 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-22 15:52 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-22 15:52 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-22 15:52 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-22 15:52 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-22 15:52 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-22 15:52 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-22 15:52 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-22 15:52 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-22 15:52 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-22 15:52 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-22 15:52 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-22 15:52 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-22 15:52 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-22 15:52 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-22 15:52 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-22 15:52 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-22 15:52 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-22 15:52 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-22 15:52 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-22 15:52 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-22 15:52 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-22 15:52 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-22 15:52 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-22 15:52 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-22 15:52 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-22 15:52 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-22 15:50 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-22 15:50 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-17 16:21 - 2014-06-17 16:21 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-06-17 16:07 - 2014-06-17 16:07 - 00328984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00269080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00242968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00190744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-06-06 13:34 - 2014-06-06 13:34 - 00029220 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-06-05 12:42 - 2014-06-05 12:42 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\DigitalVolcano
2014-06-05 12:41 - 2014-06-05 12:41 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Free
2014-06-04 12:55 - 2014-06-04 12:55 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

==================== One Month Modified Files and Folders =======

2014-07-04 16:17 - 2014-07-02 22:00 - 00021902 _____ () C:\Users\Johan\Desktop\FRST.txt
2014-07-04 16:10 - 2013-06-28 21:40 - 00000000 ____D () C:\FRST
2014-07-04 15:58 - 2011-02-21 21:24 - 01716440 _____ () C:\Windows\WindowsUpdate.log
2014-07-04 15:57 - 2011-10-22 19:06 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA.job
2014-07-04 15:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-07-04 15:53 - 2012-07-23 07:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-04 15:48 - 2013-03-30 17:44 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\vlc
2014-07-04 15:27 - 2014-07-04 15:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 15:27 - 2014-07-04 15:27 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 15:27 - 2014-07-04 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-04 15:27 - 2014-07-04 15:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-04 15:25 - 2014-07-04 15:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Johan\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-04 15:23 - 2011-02-24 21:32 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-04 15:18 - 2014-06-30 16:13 - 00000000 ____D () C:\Users\Johan\Desktop\Daten
2014-07-04 15:15 - 2014-07-04 15:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-04 15:14 - 2014-07-04 15:14 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\AVG2014
2014-07-04 15:14 - 2014-07-04 15:14 - 00000000 ____D () C:\Users\Johan\AppData\Local\Avg2014
2014-07-04 15:13 - 2014-07-04 15:11 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-04 15:12 - 2014-07-04 15:12 - 00000947 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-07-04 15:12 - 2013-05-08 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-04 15:12 - 2012-11-18 21:08 - 00000000 ____D () C:\ProgramData\Avira
2014-07-04 15:11 - 2014-07-04 15:11 - 00000000 ___HD () C:\$AVG
2014-07-04 15:10 - 2014-07-04 15:10 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-07-04 15:05 - 2014-07-04 15:01 - 141865920 _____ () C:\Users\Johan\Desktop\avira_free_antivirus45_de.exe
2014-07-04 14:56 - 2014-07-04 14:56 - 00001103 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-04 14:56 - 2013-05-15 10:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-04 14:56 - 2012-11-18 21:08 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-04 14:25 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-04 14:25 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-04 14:19 - 2014-07-04 14:19 - 00000680 __RSH () C:\Users\Johan\ntuser.pol
2014-07-04 14:19 - 2011-02-24 21:32 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-04 14:19 - 2011-02-21 21:28 - 00000000 ____D () C:\Users\Johan
2014-07-04 14:18 - 2013-04-29 20:30 - 00053239 _____ () C:\Windows\setupact.log
2014-07-04 14:18 - 2011-11-07 22:32 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-07-04 14:18 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-04 14:09 - 2014-07-03 16:40 - 00000000 ____D () C:\Users\Mr.Smith
2014-07-04 14:08 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-04 13:33 - 2014-06-01 18:29 - 00000000 ____D () C:\Program Files\Native Instruments
2014-07-04 13:15 - 2014-07-04 13:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johan\Desktop\revosetup95.exe
2014-07-04 13:15 - 2014-07-04 13:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-03 17:33 - 2014-02-09 17:55 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-07-03 17:12 - 2013-05-08 09:39 - 00262972 _____ () C:\Windows\PFRO.log
2014-07-03 17:10 - 2014-04-25 14:54 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-07-03 17:10 - 2013-04-28 21:17 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-07-03 17:10 - 2011-10-06 09:39 - 00000000 ____D () C:\ProgramData\Shark007
2014-07-03 17:10 - 2011-02-22 16:16 - 00000000 ____D () C:\Users\Johan\AppData\Local\CrashDumps
2014-07-03 17:10 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-03 16:48 - 2013-09-03 11:20 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Hotspot Shield
2014-07-03 16:30 - 2014-06-28 14:37 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345
2014-07-03 16:30 - 2013-11-24 03:36 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-07-03 16:30 - 2013-11-24 03:36 - 00000000 ____D () C:\Program Files\Image-Line
2014-07-03 16:16 - 2014-07-03 16:15 - 00652353 _____ () C:\Users\Johan\Desktop\OTL+Extras 3.07.14.txt
2014-07-03 16:12 - 2014-07-02 21:46 - 00059458 _____ () C:\Users\Johan\Desktop\Extras.Txt
2014-07-03 16:12 - 2014-07-02 21:45 - 01245220 _____ () C:\Users\Johan\Desktop\OTL.Txt
2014-07-03 15:57 - 2014-07-03 15:56 - 00000000 ____D () C:\Windows\pss
2014-07-03 12:43 - 2011-02-21 21:36 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Skype
2014-07-02 23:10 - 2011-03-14 22:31 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\SoftGrid Client
2014-07-02 22:44 - 2014-07-02 22:28 - 00186014 _____ () C:\Users\Johan\Desktop\Trojaner Board.txt
2014-07-02 21:57 - 2011-10-22 19:06 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core.job
2014-07-02 21:56 - 2014-07-02 21:56 - 02083840 _____ (Farbar) C:\Users\Johan\Desktop\FRST64.exe
2014-07-02 16:50 - 2014-07-02 16:50 - 00018976 _____ () C:\Users\Johan\Desktop\dds.txt
2014-07-02 16:50 - 2014-07-02 16:50 - 00005258 _____ () C:\Users\Johan\Desktop\attach.txt
2014-07-02 16:44 - 2014-07-02 16:44 - 00602112 _____ (OldTimer Tools) C:\Users\Johan\Desktop\OTL.exe
2014-07-02 16:43 - 2014-07-02 16:43 - 00688992 ____R (Swearware) C:\Users\Johan\Desktop\dds.scr
2014-07-02 00:16 - 2014-07-02 00:16 - 00001749 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files\iTunes
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files\iPod
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-01 13:00 - 2014-07-01 12:57 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\TS3Client
2014-06-30 09:34 - 2014-06-01 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-06-30 09:34 - 2014-06-01 18:29 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments
2014-06-30 09:34 - 2014-04-26 02:20 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-30 09:34 - 2014-04-26 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\fbwuser\AppData\Local\Torch
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\fbwuser\AppData\Local\Google
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\fbwuser\AppData\Local\Comodo
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator
2014-06-30 09:34 - 2013-12-15 23:05 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-30 09:34 - 2013-11-24 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LMMS 0.4.15
2014-06-30 09:34 - 2013-09-09 21:44 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-06-30 09:34 - 2013-04-02 17:29 - 00000000 ____D () C:\Program Files (x86)\alaplaya
2014-06-30 09:34 - 2012-10-12 14:47 - 00000000 ____D () C:\Users\Johan\.android
2014-06-30 09:34 - 2012-08-30 17:03 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-30 09:34 - 2012-08-30 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-30 09:34 - 2011-03-12 17:26 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-30 09:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-30 09:33 - 2011-04-20 09:27 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Mozilla
2014-06-30 09:33 - 2011-04-17 08:40 - 00000000 ____D () C:\Users\Johan\AppData\Local\Mozilla
2014-06-30 09:33 - 2011-02-21 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya
2014-06-30 09:32 - 2013-06-27 11:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-30 09:32 - 2011-09-08 13:42 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-06-29 01:57 - 2014-02-12 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2014-06-29 01:57 - 2011-02-21 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2014-06-29 01:39 - 2014-06-29 01:39 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Win7codecs
2014-06-29 01:39 - 2011-10-06 19:42 - 00000000 ____D () C:\ProgramData\Win7codecs
2014-06-28 18:34 - 2011-10-09 13:39 - 00000000 ____D () C:\Users\Johan\AppData\Local\Deployment
2014-06-27 19:07 - 2011-01-11 02:27 - 00699868 _____ () C:\Windows\system32\perfh007.dat
2014-06-27 19:07 - 2011-01-11 02:27 - 00149750 _____ () C:\Windows\system32\perfc007.dat
2014-06-27 19:07 - 2009-07-14 07:13 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-27 13:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2014-06-27 12:25 - 2013-04-29 20:31 - 00098840 _____ () C:\Users\Johan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-27 12:23 - 2013-04-29 20:30 - 00351032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-27 12:23 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-27 12:13 - 2013-07-18 14:19 - 00000000 ____D () C:\Program Files\Vuze
2014-06-27 11:43 - 2013-03-30 19:34 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Malwarebytes
2014-06-27 11:43 - 2013-03-30 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-27 11:43 - 2013-03-30 19:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-25 11:38 - 2011-04-15 19:28 - 00000000 ____D () C:\Users\Johan\AppData\Local\PMB Files
2014-06-24 01:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-22 22:32 - 2013-08-27 23:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-22 22:29 - 2011-02-22 18:34 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-22 22:28 - 2014-04-30 14:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-22 21:59 - 2013-03-07 21:35 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Azureus
2014-06-22 16:38 - 2014-06-22 16:38 - 00000000 ____D () C:\Program Files\VirtualDJ
2014-06-21 22:28 - 2011-10-13 17:14 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\ArcSoft
2014-06-21 17:05 - 2013-11-24 03:36 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\FlowStone
2014-06-17 16:21 - 2014-06-17 16:21 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-06-17 16:07 - 2014-06-17 16:07 - 00328984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00269080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00242968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00190744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-06-16 00:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-08 11:13 - 2014-06-22 15:50 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-22 15:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 13:34 - 2014-06-06 13:34 - 00029220 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-06-05 12:42 - 2014-06-05 12:42 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\DigitalVolcano
2014-06-05 12:41 - 2014-06-05 12:41 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Free
2014-06-04 13:51 - 2011-09-08 13:41 - 00000000 ____D () C:\ProgramData\Apple
2014-06-04 12:55 - 2014-06-04 12:55 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

Some content of TEMP:
====================
C:\Users\Johan\AppData\Local\Temp\avgnt.exe
C:\Users\Johan\AppData\Local\Temp\bassmod.dll
C:\Users\Johan\AppData\Local\Temp\bitool.dll
C:\Users\Johan\AppData\Local\Temp\dsp_ipp.dll
C:\Users\Johan\AppData\Local\Temp\HssInstaller.exe
C:\Users\Johan\AppData\Local\Temp\hsspk.exe
C:\Users\Johan\AppData\Local\Temp\ildownloader_install.exe
C:\Users\Johan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Johan\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Johan\AppData\Local\Temp\MusicStationUninstall.exe
C:\Users\Johan\AppData\Local\Temp\PCSpeedMaximizer.exe
C:\Users\Johan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Johan\AppData\Local\Temp\Tsu8B9F2206.dll
C:\Users\Johan\AppData\Local\Temp\TUUUninstallHelper.exe
C:\Users\Johan\AppData\Local\Temp\uninst1.exe
C:\Users\Johan\AppData\Local\Temp\vlc-2.1.1-win64.exe
C:\Users\Johan\AppData\Local\Temp\vlc-2.1.3-win64.exe
C:\Users\Mr.Smith\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         
--- --- ---



Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2014
Ran by Johan at 2014-07-04 16:19:58
Running from C:\Users\Johan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: AVG AntiVirus Free Edition 2014 (Enabled - Out of date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Out of date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
AM Usb Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 8.1460.6366.1401 - Alcor)
AM Usb Card Reader Driver (x32 Version: 8.1460.6366.1401 - Alcor) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{3DDACE1F-3B1E-D6AB-CD3D-B6E987511945}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
Avira (HKLM-x32\...\{89ef9b48-b56b-48d8-b5c1-4eb9a5ca50cb}) (Version: 1.1.16.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.16.30000 - Avira Operations GmbH & Co. KG) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0825.2146.37182 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0825.2146.37182 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0202.2335.42270 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0825.2146.37182 - ATI Technologies, Inc.) Hidden
CCC Help English (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0825.2146.37182 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0825.2146.37182 - ATI) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2926 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2926 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{249d5ca2-4555-41b5-a112-d45aec69dffa}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Native Instruments Controller Editor (Version: 1.4.5.910 - Native Instruments) Hidden
Native Instruments Service Center (Version: 2.3.2.926 - Native Instruments) Hidden
Native Instruments Traktor 2 (Version: 2.5.0.13594 - Native Instruments) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30117 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2829 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
S4 League_EU (HKLM-x32\...\{EA1E6BB4-D075-4B39-A672-111F4250E039}) (Version: 1.00.0000 - )
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.0.9 - Shark007)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
x64 Components v3.0.9 (HKLM\...\x64 Components_is1) (Version: 3.0.9 - Shark007)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-06-30 19:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core.job => C:\Users\Johan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA.job => C:\Users\Johan\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-08-04 15:58 - 2010-08-04 15:58 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-25 21:44 - 2010-08-25 21:44 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:AD022376

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: AntiVirSchedulerService => 2
MSCONFIG\Services: AntiVirService => 2
MSCONFIG\Services: AntiVirWebService => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SystemStoreService => 2
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Johan\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Johan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: Programmierbarer Interruptcontroller
Description: Programmierbarer Interruptcontroller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: hp CDDVDW TS-H653R SATA CdRom Device
Description: CD-ROM-Laufwerk
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-CD-ROM-Laufwerke)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Hochpräzisionsereigniszeitgeber
Description: Hochpräzisionsereigniszeitgeber
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2014 02:28:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.

Error: (07/04/2014 02:18:50 PM) (Source: Application Virtualization Client) (EventID: 3037) (User: )
Description: {tid=9B4}
Application Virtualization Client kann OfficeVirt 9014006604070000 nicht öffnen.

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (07/04/2014 00:14:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.


System errors:
=============
Error: (07/04/2014 02:18:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (07/04/2014 02:18:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/04/2014 02:18:38 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.

Error: (07/04/2014 00:04:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (07/04/2014 00:04:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/04/2014 00:04:03 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.

Error: (07/04/2014 00:01:02 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/04/2014 00:01:02 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/04/2014 00:01:02 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/04/2014 11:32:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom


Microsoft Office Sessions:
=========================
Error: (07/04/2014 02:28:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.

Error: (07/04/2014 02:18:50 PM) (Source: Application Virtualization Client) (EventID: 3037) (User: )
Description: {tid=9B4}
OfficeVirt 9014006604070000

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (07/04/2014 00:14:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.


CodeIntegrity Errors:
===================================
  Date: 2013-06-30 19:14:40.461
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-30 19:14:40.051
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-30 19:14:39.641
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-30 19:14:39.220
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-03 15:42:39.680
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-03 15:42:39.290
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-03 15:42:38.910
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-03 15:42:38.525
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-03 14:28:35.347
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-03 14:28:34.957
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 79%
Total physical RAM: 2815.29 MB
Available physical RAM: 567.9 MB
Total Pagefile: 5628.75 MB
Available Pagefile: 2441.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:455.71 GB) (Free:298.14 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.95 GB) (Free:1.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
Malwarebytes scan läuft noch.

Alt 04.07.2014, 16:35   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus oder Malware - Standard

Virus oder Malware



Zitat:
Ran by Johan (ATTENTION: The logged in user is not administrator)
Weiso bist du jetzt kein Admin mehr??!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.07.2014, 16:37   #9
Whais
 
Virus oder Malware - Standard

Virus oder Malware



OTL

Code:
ATTFilter
OTL logfile created on: 04.07.2014 15:27:37 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Johan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 30,80% Memory free
5,50 Gb Paging File | 3,26 Gb Available in Paging File | 59,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,71 Gb Total Space | 298,73 Gb Free Space | 65,55% Space Free | Partition Type: NTFS
Drive D: | 9,95 Gb Total Space | 1,01 Gb Free Space | 10,17% Space Free | Partition Type: NTFS
 
Computer Name: JOHAN-HP | User Name: Mr.Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.07.02 16:44:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johan\Desktop\OTL.exe
PRC - [2014.06.30 12:08:20 | 000,187,984 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014.06.30 12:08:18 | 000,138,832 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014.06.27 15:20:18 | 003,241,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014.06.17 16:18:02 | 005,179,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014.06.17 16:11:46 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014.05.12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
PRC - [2014.05.12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
PRC - [2014.05.12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
PRC - [2013.06.26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013.06.26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.04.23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009.10.15 01:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2009.04.07 10:54:10 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008.11.20 20:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014.06.30 12:08:16 | 000,137,296 | ---- | M] () -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014.06.05 15:58:38 | 000,414,536 | ---- | M] () -- C:\Users\Johan\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
MOD - [2014.06.05 15:58:36 | 004,217,672 | ---- | M] () -- C:\Users\Johan\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014.06.05 15:58:30 | 001,732,424 | ---- | M] () -- C:\Users\Johan\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014.04.26 00:28:14 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll
MOD - [2014.04.26 00:28:13 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014.04.26 00:28:10 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014.04.26 00:27:21 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014.04.26 00:27:12 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014.04.26 00:26:56 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014.04.26 00:26:51 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014.04.26 00:26:45 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014.04.26 00:26:25 | 002,542,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\7e73e63cf4b8efdf41900b9576489e61\System.Data.Linq.ni.dll
MOD - [2014.04.26 00:25:56 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014.04.26 00:25:49 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014.04.26 00:25:48 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\af02d03484578dbc357d1df8d1b6fd01\PresentationFramework-SystemData.ni.dll
MOD - [2014.04.26 00:11:30 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014.04.26 00:11:28 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014.04.26 00:11:25 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014.04.26 00:11:23 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014.04.26 00:11:18 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll
MOD - [2014.04.26 00:11:15 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014.04.26 00:11:13 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014.04.26 00:11:08 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014.04.26 00:11:07 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014.04.26 00:11:06 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014.04.26 00:11:04 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014.04.26 00:11:00 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014.04.26 00:10:57 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014.04.26 00:10:52 | 000,198,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\92e9bacef49552a4485fbb7523782133\CustomMarshalers.ni.dll
MOD - [2014.04.26 00:10:51 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014.02.10 13:44:24 | 004,592,128 | ---- | M] () -- C:\Users\Johan\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
MOD - [2014.02.10 13:44:24 | 000,112,128 | ---- | M] () -- C:\Users\Johan\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014.05.30 11:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012.06.26 14:37:34 | 000,281,440 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV:64bit: - [2012.06.18 14:34:30 | 000,379,744 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV:64bit: - [2012.06.05 14:09:14 | 000,199,520 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV:64bit: - [2011.12.16 11:37:38 | 005,827,072 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2010.08.26 03:57:14 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014.06.30 12:08:18 | 000,138,832 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014.06.27 15:20:18 | 003,241,488 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014.06.17 16:11:46 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014.05.14 13:53:19 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.05.12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe -- (MBAMService)
SRV - [2014.05.12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.09.11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013.06.26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013.06.26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.12.08 01:25:00 | 004,159,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009.10.15 01:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.07 10:54:10 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014.07.04 15:27:29 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014.06.17 16:21:34 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014.06.17 16:07:12 | 000,328,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014.06.17 16:06:58 | 000,269,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014.06.17 16:06:24 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014.06.17 16:06:22 | 000,242,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014.06.17 16:06:22 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014.06.17 16:06:20 | 000,123,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014.06.17 16:06:06 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014.05.12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014.05.12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.08.13 01:07:58 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013.06.26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013.06.26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013.06.26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013.06.26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.12.04 02:13:00 | 000,095,344 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2012.12.04 02:13:00 | 000,021,872 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2012.07.03 11:16:44 | 000,066,272 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BdSpy.sys -- (BdSpy)
DRV:64bit: - [2012.07.03 11:16:40 | 000,290,376 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.11 18:30:07 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.06.11 18:29:58 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.05.11 16:45:47 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.01.01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010.12.02 10:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.26 05:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.26 03:20:56 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010.07.01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010.04.29 06:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010.04.09 01:12:00 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.03.10 02:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.12.21 20:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.10.23 10:26:14 | 000,046,592 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.10.08 02:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.10.08 02:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.09.19 05:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.10.28 11:27:52 | 000,027,136 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcVad.sys -- (arcvad_ds2dhw)
DRV:64bit: - [2008.05.16 11:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 11:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic)
DRV:64bit: - [2008.05.16 11:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV:64bit: - [2008.05.16 11:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 11:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5)
DRV:64bit: - [2008.05.16 11:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.bing.com/search?q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{12063E56-B000-4E34-AB0F-F240CEFB0419}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{555BB94F-6762-4164-8A24-37F8C0023A6B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{68EC1921-C837-408A-8431-BB316D5AC3EA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.bing.com/search?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{555BB94F-6762-4164-8A24-37F8C0023A6B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{68EC1921-C837-408A-8431-BB316D5AC3EA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQDSK/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE10DEDE/WOL_WCP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQDSK/4
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@kuaiyong.yrtd.com,version=1.0.1.1:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@pmang.com/npPMangFX: C:\Windows\system32\npPMangFX.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
 
O1 HOSTS File: ([2013.06.30 19:19:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab (DownStarter2 Control)
O16 - DPF: {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} hxxp://dl.pmang.com/common/pmangctl/pmangax.cab (Session2 Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24D00668-9EE8-4DA2-B8D4-78F9E326BAE3}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.07.04 15:27:29 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.07.04 15:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2014.07.04 15:27:04 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.07.04 15:27:04 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.07.04 15:27:04 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.07.04 15:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2014.07.04 15:26:51 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Local\Programs
[2014.07.04 15:13:31 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Roaming\AVG2014
[2014.07.04 15:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014.07.04 15:12:40 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Roaming\TuneUp Software
[2014.07.04 15:11:06 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014.07.04 15:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014.07.04 15:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014.07.04 15:08:37 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Local\MFAData
[2014.07.04 15:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014.07.04 15:08:37 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Local\Avg2014
[2014.07.04 13:51:53 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Local\ArcSoft
[2014.07.04 13:51:52 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Roaming\ArcSoft
[2014.07.04 13:15:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014.07.04 13:15:56 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014.07.03 17:33:22 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Roaming\ATI
[2014.07.03 17:33:22 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Local\ATI
[2014.07.03 17:32:51 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Roaming\Apple Computer
[2014.07.03 17:32:50 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Local\PDFC
[2014.07.03 17:32:43 | 000,000,000 | R--D | C] -- C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014.07.03 17:32:43 | 000,000,000 | R--D | C] -- C:\Users\Mr.Smith\Searches
[2014.07.03 17:32:43 | 000,000,000 | R--D | C] -- C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014.07.03 17:32:39 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Roaming\Identities
[2014.07.03 17:32:36 | 000,000,000 | R--D | C] -- C:\Users\Mr.Smith\Contacts
[2014.07.03 17:32:36 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Local\VirtualStore
[2014.07.03 17:32:35 | 000,000,000 | R--D | C] -- C:\Users\Mr.Smith\Desktop
[2014.07.03 16:57:50 | 000,000,000 | -HSD | C] -- C:\Users\Mr.Smith\AppData\Local\EmieUserList
[2014.07.03 16:57:50 | 000,000,000 | -HSD | C] -- C:\Users\Mr.Smith\AppData\Local\EmieSiteList
[2014.07.03 16:57:48 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Roaming\Adobe
[2014.07.03 16:57:11 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Local\SoftwareUpdater
[2014.07.03 16:45:14 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Local\ElevatedDiagnostics
[2014.07.03 16:41:59 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Local\CrashDumps
[2014.07.03 16:40:57 | 000,000,000 | -HSD | C] -- C:\Users\Mr.Smith\Vorlagen
[2014.07.03 16:40:57 | 000,000,000 | -HSD | C] -- C:\Users\Mr.Smith\AppData\Local\Verlauf
[2014.07.03 16:40:57 | 000,000,000 | -HSD | C] -- C:\Users\Mr.Smith\AppData\Local\Temporary Internet Files
[2014.07.03 16:40:57 | 000,000,000 | -HSD | C] -- C:\Users\Mr.Smith\Startmenü
[2014.07.03 16:40:57 | 000,000,000 | -HSD | C] -- C:\Users\Mr.Smith\SendTo
[2014.07.03 16:40:57 | 000,000,000 | -HSD | C] -- C:\Users\Mr.Smith\Recent
[2014.07.03 16:40:57 | 000,000,000 | -HSD | C] -- C:\Users\Mr.Smith\Netzwerkumgebung
[2014.07.03 16:40:57 | 000,000,000 | -HSD | C] -- C:\Users\Mr.Smith\Lokale Einstellungen
[2014.07.03 16:40:57 | 000,000,000 | -HSD | C] -- C:\Users\Mr.Smith\Documents\Eigene Videos
[2014.07.03 16:40:57 | 000,000,000 | -HSD | C] -- C:\Users\Mr.Smith\Documents\Eigene Musik
[2014.07.03 16:40:57 | 000,000,000 | -HSD | C] -- C:\Users\Mr.Smith\Eigene Dateien
[2014.07.03 16:40:57 | 000,000,000 | -HSD | C] -- C:\Users\Mr.Smith\Documents\Eigene Bilder
[2014.07.03 16:40:57 | 000,000,000 | -HSD | C] -- C:\Users\Mr.Smith\Druckumgebung
[2014.07.03 16:40:57 | 000,000,000 | -HSD | C] -- C:\Users\Mr.Smith\Cookies
[2014.07.03 16:40:57 | 000,000,000 | -HSD | C] -- C:\Users\Mr.Smith\AppData\Local\Anwendungsdaten
[2014.07.03 16:40:57 | 000,000,000 | -HSD | C] -- C:\Users\Mr.Smith\Anwendungsdaten
[2014.07.03 16:40:56 | 000,000,000 | --SD | C] -- C:\Users\Mr.Smith\AppData\Roaming\Microsoft
[2014.07.03 16:40:56 | 000,000,000 | R--D | C] -- C:\Users\Mr.Smith\Videos
[2014.07.03 16:40:56 | 000,000,000 | R--D | C] -- C:\Users\Mr.Smith\Saved Games
[2014.07.03 16:40:56 | 000,000,000 | R--D | C] -- C:\Users\Mr.Smith\Pictures
[2014.07.03 16:40:56 | 000,000,000 | R--D | C] -- C:\Users\Mr.Smith\Music
[2014.07.03 16:40:56 | 000,000,000 | R--D | C] -- C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014.07.03 16:40:56 | 000,000,000 | R--D | C] -- C:\Users\Mr.Smith\Links
[2014.07.03 16:40:56 | 000,000,000 | R--D | C] -- C:\Users\Mr.Smith\Favorites
[2014.07.03 16:40:56 | 000,000,000 | R--D | C] -- C:\Users\Mr.Smith\Downloads
[2014.07.03 16:40:56 | 000,000,000 | R--D | C] -- C:\Users\Mr.Smith\Documents
[2014.07.03 16:40:56 | 000,000,000 | R--D | C] -- C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014.07.03 16:40:56 | 000,000,000 | -H-D | C] -- C:\Users\Mr.Smith\AppData
[2014.07.03 16:40:56 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Local\temp
[2014.07.03 16:40:56 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Local\Microsoft
[2014.07.03 16:40:56 | 000,000,000 | ---D | C] -- C:\Users\Mr.Smith\AppData\Roaming\Media Center Programs
[2014.07.03 15:56:26 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014.07.02 00:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014.07.02 00:16:48 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2014.07.02 00:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014.07.02 00:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014.07.02 00:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014.07.02 00:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014.06.22 16:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2014.06.22 15:53:48 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014.06.22 15:53:37 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014.06.22 15:53:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014.06.22 15:53:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014.06.22 15:53:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014.06.22 15:53:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014.06.22 15:52:57 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.06.22 15:52:57 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.06.22 15:52:57 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.06.22 15:52:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.06.22 15:52:56 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.06.22 15:52:55 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.06.22 15:52:53 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.06.22 15:52:53 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.06.22 15:52:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.06.22 15:52:51 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.06.22 15:52:51 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.06.22 15:52:51 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.06.22 15:52:51 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.06.22 15:52:51 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.06.22 15:52:50 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.06.22 15:52:50 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.06.22 15:52:49 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.06.22 15:52:49 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.06.22 15:52:49 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.06.22 15:52:48 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.06.22 15:52:48 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.06.22 15:52:48 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.06.22 15:52:47 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.06.22 15:52:47 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.06.22 15:52:46 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.06.22 15:52:46 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.06.22 15:52:46 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.06.22 15:52:46 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.06.22 15:52:46 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.06.22 15:52:45 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.06.22 15:52:45 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.06.22 15:52:44 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.06.22 15:52:44 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.06.22 15:50:42 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.06.22 15:50:41 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.06.17 16:21:34 | 000,235,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2014.06.17 16:07:12 | 000,328,984 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2014.06.17 16:06:58 | 000,269,080 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2014.06.17 16:06:24 | 000,190,744 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2014.06.17 16:06:22 | 000,242,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2014.06.17 16:06:22 | 000,153,368 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgdiska.sys
[2014.06.17 16:06:20 | 000,123,672 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2014.06.17 16:06:06 | 000,031,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014.07.04 15:53:46 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.07.04 15:27:29 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.07.04 15:27:07 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.07.04 15:23:03 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.07.04 15:12:41 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014.07.04 14:57:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA.job
[2014.07.04 14:56:38 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2014.07.04 14:25:59 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.07.04 14:25:59 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.07.04 14:19:27 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.07.04 14:18:41 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014.07.04 14:18:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.07.04 14:18:26 | 2214,027,264 | -HS- | M] () -- C:\hiberfil.sys
[2014.07.04 14:09:08 | 000,000,680 | RHS- | M] () -- C:\Users\Mr.Smith\ntuser.pol
[2014.07.04 13:15:56 | 000,001,230 | ---- | M] () -- C:\Users\Mr.Smith\Desktop\Revo Uninstaller.lnk
[2014.07.02 21:57:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core.job
[2014.07.02 00:16:55 | 000,001,749 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014.06.27 19:07:39 | 001,622,164 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.06.27 19:07:39 | 000,699,868 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.06.27 19:07:39 | 000,654,706 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.06.27 19:07:39 | 000,149,750 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.06.27 19:07:39 | 000,122,320 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.06.27 12:23:23 | 000,351,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.06.17 16:21:34 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2014.06.17 16:07:12 | 000,328,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2014.06.17 16:06:58 | 000,269,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2014.06.17 16:06:24 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2014.06.17 16:06:22 | 000,242,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2014.06.17 16:06:22 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgdiska.sys
[2014.06.17 16:06:20 | 000,123,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2014.06.17 16:06:06 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2014.06.08 11:13:05 | 000,506,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.06.08 11:08:04 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.06.06 13:34:20 | 000,029,220 | ---- | M] () -- C:\Windows\SysWow64\collectionCache.bnk
 
========== Files Created - No Company Name ==========
 
[2014.07.04 15:27:07 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.07.04 15:12:41 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014.07.04 14:56:38 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk
[2014.07.04 14:08:35 | 000,000,680 | RHS- | C] () -- C:\Users\Mr.Smith\ntuser.pol
[2014.07.04 13:15:56 | 000,001,230 | ---- | C] () -- C:\Users\Mr.Smith\Desktop\Revo Uninstaller.lnk
[2014.07.03 17:32:45 | 000,001,387 | ---- | C] () -- C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014.07.02 00:16:55 | 000,001,749 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014.06.06 13:34:20 | 000,029,220 | ---- | C] () -- C:\Windows\SysWow64\collectionCache.bnk
[2013.11.26 21:33:10 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013.11.26 21:33:09 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.09.22 12:36:51 | 000,289,632 | ---- | C] ( ) -- C:\Windows\SysWow64\npPMangFX.dll
[2013.06.30 18:58:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.30 18:58:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.30 18:58:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.30 18:58:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.30 18:58:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.27 16:08:38 | 000,000,857 | ---- | C] () -- C:\Windows\client.config.ini
[2012.10.26 11:26:28 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.09.18 22:19:51 | 003,440,641 | ---- | C] () -- C:\Windows\SysWow64\drivers\mconfig.sys
 
========== ZeroAccess Check ==========
 
[2013.05.07 20:56:57 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2013.11.15 23:02:31 | 104,496,569 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㬺歜ᵌ˜
[2013.11.15 11:02:52 | 104,496,569 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㬺歜ᵌ˜
[2013.11.11 17:48:26 | 103,716,811 | ---- | M] ()(C:\Windows\SysWow64\???U) -- C:\Windows\SysWow64\酰쟡ᵌU
[2013.11.11 17:48:26 | 103,716,811 | ---- | C] ()(C:\Windows\SysWow64\???U) -- C:\Windows\SysWow64\酰쟡ᵌU
[2013.10.31 19:30:28 | 104,433,978 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\旁ᵌ•
[2013.10.31 19:30:28 | 104,433,978 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\旁ᵌ•
[2013.10.17 22:09:51 | 101,604,844 | ---- | M] ()(C:\Windows\SysWow64\???«) -- C:\Windows\SysWow64\狘ᵌ«
[2013.10.17 22:09:51 | 101,604,844 | ---- | C] ()(C:\Windows\SysWow64\???«) -- C:\Windows\SysWow64\狘ᵌ«
[2013.10.09 19:36:27 | 100,163,860 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\阾ࡻᵌ
[2013.10.09 19:36:27 | 100,163,860 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\阾ࡻᵌ
[2013.10.07 23:32:32 | 099,820,400 | ---- | M] ()(C:\Windows\SysWow64\???¸) -- C:\Windows\SysWow64\⅖དᵌ¸
[2013.10.07 11:39:35 | 099,820,400 | ---- | C] ()(C:\Windows\SysWow64\???¸) -- C:\Windows\SysWow64\⅖དᵌ¸
[2013.10.05 02:49:37 | 099,319,274 | ---- | M] ()(C:\Windows\SysWow64\???G) -- C:\Windows\SysWow64\ꗭᒁᵌG
[2013.10.04 20:49:45 | 099,319,274 | ---- | C] ()(C:\Windows\SysWow64\???G) -- C:\Windows\SysWow64\ꗭᒁᵌG
[2013.09.25 17:09:00 | 097,729,025 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\뫺껛ᵌ™
[2013.09.25 17:09:00 | 097,729,025 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\뫺껛ᵌ™
[2013.09.24 19:33:38 | 097,540,783 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\⣋쬸ᵌš
[2013.09.24 19:33:38 | 097,540,783 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\⣋쬸ᵌš
[2013.09.16 22:33:33 | 097,845,400 | ---- | M] ()(C:\Windows\SysWow64\???O) -- C:\Windows\SysWow64\㤣讫ᵌO
[2013.09.16 16:33:47 | 097,845,400 | ---- | C] ()(C:\Windows\SysWow64\???O) -- C:\Windows\SysWow64\㤣讫ᵌO
[2013.09.15 19:19:24 | 097,671,483 | ---- | M] ()(C:\Windows\SysWow64\???') -- C:\Windows\SysWow64\╇䬦ᵌ'
[2013.09.15 19:19:24 | 097,671,483 | ---- | C] ()(C:\Windows\SysWow64\???') -- C:\Windows\SysWow64\╇䬦ᵌ'
[2013.09.11 19:30:27 | 097,170,353 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\뙲໩ᵌ˜
[2013.09.11 19:30:27 | 097,170,353 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\뙲໩ᵌ˜
[2013.09.10 20:10:52 | 096,985,259 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\⛯鎔ᵌ
[2013.09.10 20:10:52 | 096,985,259 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\⛯鎔ᵌ
[2013.09.05 18:13:28 | 096,141,916 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\솑䣧ᵌ—
[2013.09.05 18:13:28 | 096,141,916 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\솑䣧ᵌ—
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:AD022376

< End of report >
         
Ich hab mir ein 2. Konto erstellt. Mr.Smith hat jetz die admin rechte.

Alt 04.07.2014, 16:49   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus oder Malware - Standard

Virus oder Malware



Bitte keine OTL-Logs mehr posten! Die wurden nicht angefordert!
Wir arbeiten hier mit FRST und davon brauch ich vernünftige Logs die mit Adminrechten erstellt wurden.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.07.2014, 17:32   #11
Whais
 
Virus oder Malware - Standard

Virus oder Malware



Sry!
Dann mach ich einen neuen Scan mit Adminrechte.


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by Mr.Smith (administrator) on JOHAN-HP on 04-07-2014 17:01:56
Running from C:\Users\Johan\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [187984 2014-06-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2478615884-895137908-1883612811-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2478615884-895137908-1883612811-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2478615884-895137908-1883612811-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2478615884-895137908-1883612811-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2478615884-895137908-1883612811-1014\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2478615884-895137908-1883612811-1014\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2478615884-895137908-1883612811-1014-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2478615884-895137908-1883612811-1014-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
GroupPolicyUsers\S-1-5-21-2478615884-895137908-1883612811-1011\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQDSK/4
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE10DEDE/WOL_WCP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQDSK/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {12063E56-B000-4E34-AB0F-F240CEFB0419} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {68EC1921-C837-408A-8431-BB316D5AC3EA} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {68EC1921-C837-408A-8431-BB316D5AC3EA} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKCU - {12063E56-B000-4E34-AB0F-F240CEFB0419} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {8768D5EA-5412-4810-A032-09AD2A726C69} hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab
DPF: HKLM-x32 {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} hxxp://dl.pmang.com/common/pmangctl/pmangax.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npnxgameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @pmang.com/npPMangFX - C:\Windows\system32\npPMangFX.dll No File
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-04-07] (ArcSoft Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [138832 2014-06-30] (Avira Operations GmbH & Co. KG)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [281440 2012-06-26] (BullGuard Ltd.)
S2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [199520 2012-06-05] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [379744 2012-06-18] (BullGuard Ltd.)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5827072 2011-12-16] (Native Instruments GmbH) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4159984 2010-12-08] (INCA Internet Co., Ltd.) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-15] (PDF Complete Inc)
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S4 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S4 SystemStoreService; "C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe"  -displayname "System Store" -servicename "SystemStoreService" [X]

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 arcvad_ds2dhw; C:\Windows\System32\drivers\ArcVad.sys [27136 2008-10-28] (ArcSoft, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2011-06-11] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [66272 2012-07-03] (BullGuard Ltd.)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-08-13] (AnchorFree Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2011-06-11] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-05-11] (Duplex Secure Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [290376 2012-07-03] (BitDefender S.R.L.)
R4 avkmgr; system32\DRIVERS\avkmgr.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 dump_wmimmc; \??\C:\Neowiz\Pmang\S4League\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-04 16:19 - 2014-07-04 16:22 - 00027074 _____ () C:\Users\Johan\Desktop\Addition.txt
2014-07-04 15:27 - 2014-07-04 15:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 15:27 - 2014-07-04 15:27 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 15:27 - 2014-07-04 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-04 15:27 - 2014-07-04 15:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-04 15:27 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-04 15:27 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-04 15:27 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-04 15:25 - 2014-07-04 15:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Johan\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-04 15:14 - 2014-07-04 15:14 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\AVG2014
2014-07-04 15:14 - 2014-07-04 15:14 - 00000000 ____D () C:\Users\Johan\AppData\Local\Avg2014
2014-07-04 15:13 - 2014-07-04 15:13 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\AVG2014
2014-07-04 15:12 - 2014-07-04 15:12 - 00000947 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\TuneUp Software
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-07-04 15:11 - 2014-07-04 15:13 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-04 15:11 - 2014-07-04 15:11 - 00000000 ___HD () C:\$AVG
2014-07-04 15:10 - 2014-07-04 15:10 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-07-04 15:08 - 2014-07-04 17:00 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-04 15:08 - 2014-07-04 15:13 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\Avg2014
2014-07-04 15:08 - 2014-07-04 15:08 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\MFAData
2014-07-04 15:01 - 2014-07-04 15:05 - 141865920 _____ () C:\Users\Johan\Desktop\avira_free_antivirus45_de.exe
2014-07-04 14:56 - 2014-07-04 14:56 - 00001103 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-04 14:19 - 2014-07-04 14:19 - 00000680 __RSH () C:\Users\Johan\ntuser.pol
2014-07-04 14:08 - 2014-07-04 14:09 - 00000680 __RSH () C:\Users\Mr.Smith\ntuser.pol
2014-07-04 13:51 - 2014-07-04 13:52 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\ArcSoft
2014-07-04 13:51 - 2014-07-04 13:51 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\ArcSoft
2014-07-04 13:15 - 2014-07-04 13:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johan\Desktop\revosetup95.exe
2014-07-04 13:15 - 2014-07-04 13:15 - 00001230 _____ () C:\Users\Mr.Smith\Desktop\Revo Uninstaller.lnk
2014-07-04 13:15 - 2014-07-04 13:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-03 17:33 - 2014-07-03 17:33 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\ATI
2014-07-03 17:33 - 2014-07-03 17:33 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\ATI
2014-07-03 17:32 - 2014-07-03 17:32 - 00001387 _____ () C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-03 17:32 - 2014-07-03 17:32 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\Apple Computer
2014-07-03 17:32 - 2014-07-03 17:32 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\VirtualStore
2014-07-03 17:32 - 2014-07-03 17:32 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\PDFC
2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 __SHD () C:\Users\Mr.Smith\AppData\Local\EmieUserList
2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 __SHD () C:\Users\Mr.Smith\AppData\Local\EmieSiteList
2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\Adobe
2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\SoftwareUpdater
2014-07-03 16:43 - 2014-07-03 16:43 - 00098840 _____ () C:\Users\Mr.Smith\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-03 16:41 - 2014-07-03 17:07 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\CrashDumps
2014-07-03 16:40 - 2014-07-04 14:09 - 00000000 ____D () C:\Users\Mr.Smith
2014-07-03 16:40 - 2014-07-03 16:40 - 00000020 ___SH () C:\Users\Mr.Smith\ntuser.ini
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Vorlagen
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Startmenü
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Netzwerkumgebung
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Lokale Einstellungen
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Eigene Dateien
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Druckumgebung
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Documents\Eigene Musik
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Documents\Eigene Bilder
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\AppData\Local\Verlauf
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\AppData\Local\Anwendungsdaten
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Anwendungsdaten
2014-07-03 16:40 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-03 16:40 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-03 16:15 - 2014-07-03 16:16 - 00652353 _____ () C:\Users\Johan\Desktop\OTL+Extras 3.07.14.txt
2014-07-03 15:56 - 2014-07-03 15:57 - 00000000 ____D () C:\Windows\pss
2014-07-02 22:28 - 2014-07-02 22:44 - 00186014 _____ () C:\Users\Johan\Desktop\Trojaner Board.txt
2014-07-02 22:00 - 2014-07-04 17:07 - 00017506 _____ () C:\Users\Johan\Desktop\FRST.txt
2014-07-02 21:56 - 2014-07-02 21:56 - 02083840 _____ (Farbar) C:\Users\Johan\Desktop\FRST64.exe
2014-07-02 21:46 - 2014-07-03 16:12 - 00059458 _____ () C:\Users\Johan\Desktop\Extras.Txt
2014-07-02 21:45 - 2014-07-04 16:34 - 00119416 _____ () C:\Users\Johan\Desktop\OTL.Txt
2014-07-02 16:50 - 2014-07-02 16:50 - 00018976 _____ () C:\Users\Johan\Desktop\dds.txt
2014-07-02 16:50 - 2014-07-02 16:50 - 00005258 _____ () C:\Users\Johan\Desktop\attach.txt
2014-07-02 16:44 - 2014-07-02 16:44 - 00602112 _____ (OldTimer Tools) C:\Users\Johan\Desktop\OTL.exe
2014-07-02 16:43 - 2014-07-02 16:43 - 00688992 ____R (Swearware) C:\Users\Johan\Desktop\dds.scr
2014-07-02 00:16 - 2014-07-02 00:16 - 00001749 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files\iTunes
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files\iPod
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-02 00:16 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-07-01 12:57 - 2014-07-01 13:00 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\TS3Client
2014-06-30 16:13 - 2014-07-04 15:18 - 00000000 ____D () C:\Users\Johan\Desktop\Daten
2014-06-29 01:59 - 2014-06-29 01:59 - 00000000 __SHD () C:\Users\Mr.SmitchFuckof12345\AppData\Local\EmieUserList
2014-06-29 01:59 - 2014-06-29 01:59 - 00000000 __SHD () C:\Users\Mr.SmitchFuckof12345\AppData\Local\EmieSiteList
2014-06-29 01:57 - 2014-06-29 01:57 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\CrashDumps
2014-06-29 01:39 - 2014-06-29 01:39 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Win7codecs
2014-06-28 14:46 - 2014-06-28 14:46 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Apple
2014-06-28 14:41 - 2014-06-28 14:41 - 00098840 _____ () C:\Users\Mr.SmitchFuckof12345\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-28 14:40 - 2014-06-28 14:41 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\ArcSoft
2014-06-28 14:40 - 2014-06-28 14:40 - 00001387 _____ () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\ATI
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Apple Computer
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Adobe
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\PDFC
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\ATI
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\ArcSoft
2014-06-28 14:39 - 2014-06-28 14:39 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\VirtualStore
2014-06-28 14:37 - 2014-07-03 16:30 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345
2014-06-28 14:37 - 2014-06-28 14:37 - 00000020 ___SH () C:\Users\Mr.SmitchFuckof12345\ntuser.ini
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Vorlagen
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Startmenü
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Netzwerkumgebung
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Lokale Einstellungen
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Eigene Dateien
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Druckumgebung
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Documents\Eigene Musik
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Documents\Eigene Bilder
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Verlauf
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Anwendungsdaten
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Anwendungsdaten
2014-06-28 14:37 - 2012-05-28 13:15 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\Documents\Visual Studio 2010
2014-06-28 14:37 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-28 14:37 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-22 16:38 - 2014-06-22 16:38 - 00000000 ____D () C:\Program Files\VirtualDJ
2014-06-22 15:53 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-22 15:53 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-22 15:53 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-22 15:53 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-22 15:53 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-22 15:53 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-22 15:53 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-22 15:53 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-22 15:53 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-22 15:53 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-22 15:53 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-22 15:53 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-22 15:52 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-22 15:52 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-22 15:52 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-22 15:52 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-22 15:52 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-22 15:52 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-22 15:52 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-22 15:52 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-22 15:52 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-22 15:52 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-22 15:52 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-22 15:52 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-22 15:52 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-22 15:52 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-22 15:52 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-22 15:52 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-22 15:52 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-22 15:52 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-22 15:52 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-22 15:52 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-22 15:52 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-22 15:52 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-22 15:52 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-22 15:52 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-22 15:52 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-22 15:52 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-22 15:52 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-22 15:52 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-22 15:52 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-22 15:52 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-22 15:52 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-22 15:52 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-22 15:52 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-22 15:52 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-22 15:52 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-22 15:52 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-22 15:52 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-22 15:52 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-22 15:52 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-22 15:52 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-22 15:52 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-22 15:52 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-22 15:52 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-22 15:52 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-22 15:52 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-22 15:52 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-22 15:52 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-22 15:52 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-22 15:52 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-22 15:52 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-22 15:52 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-22 15:52 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-22 15:50 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-22 15:50 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-17 16:21 - 2014-06-17 16:21 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-06-17 16:07 - 2014-06-17 16:07 - 00328984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00269080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00242968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00190744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-06-06 13:34 - 2014-06-06 13:34 - 00029220 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-06-05 12:42 - 2014-06-05 12:42 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\DigitalVolcano
2014-06-05 12:41 - 2014-06-05 12:41 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Free
2014-06-04 12:55 - 2014-06-04 12:55 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

==================== One Month Modified Files and Folders =======

2014-07-04 17:07 - 2014-07-02 22:00 - 00017506 _____ () C:\Users\Johan\Desktop\FRST.txt
2014-07-04 17:05 - 2011-02-21 21:24 - 01716716 _____ () C:\Windows\WindowsUpdate.log
2014-07-04 17:02 - 2013-06-28 21:40 - 00000000 ____D () C:\FRST
2014-07-04 17:00 - 2014-07-04 15:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-04 16:57 - 2011-10-22 19:06 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA.job
2014-07-04 16:53 - 2012-07-23 07:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-04 16:34 - 2014-07-02 21:45 - 00119416 _____ () C:\Users\Johan\Desktop\OTL.Txt
2014-07-04 16:23 - 2011-02-24 21:32 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-04 16:22 - 2014-07-04 16:19 - 00027074 _____ () C:\Users\Johan\Desktop\Addition.txt
2014-07-04 15:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-07-04 15:48 - 2013-03-30 17:44 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\vlc
2014-07-04 15:27 - 2014-07-04 15:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 15:27 - 2014-07-04 15:27 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 15:27 - 2014-07-04 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-04 15:27 - 2014-07-04 15:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-04 15:25 - 2014-07-04 15:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Johan\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-04 15:18 - 2014-06-30 16:13 - 00000000 ____D () C:\Users\Johan\Desktop\Daten
2014-07-04 15:14 - 2014-07-04 15:14 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\AVG2014
2014-07-04 15:14 - 2014-07-04 15:14 - 00000000 ____D () C:\Users\Johan\AppData\Local\Avg2014
2014-07-04 15:13 - 2014-07-04 15:13 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\AVG2014
2014-07-04 15:13 - 2014-07-04 15:11 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-04 15:13 - 2014-07-04 15:08 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\Avg2014
2014-07-04 15:12 - 2014-07-04 15:12 - 00000947 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\TuneUp Software
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-07-04 15:12 - 2013-05-08 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-04 15:12 - 2012-11-18 21:08 - 00000000 ____D () C:\ProgramData\Avira
2014-07-04 15:11 - 2014-07-04 15:11 - 00000000 ___HD () C:\$AVG
2014-07-04 15:10 - 2014-07-04 15:10 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-07-04 15:08 - 2014-07-04 15:08 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\MFAData
2014-07-04 15:05 - 2014-07-04 15:01 - 141865920 _____ () C:\Users\Johan\Desktop\avira_free_antivirus45_de.exe
2014-07-04 14:56 - 2014-07-04 14:56 - 00001103 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-04 14:56 - 2013-05-15 10:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-04 14:56 - 2012-11-18 21:08 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-04 14:25 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-04 14:25 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-04 14:19 - 2014-07-04 14:19 - 00000680 __RSH () C:\Users\Johan\ntuser.pol
2014-07-04 14:19 - 2011-02-24 21:32 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-04 14:19 - 2011-02-21 21:28 - 00000000 ____D () C:\Users\Johan
2014-07-04 14:18 - 2013-04-29 20:30 - 00053239 _____ () C:\Windows\setupact.log
2014-07-04 14:18 - 2011-11-07 22:32 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-07-04 14:18 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-04 14:09 - 2014-07-04 14:08 - 00000680 __RSH () C:\Users\Mr.Smith\ntuser.pol
2014-07-04 14:09 - 2014-07-03 16:40 - 00000000 ____D () C:\Users\Mr.Smith
2014-07-04 14:08 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-04 13:52 - 2014-07-04 13:51 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\ArcSoft
2014-07-04 13:51 - 2014-07-04 13:51 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\ArcSoft
2014-07-04 13:33 - 2014-06-01 18:29 - 00000000 ____D () C:\Program Files\Native Instruments
2014-07-04 13:15 - 2014-07-04 13:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johan\Desktop\revosetup95.exe
2014-07-04 13:15 - 2014-07-04 13:15 - 00001230 _____ () C:\Users\Mr.Smith\Desktop\Revo Uninstaller.lnk
2014-07-04 13:15 - 2014-07-04 13:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-03 17:33 - 2014-07-03 17:33 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\ATI
2014-07-03 17:33 - 2014-07-03 17:33 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\ATI
2014-07-03 17:33 - 2014-02-09 17:55 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-07-03 17:32 - 2014-07-03 17:32 - 00001387 _____ () C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-03 17:32 - 2014-07-03 17:32 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\Apple Computer
2014-07-03 17:32 - 2014-07-03 17:32 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\VirtualStore
2014-07-03 17:32 - 2014-07-03 17:32 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\PDFC
2014-07-03 17:12 - 2013-05-08 09:39 - 00262972 _____ () C:\Windows\PFRO.log
2014-07-03 17:10 - 2014-04-25 14:54 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-07-03 17:10 - 2013-04-28 21:17 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-07-03 17:10 - 2011-10-06 09:39 - 00000000 ____D () C:\ProgramData\Shark007
2014-07-03 17:10 - 2011-02-22 16:16 - 00000000 ____D () C:\Users\Johan\AppData\Local\CrashDumps
2014-07-03 17:10 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-03 17:07 - 2014-07-03 16:41 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\CrashDumps
2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 __SHD () C:\Users\Mr.Smith\AppData\Local\EmieUserList
2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 __SHD () C:\Users\Mr.Smith\AppData\Local\EmieSiteList
2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\Adobe
2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\SoftwareUpdater
2014-07-03 16:48 - 2013-09-03 11:20 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Hotspot Shield
2014-07-03 16:43 - 2014-07-03 16:43 - 00098840 _____ () C:\Users\Mr.Smith\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-03 16:40 - 2014-07-03 16:40 - 00000020 ___SH () C:\Users\Mr.Smith\ntuser.ini
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Vorlagen
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Startmenü
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Netzwerkumgebung
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Lokale Einstellungen
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Eigene Dateien
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Druckumgebung
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Documents\Eigene Musik
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Documents\Eigene Bilder
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\AppData\Local\Verlauf
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\AppData\Local\Anwendungsdaten
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Anwendungsdaten
2014-07-03 16:30 - 2014-06-28 14:37 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345
2014-07-03 16:30 - 2013-11-24 03:36 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-07-03 16:30 - 2013-11-24 03:36 - 00000000 ____D () C:\Program Files\Image-Line
2014-07-03 16:16 - 2014-07-03 16:15 - 00652353 _____ () C:\Users\Johan\Desktop\OTL+Extras 3.07.14.txt
2014-07-03 16:12 - 2014-07-02 21:46 - 00059458 _____ () C:\Users\Johan\Desktop\Extras.Txt
2014-07-03 15:57 - 2014-07-03 15:56 - 00000000 ____D () C:\Windows\pss
2014-07-03 12:43 - 2011-02-21 21:36 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Skype
2014-07-02 23:10 - 2011-03-14 22:31 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\SoftGrid Client
2014-07-02 22:44 - 2014-07-02 22:28 - 00186014 _____ () C:\Users\Johan\Desktop\Trojaner Board.txt
2014-07-02 21:57 - 2011-10-22 19:06 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core.job
2014-07-02 21:56 - 2014-07-02 21:56 - 02083840 _____ (Farbar) C:\Users\Johan\Desktop\FRST64.exe
2014-07-02 16:50 - 2014-07-02 16:50 - 00018976 _____ () C:\Users\Johan\Desktop\dds.txt
2014-07-02 16:50 - 2014-07-02 16:50 - 00005258 _____ () C:\Users\Johan\Desktop\attach.txt
2014-07-02 16:44 - 2014-07-02 16:44 - 00602112 _____ (OldTimer Tools) C:\Users\Johan\Desktop\OTL.exe
2014-07-02 16:43 - 2014-07-02 16:43 - 00688992 ____R (Swearware) C:\Users\Johan\Desktop\dds.scr
2014-07-02 16:38 - 2013-06-19 12:04 - 00004208 _____ () C:\Windows\System32\Tasks\Software Updater
2014-07-02 00:16 - 2014-07-02 00:16 - 00001749 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files\iTunes
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files\iPod
2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-01 13:00 - 2014-07-01 12:57 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\TS3Client
2014-06-30 09:34 - 2014-06-01 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-06-30 09:34 - 2014-06-01 18:29 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments
2014-06-30 09:34 - 2014-04-26 02:20 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-30 09:34 - 2014-04-26 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\fbwuser\AppData\Local\Torch
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\fbwuser\AppData\Local\Google
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\fbwuser\AppData\Local\Comodo
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator
2014-06-30 09:34 - 2013-12-15 23:05 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-30 09:34 - 2013-11-24 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LMMS 0.4.15
2014-06-30 09:34 - 2013-09-09 21:44 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-06-30 09:34 - 2013-04-02 17:29 - 00000000 ____D () C:\Program Files (x86)\alaplaya
2014-06-30 09:34 - 2012-10-12 14:47 - 00000000 ____D () C:\Users\Johan\.android
2014-06-30 09:34 - 2012-08-30 17:03 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-30 09:34 - 2012-08-30 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-30 09:34 - 2011-03-12 17:26 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-30 09:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-30 09:33 - 2011-04-20 09:27 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Mozilla
2014-06-30 09:33 - 2011-04-17 08:40 - 00000000 ____D () C:\Users\Johan\AppData\Local\Mozilla
2014-06-30 09:33 - 2011-02-21 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya
2014-06-30 09:32 - 2013-06-27 11:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-30 09:32 - 2011-09-08 13:42 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-06-29 01:59 - 2014-06-29 01:59 - 00000000 __SHD () C:\Users\Mr.SmitchFuckof12345\AppData\Local\EmieUserList
2014-06-29 01:59 - 2014-06-29 01:59 - 00000000 __SHD () C:\Users\Mr.SmitchFuckof12345\AppData\Local\EmieSiteList
2014-06-29 01:57 - 2014-06-29 01:57 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\CrashDumps
2014-06-29 01:57 - 2014-02-12 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2014-06-29 01:57 - 2011-02-21 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2014-06-29 01:39 - 2014-06-29 01:39 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Win7codecs
2014-06-29 01:39 - 2011-10-06 19:42 - 00000000 ____D () C:\ProgramData\Win7codecs
2014-06-28 18:34 - 2011-10-09 13:39 - 00000000 ____D () C:\Users\Johan\AppData\Local\Deployment
2014-06-28 14:46 - 2014-06-28 14:46 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Apple
2014-06-28 14:41 - 2014-06-28 14:41 - 00098840 _____ () C:\Users\Mr.SmitchFuckof12345\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-28 14:41 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\ArcSoft
2014-06-28 14:40 - 2014-06-28 14:40 - 00001387 _____ () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\ATI
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Apple Computer
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Adobe
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\PDFC
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\ATI
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\ArcSoft
2014-06-28 14:39 - 2014-06-28 14:39 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\VirtualStore
2014-06-28 14:37 - 2014-06-28 14:37 - 00000020 ___SH () C:\Users\Mr.SmitchFuckof12345\ntuser.ini
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Vorlagen
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Startmenü
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Netzwerkumgebung
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Lokale Einstellungen
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Eigene Dateien
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Druckumgebung
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Documents\Eigene Musik
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Documents\Eigene Bilder
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Verlauf
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Anwendungsdaten
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Anwendungsdaten
2014-06-27 19:07 - 2011-01-11 02:27 - 00699868 _____ () C:\Windows\system32\perfh007.dat
2014-06-27 19:07 - 2011-01-11 02:27 - 00149750 _____ () C:\Windows\system32\perfc007.dat
2014-06-27 19:07 - 2009-07-14 07:13 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-27 13:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2014-06-27 12:25 - 2013-04-29 20:31 - 00098840 _____ () C:\Users\Johan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-27 12:23 - 2013-04-29 20:30 - 00351032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-27 12:23 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-27 12:13 - 2013-07-18 14:19 - 00000000 ____D () C:\Program Files\Vuze
2014-06-27 11:43 - 2013-03-30 19:34 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Malwarebytes
2014-06-27 11:43 - 2013-03-30 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-27 11:43 - 2013-03-30 19:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-25 21:52 - 2011-10-22 19:06 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA
2014-06-25 21:52 - 2011-10-22 19:06 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core
2014-06-25 21:18 - 2011-02-24 21:32 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 21:18 - 2011-02-24 21:32 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-25 11:38 - 2011-04-15 19:28 - 00000000 ____D () C:\Users\Johan\AppData\Local\PMB Files
2014-06-24 01:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-22 22:32 - 2013-08-27 23:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-22 22:29 - 2011-02-22 18:34 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-22 22:28 - 2014-04-30 14:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-22 21:59 - 2013-03-07 21:35 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Azureus
2014-06-22 16:38 - 2014-06-22 16:38 - 00000000 ____D () C:\Program Files\VirtualDJ
2014-06-21 22:28 - 2011-10-13 17:14 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\ArcSoft
2014-06-21 17:05 - 2013-11-24 03:36 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\FlowStone
2014-06-17 16:21 - 2014-06-17 16:21 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-06-17 16:07 - 2014-06-17 16:07 - 00328984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00269080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00242968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00190744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-06-16 00:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-08 11:13 - 2014-06-22 15:50 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-22 15:50 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 13:34 - 2014-06-06 13:34 - 00029220 _____ () C:\Windows\SysWOW64\collectionCache.bnk
2014-06-05 12:42 - 2014-06-05 12:42 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\DigitalVolcano
2014-06-05 12:41 - 2014-06-05 12:41 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Free
2014-06-04 13:51 - 2011-09-08 13:41 - 00000000 ____D () C:\ProgramData\Apple
2014-06-04 12:55 - 2014-06-04 12:55 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-04 12:55 - 2014-06-04 12:55 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

Some content of TEMP:
====================
C:\Users\Johan\AppData\Local\temp\avgnt.exe
C:\Users\Johan\AppData\Local\temp\bassmod.dll
C:\Users\Johan\AppData\Local\temp\bitool.dll
C:\Users\Johan\AppData\Local\temp\dsp_ipp.dll
C:\Users\Johan\AppData\Local\temp\HssInstaller.exe
C:\Users\Johan\AppData\Local\temp\hsspk.exe
C:\Users\Johan\AppData\Local\temp\ildownloader_install.exe
C:\Users\Johan\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Johan\AppData\Local\temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Johan\AppData\Local\temp\MusicStationUninstall.exe
C:\Users\Johan\AppData\Local\temp\PCSpeedMaximizer.exe
C:\Users\Johan\AppData\Local\temp\SkypeSetup.exe
C:\Users\Johan\AppData\Local\temp\Tsu8B9F2206.dll
C:\Users\Johan\AppData\Local\temp\TUUUninstallHelper.exe
C:\Users\Johan\AppData\Local\temp\uninst1.exe
C:\Users\Johan\AppData\Local\temp\vlc-2.1.1-win64.exe
C:\Users\Johan\AppData\Local\temp\vlc-2.1.3-win64.exe
C:\Users\Mr.SmitchFuckof12345\AppData\Local\temp\avgnt.exe
C:\Users\Mr.Smith\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 00:02

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---







Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2014
Ran by Mr.Smith at 2014-07-04 17:08:28
Running from C:\Users\Johan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
AM Usb Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 8.1460.6366.1401 - Alcor)
AM Usb Card Reader Driver (x32 Version: 8.1460.6366.1401 - Alcor) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{3DDACE1F-3B1E-D6AB-CD3D-B6E987511945}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
Avira (HKLM-x32\...\{89ef9b48-b56b-48d8-b5c1-4eb9a5ca50cb}) (Version: 1.1.16.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.16.30000 - Avira Operations GmbH & Co. KG) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0825.2146.37182 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0825.2146.37182 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0202.2335.42270 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0825.2146.37182 - ATI Technologies, Inc.) Hidden
CCC Help English (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0825.2146.37182 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0825.2146.37182 - ATI) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2926 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2926 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{249d5ca2-4555-41b5-a112-d45aec69dffa}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Native Instruments Controller Editor (Version: 1.4.5.910 - Native Instruments) Hidden
Native Instruments Service Center (Version: 2.3.2.926 - Native Instruments) Hidden
Native Instruments Traktor 2 (Version: 2.5.0.13594 - Native Instruments) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30117 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2829 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
S4 League_EU (HKLM-x32\...\{EA1E6BB4-D075-4B39-A672-111F4250E039}) (Version: 1.00.0000 - )
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.0.9 - Shark007)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
x64 Components v3.0.9 (HKLM\...\x64 Components_is1) (Version: 3.0.9 - Shark007)

==================== Restore Points  =========================

01-07-2014 10:51:43 Windows Update
01-07-2014 21:52:47 Removed iTunes
01-07-2014 22:03:42 Removed iTunes
01-07-2014 22:12:20 Installed iTunes
01-07-2014 22:15:26 Installed iTunes
01-07-2014 22:36:22 Removed iTunes
01-07-2014 22:38:01 Removed iTunes
04-07-2014 11:16:33 Revo Uninstaller's restore point - Hotspot Shield 3.13
04-07-2014 11:18:57 Revo Uninstaller's restore point - Audacity 2.0.4
04-07-2014 11:20:15 Revo Uninstaller's restore point - Native Instruments Controller Editor
04-07-2014 11:29:17 Revo Uninstaller's restore point - Native Instruments Service Center
04-07-2014 11:32:23 Revo Uninstaller's restore point - Native Instruments Traktor 2
04-07-2014 11:33:18 Revo Uninstaller's restore point - LMMS 0.4.15
04-07-2014 13:09:40 Installed AVG 2014
04-07-2014 13:10:20 Installed AVG 2014

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-06-30 19:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {089CBD7F-CC0D-4B47-9BCD-CE1D2E96BFFA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core => C:\Users\Johan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22] (Google Inc.)
Task: {0C051BA2-B6D6-4D87-9088-739CB48EF607} - System32\Tasks\{FE17B7D3-48CE-434E-BC57-3BC8951B8C43} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/abandoninstall?page=tsProgressBar
Task: {12D9E4A3-4864-4C10-9894-10ACF7250B70} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24] (Google Inc.)
Task: {188B415F-655F-4222-8BC6-CC2BCAE36BFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24] (Google Inc.)
Task: {2236CBE0-6A68-4E86-8F38-FFF2CF1F9C43} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {23DBFB05-41B8-4085-9402-557E685D524F} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {2B2E54B4-E522-4A47-866A-43DB5983C2EE} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe
Task: {2C941380-53E5-40DD-A65A-FFC604F55FF9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {442E1823-CBBD-4AD9-A854-DDC6D66A91D6} - System32\Tasks\Windows Update Check - 0x05B00174 => C:\ProgramData\Chrome
Task: {56EBD6C1-6325-48FB-9D94-4C800135CA84} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe <==== ATTENTION
Task: {61AE60CE-BC28-4252-AEA8-9A0932B4F7D2} - System32\Tasks\{EE9E28EF-3ECF-4A00-B7DC-4C146F7E2330} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/abandoninstall?page=tsProgressBar
Task: {8B8D9280-2353-4CB6-A0FA-2E8E30332A54} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {ABFF5BEC-BE3D-4E95-9472-7852A5A985CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C3D0B2E2-1965-4891-9733-AA1A4E3DDA09} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2478615884-895137908-1883612811-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {C47539DC-F0BF-4DF2-87B1-749A354EC5C2} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe
Task: {C6B8ACE0-769B-42AD-89E2-042DF6C521F2} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2478615884-895137908-1883612811-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {C6BBBAE1-4913-479E-B265-5A556956D1DD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D234C94D-C19B-4A4C-8E03-F9B3DCF1EB99} - System32\Tasks\{CA8D8AF3-6A4F-4028-A05D-A5284F57379B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.115.161/de/abandoninstall?page=tsBing
Task: {DF9A9FA5-1D4D-49B5-B75F-B1D00FC408A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA => C:\Users\Johan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22] (Google Inc.)
Task: {E84B3B9C-A1F3-4D14-BE08-19F556C1B545} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core.job => C:\Users\Johan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA.job => C:\Users\Johan\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-06-18 14:31 - 2012-06-18 14:31 - 00084320 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2011-07-19 19:02 - 2011-07-19 19:02 - 00547160 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2011-07-19 19:02 - 2011-07-19 19:02 - 00065368 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2012-06-18 14:31 - 2012-06-18 14:31 - 00084320 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2011-07-19 19:02 - 2011-07-19 19:02 - 00547160 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
2010-08-04 15:58 - 2010-08-04 15:58 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-25 21:44 - 2010-08-25 21:44 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-30 12:08 - 2014-06-30 12:08 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-06-30 12:07 - 2014-06-30 12:07 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-06-22 16:10 - 2014-06-05 15:58 - 04217672 _____ () C:\Users\Johan\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-22 16:10 - 2014-06-05 15:58 - 00414536 _____ () C:\Users\Johan\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-22 16:10 - 2014-06-05 15:58 - 01732424 _____ () C:\Users\Johan\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-04-25 14:46 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Johan\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-25 14:46 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Johan\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-06-22 16:10 - 2014-06-05 15:58 - 14612296 _____ () C:\Users\Johan\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:AD022376

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: AntiVirSchedulerService => 2
MSCONFIG\Services: AntiVirService => 2
MSCONFIG\Services: AntiVirWebService => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SystemStoreService => 2
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Johan\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Johan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: Programmierbarer Interruptcontroller
Description: Programmierbarer Interruptcontroller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: hp CDDVDW TS-H653R SATA CdRom Device
Description: CD-ROM-Laufwerk
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-CD-ROM-Laufwerke)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Hochpräzisionsereigniszeitgeber
Description: Hochpräzisionsereigniszeitgeber
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2014 02:28:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.

Error: (07/04/2014 02:18:50 PM) (Source: Application Virtualization Client) (EventID: 3037) (User: )
Description: {tid=9B4}
Application Virtualization Client kann OfficeVirt 9014006604070000 nicht öffnen.

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (07/04/2014 00:14:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.


System errors:
=============
Error: (07/04/2014 02:18:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (07/04/2014 02:18:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/04/2014 02:18:38 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.

Error: (07/04/2014 00:04:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom

Error: (07/04/2014 00:04:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/04/2014 00:04:03 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.

Error: (07/04/2014 00:01:02 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/04/2014 00:01:02 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/04/2014 00:01:02 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/04/2014 11:32:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom


Microsoft Office Sessions:
=========================
Error: (07/04/2014 02:28:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.

Error: (07/04/2014 02:18:50 PM) (Source: Application Virtualization Client) (EventID: 3037) (User: )
Description: {tid=9B4}
OfficeVirt 9014006604070000

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}

Error: (07/04/2014 02:18:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Product {90140011-0066-0407-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...

Error: (07/04/2014 00:14:20 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Die Aktion kann nicht abgeschlossen werden. Versuchen Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.


CodeIntegrity Errors:
===================================
  Date: 2013-06-30 19:14:40.461
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-30 19:14:40.051
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-30 19:14:39.641
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-06-30 19:14:39.220
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-03 15:42:39.680
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-03 15:42:39.290
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-03 15:42:38.910
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-03 15:42:38.525
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-03 14:28:35.347
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-04-03 14:28:34.957
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 67%
Total physical RAM: 2815.29 MB
Available physical RAM: 920.98 MB
Total Pagefile: 5628.75 MB
Available Pagefile: 2911.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:455.71 GB) (Free:297.99 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.95 GB) (Free:1.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 3F1E2205)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Ich hoffe das sind die richtigen scans. Ich versuche eine log Datei zu erstellen bei Malwarebytes. Das Programm hängt sich auf und stürtzt ab.

Alt 04.07.2014, 17:40   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus oder Malware - Standard

Virus oder Malware



Zitat:
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
Sowas geht garnicht! Mindestens einer muss runter, schmeiß am besten beide runter, wenn wir hier durch sind, installierst du eine AV-Lösung!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.07.2014, 22:43   #13
Whais
 
Virus oder Malware - Standard

Virus oder Malware



Da avira am spinnen ist habe ich heute avg runtergeladen und dort einen scan gemacht der findet Viren. Avira dagegen fand nichts. Hab die runtergeschmissen jetzt.

Alt 05.07.2014, 23:17   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus oder Malware - Standard

Virus oder Malware



Schön, das der Viren findet. Noch schöner wär's wenn du das Logfile dazu postest. Damit man mal weiß was genau wo gefunden wurde.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.07.2014, 13:21   #15
Whais
 
Virus oder Malware - Standard

Virus oder Malware



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 07.07.2014
Suchlauf-Zeit: 12:52:56
Logdatei: 7.7.2014 malware scan.txt
Administrator: Nein

Version: 2.00.2.1012
Malware Datenbank: v2014.07.07.02
Rootkit Datenbank: v2014.07.03.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Johan

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 281986
Verstrichene Zeit: 12 Min, 1 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, , [4b63c3d9c8b34de9417a8b31b44ee61a], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 2
PUP.Optional.Extutil.A, C:\Users\Johan\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, , [2e804755abd03204da58f6bc34ceae52], 
PUP.Optional.Managera.A, C:\Users\Johan\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, , [afffa3f9afcc38fe44efb7fb52b0f808], 

Dateien: 15
PUP.Optional.Somoto, C:\Users\Johan\AppData\Local\Temp\bitool.dll, , [7e300399d8a32f073e2f1f7fe81950b0], 
PUP.Optional.Somoto, C:\Users\Johan\AppData\Local\Temp\nsf3F58.tmp, , [88266c3086f5f34320588896996b09f7], 
PUP.Optional.Somoto, C:\Users\Johan\AppData\Local\Temp\nsfE5B0.tmp, , [4f5fdfbd0e6d77bf95e34fcf7e8640c0], 
PUP.Optional.Somoto, C:\Users\Johan\AppData\Local\Temp\nsg1CB9.tmp, , [8628c0dc8ceff14582f6a07eb252ac54], 
PUP.Optional.Somoto, C:\Users\Johan\AppData\Local\Temp\nsk3CB5.tmp, , [2b83ff9d0e6d00363d3be8366a9a748c], 
PUP.Optional.Somoto, C:\Users\Johan\AppData\Local\Temp\nslD32E.tmp, , [16984755176425117ff9918da65e10f0], 
PUP.Optional.Somoto, C:\Users\Johan\AppData\Local\Temp\nsr19DC.tmp, , [535b8814c8b3e056ea8e51cdd43049b7], 
PUP.Optional.Iminent.A, C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, , [5f4ff2aade9d6ec8320d0fb4d42e33cd], 
PUP.Optional.Extutil.A, C:\Users\Johan\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, , [2e804755abd03204da58f6bc34ceae52], 
PUP.Optional.Extutil.A, C:\Users\Johan\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, , [2e804755abd03204da58f6bc34ceae52], 
PUP.Optional.Extutil.A, C:\Users\Johan\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, , [2e804755abd03204da58f6bc34ceae52], 
PUP.Optional.Managera.A, C:\Users\Johan\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, , [afffa3f9afcc38fe44efb7fb52b0f808], 
PUP.Optional.Managera.A, C:\Users\Johan\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, , [afffa3f9afcc38fe44efb7fb52b0f808], 
PUP.Optional.SweetPacks.A, C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (               "homepage_url": "hxxp://www.sweetpacks.com",), ,[7c321e7ee49710261d0ef2d34abaed13]
PUP.Optional.Conduit.A, C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\wjarvfn1.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPD36B0EF8-3392-4E33-9A47-071FD043B17D&SSPV=");), ,[d1dd0b91f2896bcbd4c6487cdd2728d8]

Physische Sektoren: 0
(No malicious items detected)


(end)
         

Antwort

Themen zu Virus oder Malware
akamai, bonjour, combofix, conduit search, conduit search entfernen, defender, flash player, google, homepage, iexplore.exe, mozilla, newtab, problem, pup.optional.conduit.a, pup.optional.datamangr.a, pup.optional.extutil.a, pup.optional.iminent.a, pup.optional.managera.a, pup.optional.somoto, pup.optional.sweetpacks.a, registry, services.exe, software, spotify web helper, teamspeak



Ähnliche Themen: Virus oder Malware


  1. Virus oder Impfstoff? WiFatch befällt Router und schützt vor Malware
    Nachrichten - 03.10.2015 (0)
  2. Schädlingsbefall Windows 8.1 Malware oder Virus
    Log-Analyse und Auswertung - 06.08.2015 (17)
  3. viren befall ?? oder malware oder unerwuenschte software ?? oder ....
    Plagegeister aller Art und deren Bekämpfung - 20.05.2015 (6)
  4. Windows 8.1: Ungewöhliches verhalten meines Computers - Virus/malware oder bin ich nur paranoid?
    Plagegeister aller Art und deren Bekämpfung - 02.02.2015 (1)
  5. Virus, Malware oder Trojaner
    Log-Analyse und Auswertung - 31.08.2013 (9)
  6. Virus/ Malware oder Trojaner? erstellt datein auf externer HDD
    Plagegeister aller Art und deren Bekämpfung - 22.05.2013 (2)
  7. Explorer_exe. Virus oder nicht (19 viren malware bytes gefunden)
    Log-Analyse und Auswertung - 16.01.2013 (4)
  8. (2x) PC wird immer langsamer und hängt sich auf Virus oder Malware ?
    Mülltonne - 14.06.2012 (1)
  9. SystemCheck - falsches Tools - Virus oder Malware??
    Plagegeister aller Art und deren Bekämpfung - 08.03.2012 (24)
  10. Virus oder Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.01.2012 (1)
  11. PC Probleme Virus oder Malware Logfiles sind ausgewertet
    Log-Analyse und Auswertung - 10.09.2010 (16)
  12. Habe ich einen Virus oder Malware oder sonstiges auf dem Rechner?
    Log-Analyse und Auswertung - 15.08.2010 (23)
  13. malware oder Virus?
    Plagegeister aller Art und deren Bekämpfung - 20.07.2010 (6)
  14. Virus oder unerwünschtes Programm 'HEUR/HTML.Malware' [heuristic]
    Plagegeister aller Art und deren Bekämpfung - 10.02.2010 (12)
  15. malware oder virus (k.a.)
    Log-Analyse und Auswertung - 12.12.2009 (25)
  16. Problem mit Virus oder Malware
    Log-Analyse und Auswertung - 23.01.2009 (12)
  17. Malware.trace network\UID Zlob oder doch anderer Virus?
    Plagegeister aller Art und deren Bekämpfung - 26.08.2008 (1)

Zum Thema Virus oder Malware - Guten Abend Forum, ich habe seit einiger zeit ein gewisses Problem das ich keine Admin Rechte mehr habe. Im Windows-TaskManager befinde sich unter der Leiste "Dienste" viele laufende Progamme die - Virus oder Malware...
Archiv
Du betrachtest: Virus oder Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.