Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner/Virus eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.09.2014, 19:36   #1
Lenjs
 
Trojaner/Virus eingefangen - Standard

Trojaner/Virus eingefangen



Hallo, ich hab ein Problem. Hab mir vor ca. 2 Tagen den " TR/Crypt.ZPACK.96184 eingefangen, quelle ist AvevrIvexe.dat (ka was das ist und woher das ist D. Hab ihn dann mit Avira einfach in Quarantäne verschoben und mich nicht genauer damit beschäftigt, wegen mangelnder Zeit. Auch jetzt hab ich nicht viel Zeit, also schnelle Antworten sind erwünscht! . Jetzt hab ich iwo gelesen, dass er den PC komplett sperren soll
Wie soll ich jetzt weiter vorgehen?
Lg

Alt 09.09.2014, 19:42   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner/Virus eingefangen - Standard

Trojaner/Virus eingefangen



hi,

Zitat:
Auch jetzt hab ich nicht viel Zeit, also schnelle Antworten sind erwünscht!
Bekommste in einem PC Laden, kostet 150 Euro die Stunde


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 09.09.2014, 19:54   #3
Lenjs
 
Trojaner/Virus eingefangen - Standard

Trojaner/Virus eingefangen



Hier die FRST :

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by leon (administrator) on LUCKYLILLY on 09-09-2014 19:49:32
Running from C:\Users\leon\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEPSON Connect\mepService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEPSON Connect\mep.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
() C:\Program Files (x86)\Tor\tor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Spotify Ltd) C:\Users\leon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILGE.EXE
(Akamai Technologies, Inc.) C:\Users\leon\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Akamai Technologies, Inc.) C:\Users\leon\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-08-22] (APN)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
HKU\S-1-5-21-1551278028-559688664-1127361995-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-30] (Google Inc.)
HKU\S-1-5-21-1551278028-559688664-1127361995-1001\...\Run: [Spotify] => C:\Users\leon\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-28] (Spotify Ltd)
HKU\S-1-5-21-1551278028-559688664-1127361995-1001\...\Run: [Spotify Web Helper] => C:\Users\leon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-28] (Spotify Ltd)
HKU\S-1-5-21-1551278028-559688664-1127361995-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILGE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1551278028-559688664-1127361995-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21652064 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1551278028-559688664-1127361995-1001\...\Run: [Akamai NetSession Interface] => C:\Users\leon\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1551278028-559688664-1127361995-1001\...\Run: [AvevrIvexe] => regsvr32.exe "
HKU\S-1-5-21-1551278028-559688664-1127361995-1001\...\MountPoints2: {9d42e743-739e-11e1-af9c-806e6f6e6963} - E:\Autorun.exe
BootExecute: 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=24.162.166.54:22644
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {2A22ED96-7D18-4682-AE50-BCE7F46EF86A} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3208939
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: rEalddealu -> {8F5202FD-5750-9B16-7BDD-3D00C2A20491} -> C:\ProgramData\rEalddealu\qRGaLWf8.x64.dll ()
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {B81767E1-672D-4DA1-B5CC-D277185815A6} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.145.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

FireFox:
========
FF ProfilePath: C:\Users\leon\AppData\Roaming\Mozilla\Firefox\Profiles\9qns1y8o.default-1393492484300
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\leon\AppData\Roaming\Mozilla\Firefox\Profiles\9qns1y8o.default-1393492484300\Extensions\staged [2014-05-23]
FF Extension: No Name - C:\Users\leon\AppData\Roaming\Mozilla\Firefox\Profiles\9qns1y8o.default-1393492484300\extensions\faststartff@gmail.com [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hp&ts=1408095557&from=smt&uid=HitachiXHDS721010DLE630_MSK5215H1EXRPG1EXRPGX
CHR StartupUrls: Default -> "hxxp://www.google.de/", "hxxp://www.istartsurf.com/?type=hp&ts=1408095557&from=smt&uid=HitachiXHDS721010DLE630_MSK5215H1EXRPG1EXRPGX"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-30]
CHR Extension: (Battlefield Heroes) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2013-10-11]
CHR Extension: (Adblock Plus) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-07-30]
CHR Extension: (Adblock for Youtube™) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2013-07-30]
CHR Extension: (Google-Suche) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-30]
CHR Extension: (Google Play Music) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-09-03]
CHR Extension: (Stylish) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2013-07-30]
CHR Extension: (Google Notizen – Notizen und Listen) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-01-03]
CHR Extension: (Google Play Music) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2014-09-03]
CHR Extension: (Downloads) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngbcgifdaopbfflfhbcfeomijfbbcadi [2013-07-30]
CHR Extension: (Google Wallet) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Blue Space Sunset Chrome Theme) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndfdjfoclbidmgpmbelcieibgjjfdog [2014-08-15]
CHR Extension: (Google Mail) - C:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-03]
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-09-03]
CHR HKCU\...\Chrome\Extension: [ccbgjfdieajmokelnlapbedknchgenne] - C:\Users\leon\AppData\Local\CRE\ccbgjfdieajmokelnlapbedknchgenne.crx [2014-09-03]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-09-03]
CHR HKLM-x32\...\Chrome\Extension: [ccbgjfdieajmokelnlapbedknchgenne] - C:\Users\leon\AppData\Local\CRE\ccbgjfdieajmokelnlapbedknchgenne.crx [2014-09-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-08-22] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-01] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-01] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-01] (BlueStack Systems, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S4 FreemiumSelfUpdateService; C:\Program Files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe [5686272 2012-09-26] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
R2 MyEPSON Connect Service; C:\Program Files (x86)\EPSON\MyEPSON Connect\mepService.exe [703616 2012-10-01] (SEIKO EPSON CORPORATION)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-05] ()
R2 SystemStore; C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [50176 2012-05-21] () [File not signed]
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-10] () [File not signed]
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-01] (Wondershare)
S3 asmthub3; C:\Windows\system32\drivers\asmthub3.sys [129000 2011-08-02] (ASMedia Technology Inc) [File not signed]
S3 asmtxhci; C:\Windows\system32\drivers\asmtxhci.sys [391144 2011-08-02] (ASMedia Technology Inc) [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-01] (BlueStack Systems)
R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [27648 2012-05-11] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [29672 2013-01-19] (REALiX(tm))
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 wolfkr; C:\AeriaGames\WolfTeam-DE\avital\wolfk64.sys [86352 2014-04-21] ()
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 19:49 - 2014-09-09 19:50 - 00023211 _____ () C:\Users\leon\Desktop\FRST.txt
2014-09-09 19:49 - 2014-09-09 19:49 - 00000000 ____D () C:\FRST
2014-09-09 19:48 - 2014-09-09 19:48 - 02105344 _____ (Farbar) C:\Users\leon\Downloads\FRST64.exe
2014-09-09 19:48 - 2014-09-09 19:48 - 02105344 _____ (Farbar) C:\Users\leon\Desktop\FRST64.exe
2014-09-07 14:50 - 2014-09-08 19:43 - 00000000 ____D () C:\ProgramData\AvevrIvexe
2014-09-06 15:59 - 2014-09-06 16:00 - 06651049 _____ () C:\Users\leon\Downloads\Diamond_Creeper50 (12).zip
2014-09-06 15:59 - 2014-08-13 12:23 - 04115267 _____ () C:\Users\leon\Desktop\Diamond_Creeper50 (9).zip
2014-09-06 14:06 - 2014-09-06 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-06 14:06 - 2014-09-06 14:06 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-02 17:17 - 2014-09-02 17:17 - 06609473 _____ () C:\Users\leon\Desktop\Diamond_Creeper50 (11).zip
2014-09-02 17:16 - 2014-09-02 17:17 - 06609473 _____ () C:\Users\leon\Downloads\Diamond_Creeper50 (11).zip
2014-09-02 16:21 - 2014-09-02 16:22 - 01356785 _____ () C:\Users\leon\Downloads\Diamond_Creeper50 (10).zip
2014-08-31 20:55 - 2014-08-31 20:57 - 29762786 _____ () C:\Users\leon\Downloads\[1.7]_R3D.CRAFT_SR-128x_v0.1.9.zip
2014-08-29 16:06 - 2014-08-29 16:08 - 00000000 ____D () C:\Users\leon\Desktop\Minecraft Backup
2014-08-28 14:07 - 2014-08-28 14:07 - 00000603 _____ () C:\Users\leon\Desktop\Minecraft mit Mods.mvc
2014-08-28 13:19 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 13:19 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 13:19 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 13:26 - 2014-08-27 13:26 - 00013830 _____ () C:\Users\leon\Desktop\notepad++ - Verknüpfung.lnk
2014-08-27 12:29 - 2014-08-27 12:29 - 00001304 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-08-27 12:29 - 2014-08-27 12:29 - 00001292 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-08-27 12:29 - 2014-08-27 12:29 - 00000000 ____D () C:\Program Files\paint.net
2014-08-27 12:28 - 2014-08-27 12:31 - 00000000 ____D () C:\Users\leon\AppData\Local\paint.net
2014-08-27 12:26 - 2014-08-27 12:26 - 06272852 _____ () C:\Users\leon\Downloads\paint.net.4.0.3.install.zip
2014-08-27 12:25 - 2014-08-27 12:25 - 01101648 _____ () C:\Users\leon\Downloads\Paint NET - CHIP-Installer.exe
2014-08-27 12:13 - 2014-08-27 12:13 - 04427604 _____ () C:\Users\leon\Downloads\5by5.zip
2014-08-23 11:18 - 2014-08-23 11:18 - 00000894 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-08-21 14:06 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-21 14:06 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-21 14:06 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-21 14:06 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-21 14:05 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-21 14:05 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-21 14:05 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-21 14:05 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-21 14:05 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-21 14:05 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-21 14:05 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-21 14:05 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-21 14:05 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-21 14:05 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-20 14:09 - 2014-08-20 14:10 - 08631280 _____ () C:\Users\leon\Downloads\OzoCraft-1.6.zip
2014-08-16 10:50 - 2014-09-07 14:09 - 00034507 _____ () C:\Users\leon\Desktop\debug.log
2014-08-16 10:13 - 2014-08-16 10:13 - 02772831 _____ () C:\Users\leon\Downloads\500JTS (1).zip
2014-08-15 21:11 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 21:11 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 21:11 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 21:11 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 21:11 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 21:11 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 21:11 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 21:11 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 19:21 - 2014-08-15 19:21 - 00000640 _____ () C:\Users\leon\Desktop\Minecraft_1_7_2 Shader, Better Sprinting usw..mvc
2014-08-15 18:35 - 2014-08-15 18:42 - 1912938979 _____ () C:\Users\leon\Documents\Minecraft_Backup_2014-15-08.mvc
2014-08-15 18:33 - 2014-08-15 18:33 - 00001107 _____ () C:\Users\Public\Desktop\Craften Terminal.lnk
2014-08-15 18:30 - 2014-08-15 18:32 - 23174515 _____ (Craften.de ) C:\Users\leon\Downloads\craftenterminal (1).exe
2014-08-15 17:21 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-15 17:20 - 2014-08-15 17:20 - 01356107 _____ () C:\Users\leon\Downloads\adwcleaner_3.305.exe
2014-08-15 11:54 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 11:54 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 11:54 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 11:54 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 11:54 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 11:54 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 11:54 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 11:54 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 11:54 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 11:54 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 11:54 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 11:54 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 11:53 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 11:53 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 11:53 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 11:53 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 11:53 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 11:53 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 11:53 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 11:53 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 11:53 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 11:52 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 11:52 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 11:52 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 11:52 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 11:52 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 11:52 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 11:52 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 11:52 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 11:52 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 11:52 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 11:52 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 11:52 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 11:52 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 11:52 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 11:52 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 11:52 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 11:52 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 11:52 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 11:52 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 11:52 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 11:52 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 11:52 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 11:52 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 11:52 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 11:52 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 11:52 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 11:52 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 11:52 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 11:52 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 11:52 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 11:52 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 11:52 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 11:52 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 11:52 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 11:52 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 11:52 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 11:52 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 11:52 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 11:52 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 11:52 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 11:52 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 11:52 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 11:52 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 11:52 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 11:52 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 11:52 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 11:52 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 11:52 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 11:52 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 11:52 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 11:52 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 11:52 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 11:52 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 11:52 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 11:52 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 11:52 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 11:52 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 11:52 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 11:52 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 11:47 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 11:47 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 11:47 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 11:47 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 11:39 - 2014-08-15 13:35 - 00001407 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-15 11:32 - 2014-08-15 11:33 - 06424632 _____ (ManiacTools.com ) C:\Users\leon\Downloads\m4a-to-mp3-81converter (2).exe
2014-08-15 11:27 - 2014-08-15 11:28 - 03470781 _____ () C:\Users\leon\Downloads\JBB 2014 [8tel-Finale 4-8 HR] - Aytee vs. Diverse (prod. by Epipto) (1).m4a
2014-08-14 14:33 - 2014-08-14 14:33 - 01705411 _____ () C:\Users\leon\Downloads\ENDER 2.2.zip
2014-08-13 12:22 - 2014-08-13 12:23 - 04115267 _____ () C:\Users\leon\Downloads\Diamond_Creeper50 (9).zip
2014-08-12 12:21 - 2014-08-12 12:21 - 09959536 _____ () C:\Users\leon\Downloads\Wrath of the Fallen 1.7.zip
2014-08-12 11:57 - 2014-08-12 11:57 - 04102598 _____ () C:\Users\leon\Downloads\Diamond_Creeper50 (8).zip
2014-08-12 11:07 - 2014-08-12 11:08 - 15629217 _____ () C:\Users\leon\Downloads\Diversity__v1.2.9_.zip
2014-08-11 20:58 - 2014-08-20 13:25 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-11 20:58 - 2014-08-11 20:58 - 00092536 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-11 20:58 - 2014-08-11 20:58 - 00092536 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-11 20:02 - 2014-08-11 20:03 - 00443183 _____ () C:\Users\leon\Downloads\NotEnoughItems-1.7.10-1.0.2.15-dev.jar
2014-08-11 17:42 - 2014-08-11 17:42 - 02995669 _____ () C:\Users\leon\Downloads\forge-1.7.10-10.13.0.1180-installer.jar
2014-08-11 17:26 - 2014-08-11 17:27 - 00640602 _____ () C:\Users\leon\Downloads\[1.7.2]DamageIndicatorsMod-3.1.2.jar
2014-08-11 12:52 - 2014-08-11 12:53 - 07373806 _____ () C:\Users\leon\Downloads\Herobrines Mansion 1.7.zip
2014-08-11 11:39 - 2014-08-11 11:39 - 01414049 _____ () C:\Users\leon\Downloads\Withers Challenge 1.6.zip
2014-08-11 11:38 - 2014-08-11 11:38 - 03772466 _____ () C:\Users\leon\Downloads\Diamond_Creeper50 (7).zip
2014-08-10 15:35 - 2014-08-10 15:36 - 03733118 _____ () C:\Users\leon\Downloads\Diamond_Creeper50 (6).zip
2014-08-10 14:27 - 2014-08-10 14:27 - 00112923 _____ () C:\Users\leon\Downloads\TooManyItems2014_01_13_1.7.2_Forge.jar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 19:50 - 2014-09-09 19:49 - 00023211 _____ () C:\Users\leon\Desktop\FRST.txt
2014-09-09 19:49 - 2014-09-09 19:49 - 00000000 ____D () C:\FRST
2014-09-09 19:48 - 2014-09-09 19:48 - 02105344 _____ (Farbar) C:\Users\leon\Downloads\FRST64.exe
2014-09-09 19:48 - 2014-09-09 19:48 - 02105344 _____ (Farbar) C:\Users\leon\Desktop\FRST64.exe
2014-09-09 19:30 - 2009-07-14 06:45 - 00017152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 19:30 - 2009-07-14 06:45 - 00017152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 19:28 - 2012-03-30 19:31 - 01640863 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 19:22 - 2013-03-27 21:57 - 00000000 ____D () C:\Users\leon\AppData\Roaming\Skype
2014-09-09 19:21 - 2013-09-28 18:16 - 00000000 ____D () C:\Users\leon\AppData\Roaming\Spotify
2014-09-09 19:20 - 2013-08-06 14:48 - 00000000 ____D () C:\Users\leon\AppData\Local\LogMeIn Hamachi
2014-09-09 19:18 - 2013-10-23 17:27 - 00049059 _____ () C:\Windows\setupact.log
2014-09-09 19:18 - 2012-01-24 01:22 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-08 19:43 - 2014-09-07 14:50 - 00000000 ____D () C:\ProgramData\AvevrIvexe
2014-09-08 19:24 - 2013-09-28 18:18 - 00000000 ____D () C:\Users\leon\AppData\Local\Spotify
2014-09-07 15:12 - 2013-01-21 19:54 - 00000000 ____D () C:\Users\leon\AppData\Roaming\TS3Client
2014-09-07 15:08 - 2013-05-18 14:40 - 00000000 ____D () C:\Users\leon\AppData\Roaming\.minecraft
2014-09-07 14:09 - 2014-08-16 10:50 - 00034507 _____ () C:\Users\leon\Desktop\debug.log
2014-09-07 14:09 - 2013-10-29 14:41 - 00000000 ____D () C:\Users\leon\AppData\Roaming\Craften Terminal
2014-09-06 16:00 - 2014-09-06 15:59 - 06651049 _____ () C:\Users\leon\Downloads\Diamond_Creeper50 (12).zip
2014-09-06 14:06 - 2014-09-06 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-06 14:06 - 2014-09-06 14:06 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-06 14:06 - 2014-08-08 18:30 - 00000930 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-09-02 17:17 - 2014-09-02 17:17 - 06609473 _____ () C:\Users\leon\Desktop\Diamond_Creeper50 (11).zip
2014-09-02 17:17 - 2014-09-02 17:16 - 06609473 _____ () C:\Users\leon\Downloads\Diamond_Creeper50 (11).zip
2014-09-02 17:17 - 2013-10-20 14:29 - 00000000 ____D () C:\Users\leon\Desktop\Alles Rund um Minecraft
2014-09-02 16:22 - 2014-09-02 16:21 - 01356785 _____ () C:\Users\leon\Downloads\Diamond_Creeper50 (10).zip
2014-09-02 14:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-01 19:06 - 2012-08-16 13:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-01 18:55 - 2014-02-01 14:09 - 00000000 ____D () C:\Users\leon\Desktop\FTB
2014-09-01 14:31 - 2013-03-27 21:56 - 00000000 ____D () C:\ProgramData\Skype
2014-08-31 20:57 - 2014-08-31 20:55 - 29762786 _____ () C:\Users\leon\Downloads\[1.7]_R3D.CRAFT_SR-128x_v0.1.9.zip
2014-08-29 16:08 - 2014-08-29 16:06 - 00000000 ____D () C:\Users\leon\Desktop\Minecraft Backup
2014-08-29 15:47 - 2009-07-14 06:45 - 00356256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 14:07 - 2014-08-28 14:07 - 00000603 _____ () C:\Users\leon\Desktop\Minecraft mit Mods.mvc
2014-08-27 15:12 - 2013-12-24 17:50 - 00017920 ___SH () C:\Users\leon\Thumbs.db
2014-08-27 13:26 - 2014-08-27 13:26 - 00013830 _____ () C:\Users\leon\Desktop\notepad++ - Verknüpfung.lnk
2014-08-27 12:31 - 2014-08-27 12:28 - 00000000 ____D () C:\Users\leon\AppData\Local\paint.net
2014-08-27 12:29 - 2014-08-27 12:29 - 00001304 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-08-27 12:29 - 2014-08-27 12:29 - 00001292 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-08-27 12:29 - 2014-08-27 12:29 - 00000000 ____D () C:\Program Files\paint.net
2014-08-27 12:26 - 2014-08-27 12:26 - 06272852 _____ () C:\Users\leon\Downloads\paint.net.4.0.3.install.zip
2014-08-27 12:25 - 2014-08-27 12:25 - 01101648 _____ () C:\Users\leon\Downloads\Paint NET - CHIP-Installer.exe
2014-08-27 12:13 - 2014-08-27 12:13 - 04427604 _____ () C:\Users\leon\Downloads\5by5.zip
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 11:34 - 2014-06-19 13:27 - 00000000 ____D () C:\Users\leon\Documents\Nexus Mod Manager
2014-08-23 11:18 - 2014-08-23 11:18 - 00000894 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-08-23 11:18 - 2014-06-22 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-08-23 11:18 - 2014-06-22 14:39 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-08-23 04:07 - 2014-08-28 13:19 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 13:19 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 13:19 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 14:10 - 2014-08-20 14:09 - 08631280 _____ () C:\Users\leon\Downloads\OzoCraft-1.6.zip
2014-08-20 13:25 - 2014-08-11 20:58 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-20 13:25 - 2013-08-07 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-20 13:25 - 2013-08-07 13:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-20 13:25 - 2012-10-17 15:19 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-16 10:13 - 2014-08-16 10:13 - 02772831 _____ () C:\Users\leon\Downloads\500JTS (1).zip
2014-08-16 09:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 21:22 - 2013-07-16 21:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 21:17 - 2011-07-18 22:31 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 21:10 - 2014-05-02 21:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 19:21 - 2014-08-15 19:21 - 00000640 _____ () C:\Users\leon\Desktop\Minecraft_1_7_2 Shader, Better Sprinting usw..mvc
2014-08-15 18:46 - 2014-08-05 14:32 - 00000000 ____D () C:\Users\leon\Desktop\Alben
2014-08-15 18:42 - 2014-08-15 18:35 - 1912938979 _____ () C:\Users\leon\Documents\Minecraft_Backup_2014-15-08.mvc
2014-08-15 18:33 - 2014-08-15 18:33 - 00001107 _____ () C:\Users\Public\Desktop\Craften Terminal.lnk
2014-08-15 18:33 - 2013-10-29 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Craften Terminal
2014-08-15 18:33 - 2013-10-29 14:41 - 00000000 ____D () C:\Program Files (x86)\Craften Terminal
2014-08-15 18:32 - 2014-08-15 18:30 - 23174515 _____ (Craften.de ) C:\Users\leon\Downloads\craftenterminal (1).exe
2014-08-15 18:26 - 2014-08-05 00:12 - 00000000 ____D () C:\Users\leon\Desktop\Hypercam Endergames
2014-08-15 18:26 - 2013-07-30 22:20 - 00000000 ___RD () C:\Users\leon\Desktop\Systemoptimierung
2014-08-15 17:25 - 2013-06-24 18:50 - 00186398 _____ () C:\Windows\PFRO.log
2014-08-15 17:22 - 2013-09-10 16:56 - 00000000 ____D () C:\AdwCleaner
2014-08-15 17:20 - 2014-08-15 17:20 - 01356107 _____ () C:\Users\leon\Downloads\adwcleaner_3.305.exe
2014-08-15 13:39 - 2014-01-12 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2014-08-15 13:39 - 2014-01-12 18:59 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2014-08-15 13:35 - 2014-08-15 11:39 - 00001407 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-15 13:35 - 2014-02-27 11:13 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-15 13:35 - 2013-05-22 18:04 - 00001437 _____ () C:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-15 13:31 - 2014-05-03 20:42 - 00000000 ____D () C:\Program Files (x86)\iExplorer
2014-08-15 11:39 - 2013-07-30 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-15 11:38 - 2014-04-30 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
2014-08-15 11:38 - 2014-04-30 19:10 - 00000000 ____D () C:\Program Files (x86)\Free M4a to MP3 Converter
2014-08-15 11:33 - 2014-08-15 11:32 - 06424632 _____ (ManiacTools.com ) C:\Users\leon\Downloads\m4a-to-mp3-81converter (2).exe
2014-08-15 11:28 - 2014-08-15 11:27 - 03470781 _____ () C:\Users\leon\Downloads\JBB 2014 [8tel-Finale 4-8 HR] - Aytee vs. Diverse (prod. by Epipto) (1).m4a
2014-08-14 14:33 - 2014-08-14 14:33 - 01705411 _____ () C:\Users\leon\Downloads\ENDER 2.2.zip
2014-08-13 12:23 - 2014-09-06 15:59 - 04115267 _____ () C:\Users\leon\Desktop\Diamond_Creeper50 (9).zip
2014-08-13 12:23 - 2014-08-13 12:22 - 04115267 _____ () C:\Users\leon\Downloads\Diamond_Creeper50 (9).zip
2014-08-12 12:21 - 2014-08-12 12:21 - 09959536 _____ () C:\Users\leon\Downloads\Wrath of the Fallen 1.7.zip
2014-08-12 11:57 - 2014-08-12 11:57 - 04102598 _____ () C:\Users\leon\Downloads\Diamond_Creeper50 (8).zip
2014-08-12 11:08 - 2014-08-12 11:07 - 15629217 _____ () C:\Users\leon\Downloads\Diversity__v1.2.9_.zip
2014-08-11 20:58 - 2014-08-11 20:58 - 00092536 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-11 20:58 - 2014-08-11 20:58 - 00092536 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-11 20:03 - 2014-08-11 20:02 - 00443183 _____ () C:\Users\leon\Downloads\NotEnoughItems-1.7.10-1.0.2.15-dev.jar
2014-08-11 20:00 - 2013-09-13 18:22 - 00007597 _____ () C:\Users\leon\AppData\Local\Resmon.ResmonCfg
2014-08-11 17:42 - 2014-08-11 17:42 - 02995669 _____ () C:\Users\leon\Downloads\forge-1.7.10-10.13.0.1180-installer.jar
2014-08-11 17:27 - 2014-08-11 17:26 - 00640602 _____ () C:\Users\leon\Downloads\[1.7.2]DamageIndicatorsMod-3.1.2.jar
2014-08-11 12:53 - 2014-08-11 12:52 - 07373806 _____ () C:\Users\leon\Downloads\Herobrines Mansion 1.7.zip
2014-08-11 11:39 - 2014-08-11 11:39 - 01414049 _____ () C:\Users\leon\Downloads\Withers Challenge 1.6.zip
2014-08-11 11:38 - 2014-08-11 11:38 - 03772466 _____ () C:\Users\leon\Downloads\Diamond_Creeper50 (7).zip
2014-08-10 15:36 - 2014-08-10 15:35 - 03733118 _____ () C:\Users\leon\Downloads\Diamond_Creeper50 (6).zip
2014-08-10 14:27 - 2014-08-10 14:27 - 00112923 _____ () C:\Users\leon\Downloads\TooManyItems2014_01_13_1.7.2_Forge.jar

Some content of TEMP:
====================
C:\Users\leon\AppData\Local\Temp\58FH.dll
C:\Users\leon\AppData\Local\Temp\6_Offer_18.exe
C:\Users\leon\AppData\Local\Temp\app.exe
C:\Users\leon\AppData\Local\Temp\avgnt.exe
C:\Users\leon\AppData\Local\Temp\DownloadManager.exe
C:\Users\leon\AppData\Local\Temp\jansi-64-git-Bukkit-jenkins-CraftBukkit-173.dll
C:\Users\leon\AppData\Local\Temp\java-installer.exe
C:\Users\leon\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\leon\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\leon\AppData\Local\Temp\Nexus%20Mod%20Manager-0.51.0.exe
C:\Users\leon\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\leon\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\leon\AppData\Local\Temp\nvStInst.exe
C:\Users\leon\AppData\Local\Temp\Quarantine.exe
C:\Users\leon\AppData\Local\Temp\setup.exe
C:\Users\leon\AppData\Local\Temp\smt_istartsurf_140814.exe
C:\Users\leon\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\leon\AppData\Local\Temp\vstub.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-09-02 17:30

==================== End Of Log ============================
         
--- --- ---

--- --- ---


___________________________________
Und hier die Addition :

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by leon at 2014-09-09 19:50:44
Running from C:\Users\leon\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
ALDI SÜD Mah Jong (HKLM-x32\...\ALDI SÜD Mah Jong) (Version:  - )
ALLBenchmark 1.0 BETA18 (HKLM\...\{41EE0CB2-75DE-4FE0-AEB2-4CBC30624FA6}_is1) (Version: 1.0 BETA18 - ALLCinema Ltd.)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcaniA - Gothic 4 (HKLM-x32\...\{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1) (Version:  - Nordic Games GmbH)
Arctic Combat (HKLM-x32\...\Steam App 212370) (Version:  - )
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C1001}) (Version: 12.16.1.1671 - APN, LLC)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{4C02AFA8-074D-44FE-B0E1-A73D4AA65390}) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brick-Force (HKLM-x32\...\{9853ABB2-6416-4C87-8650-DD8E528FF564}}_is1) (Version: 2.12.256.51.62 - Infernum Productions AG)
BumpTop (HKLM-x32\...\{71702641-2849-45A4-8E62-4B85974B24A0}_is1) (Version: 2.1.6211 - Bump Technologies, Inc.)
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
Craften Terminal 4.0.2 (HKLM-x32\...\{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1) (Version: 4.0.2 - Craften.de)
CursorFX (HKLM-x32\...\CursorFX2.11) (Version: 2.11 - Stardock Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1817_38674 - CyberLink Corp.)
CyberLink MediaEspresso (x32 Version: 6.5.1817_38674 - CyberLink Corp.) Hidden
CyberLink PhotoDirector 2011 (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2430 - CyberLink Corp.)
CyberLink PhotoDirector 2011 (x32 Version: 2.0.2430 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.2408 - CyberLink Corp.)
CyberLink PowerDVD Copy (x32 Version: 1.5.2408 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.4125 - CyberLink Corp.)
CyberLink PowerRecover (x32 Version: 5.5.4125 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
diclovit's mod pack 1.8.1 (HKLM-x32\...\{28B1238E-1C18-4637-A2B7-95315E94EB29}_is1) (Version: 1.8.1 - diclovit)
Die*Sims*Mittelalter (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 2.0.113 - Electronic Arts)
Dragon's Prophet (HKLM-x32\...\{C31556D7-F2B9-4787-B223-F7A035067E89}_is1) (Version: 1.2.1241.10 - Infernum Productions AG)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-215 217 Series Printer Uninstall (HKLM\...\EPSON XP-215 217 Series) (Version:  - SEIKO EPSON Corporation)
Epson-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
F1 2011 (HKLM-x32\...\Steam App 44360) (Version:  - )
F1 2012 (HKLM-x32\...\Steam App 208500) (Version:  - Codemasters)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Haunt 1.0 64bit (HKCU\...\Haunt 1.0 64bit) (Version:  - )
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LEGO Star Wars (HKLM-x32\...\InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}) (Version: 1.00.0000 - Ihr Firmenname)
LEGO Star Wars (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
LIMBO Demo (HKLM-x32\...\Steam App 48010) (Version:  - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
Logon Screen (HKLM\...\{1730D13B-7517-4321-A88B-64627CF67CDC}_is1) (Version:  - Daniel Rebelo)
Mad Riders (HKLM-x32\...\Steam App 208860) (Version:  - )
Malwarebytes Anti-Malware Version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.3.2.1000 - Maxthon International Limited)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.3216 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7943 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Combat Flight Simulator (HKLM-x32\...\Combat Flight Simulator 1.00) (Version:  - )
Microsoft Flight (HKLM-x32\...\Steam App 203850) (Version:  - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MinecraftAlpha (HKLM-x32\...\MinecraftAlpha) (Version:  - )
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyEPSON Portal (HKLM-x32\...\MyEPSON Connect) (Version:  - SEIKO EPSON Corporation)
MyEPSON Portal (x32 Version: 1.0.4.0 - SEIKO EPSON CORPORATION) Hidden
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1229 - Electronic Arts)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.51.0 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.5 - )
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Overwolf (HKLM-x32\...\{48615A7B-F026-4F62-A3F1-49001B8E21CB}) (Version: 0.44.256 - Overwolf)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Paranormal - CLOSED BETA 7.0 (HKLM\...\UDK-6000adce-d3eb-476f-a316-75be4231ed1b) (Version:  - Epic Games, Inc.)
PCSUITE SHREDDER (HKLM-x32\...\PCSUITE_SHREDDER_PRO_is1) (Version:  - Markement GmbH)
phase-6 2.3.1d (HKLM-x32\...\phase-6) (Version: 2.3.1d - phase-6)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Portal: First Slice (HKLM-x32\...\Steam App 410) (Version:  - Valve)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Ravaged (HKLM-x32\...\Steam App 96300) (Version:  - )
Rayman Origins Demo (HKLM-x32\...\Steam App 207510) (Version:  - )
rEalddealu (HKLM-x32\...\{730C1F02-ABB6-7601-60ED-659A59700742}) (Version:  - reaulldaEal)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version:  - )
Red Orchestra 2: Heroes of Stalingrad Beta (HKLM-x32\...\Steam App 104320) (Version:  - )
Rising Storm Beta (HKLM-x32\...\Steam App 224780) (Version:  - )
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - )
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Lord of the Rings Online™ (HKLM-x32\...\Steam App 212500) (Version:  - )
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
TOGGO PC-Spielebox 3 (HKLM-x32\...\{33A0EF0C-A1A1-49C6-A5FF-E75507A41CF3}) (Version: 1.00.0000 - )
TubeBox (HKLM-x32\...\{58a26b11-1507-4461-bb28-9c2be3a0dff1}) (Version: 1.0.0.0 - Freetec)
TubeBox (x32 Version: 4.0.0.0 - Freetec) Hidden
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WolfTeam-DE (HKLM-x32\...\WolfTeam-DE) (Version:  - )
World of Tanks - Common Test (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1) (Version:  - Wargaming.net)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
XMedia Recode Version 3.1.6.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.6.9 - XMedia Recode)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-08-2014 09:35:47 Windows Update
21-08-2014 12:04:34 Windows Update
22-08-2014 09:39:11 Windows Update
27-08-2014 10:28:53 paint.net v4.0.3
28-08-2014 11:19:17 Windows Update
28-08-2014 20:10:49 Windows Update
02-09-2014 13:48:11 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1D557000-67A4-475B-9674-AD72857F167B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-30] (Google Inc.)
Task: {2851AE21-9F82-496F-8C99-8C14A64E2443} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {8BA40855-8DE3-49DB-90E0-0FBB62CA42FB} - System32\Tasks\PC Performer Manager => Sc.exe start PC Performer Manager
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {AFC72BC2-ADE8-42FF-A420-EC2E445B2E53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-30] (Google Inc.)
Task: {B38AC53D-0EB9-46C8-B3F5-5F8048DFECA5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DC84F6AF-C5CF-4C7A-A34F-4798546FFF02} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {FF05CFEE-70F1-4602-B363-0E7F8B3C2B06} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-215 217 Series Invitation {6DD0C5FC-E0D8-4A0F-A5E1-5DF2315571D7}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE
Task: C:\Windows\Tasks\EPSON XP-215 217 Series Update {6DD0C5FC-E0D8-4A0F-A5E1-5DF2315571D7}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6c2dfa186453.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RunOW.job => C:\Program Files (x86)\Overwolf\Overwolf.exe
Task: C:\Windows\Tasks\VStart{A37B472A-8335-449F-9568-43ECC2907F06}.job => C:\Users\leon\AppData\Local\Temp\vstub.exe

==================== Loaded Modules (whitelisted) =============

2012-01-24 01:22 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-19 19:33 - 2014-01-05 16:11 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-05-21 15:42 - 2012-05-21 15:42 - 00050176 _____ () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
2013-09-02 16:16 - 2013-09-10 16:44 - 03233806 _____ () C:\Program Files (x86)\Tor\tor.exe
2012-05-21 15:42 - 2012-05-21 15:42 - 00020480 _____ () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.Infrastructure.dll
2014-08-05 12:58 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\leon\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-05-14 21:13 - 2014-05-08 01:29 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
2014-05-14 21:13 - 2014-05-08 01:29 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
2014-05-14 21:13 - 2014-05-08 01:29 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll
2014-05-14 21:13 - 2014-05-08 01:29 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll
2014-05-14 21:13 - 2014-05-08 01:29 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
2014-05-14 21:13 - 2014-05-08 01:29 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
2014-08-16 12:36 - 2014-08-16 12:36 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e1dca04e43d05aff13c672a916b3e8ef\IsdiInterop.ni.dll
2012-01-24 00:47 - 2011-05-20 20:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: FreemiumSelfUpdateService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BumpTop.lnk => C:\Windows\pss\BumpTop.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^watchmi tray.lnk => C:\Windows\pss\watchmi tray.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: GamingKeyboard => "C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MedionReminder => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent                                                                                                                                                                                                                         
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2014 07:24:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TBNotifier.exe, Version: 31.10.1.0, Zeitstempel: 0x53f53368
Name des fehlerhaften Moduls: TBNotifier.exe, Version: 31.10.1.0, Zeitstempel: 0x53f53368
Ausnahmecode: 0x40000015
Fehleroffset: 0x0011486c
ID des fehlerhaften Prozesses: 0xd50
Startzeit der fehlerhaften Anwendung: 0xTBNotifier.exe0
Pfad der fehlerhaften Anwendung: TBNotifier.exe1
Pfad des fehlerhaften Moduls: TBNotifier.exe2
Berichtskennung: TBNotifier.exe3

Error: (09/09/2014 07:18:18 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (09/08/2014 07:46:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TBNotifier.exe, Version: 31.10.1.0, Zeitstempel: 0x53f53368
Name des fehlerhaften Moduls: TBNotifier.exe, Version: 31.10.1.0, Zeitstempel: 0x53f53368
Ausnahmecode: 0x40000015
Fehleroffset: 0x0011486c
ID des fehlerhaften Prozesses: 0x12c8
Startzeit der fehlerhaften Anwendung: 0xTBNotifier.exe0
Pfad der fehlerhaften Anwendung: TBNotifier.exe1
Pfad des fehlerhaften Moduls: TBNotifier.exe2
Berichtskennung: TBNotifier.exe3

Error: (09/08/2014 07:19:59 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (09/07/2014 01:47:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TBNotifier.exe, Version: 31.10.1.0, Zeitstempel: 0x53f53368
Name des fehlerhaften Moduls: TBNotifier.exe, Version: 31.10.1.0, Zeitstempel: 0x53f53368
Ausnahmecode: 0x40000015
Fehleroffset: 0x0011486c
ID des fehlerhaften Prozesses: 0x1344
Startzeit der fehlerhaften Anwendung: 0xTBNotifier.exe0
Pfad der fehlerhaften Anwendung: TBNotifier.exe1
Pfad des fehlerhaften Moduls: TBNotifier.exe2
Berichtskennung: TBNotifier.exe3

Error: (09/07/2014 01:39:42 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (09/06/2014 03:59:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm javaw.exe, Version 7.0.450.18 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f80

Startzeit: 01cfc9d9d6a9f0d0

Endzeit: 2564

Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe

Berichts-ID:

Error: (09/06/2014 03:50:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm javaw.exe, Version 7.0.450.18 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b80

Startzeit: 01cfc9d80986e854

Endzeit: 521

Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe

Berichts-ID: ac03ffee-35cc-11e4-973e-8c89a5a3345e

Error: (09/06/2014 03:38:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TBNotifier.exe, Version: 31.10.1.0, Zeitstempel: 0x53f53368
Name des fehlerhaften Moduls: TBNotifier.exe, Version: 31.10.1.0, Zeitstempel: 0x53f53368
Ausnahmecode: 0x40000015
Fehleroffset: 0x0011486c
ID des fehlerhaften Prozesses: 0x134c
Startzeit der fehlerhaften Anwendung: 0xTBNotifier.exe0
Pfad der fehlerhaften Anwendung: TBNotifier.exe1
Pfad des fehlerhaften Moduls: TBNotifier.exe2
Berichtskennung: TBNotifier.exe3

Error: (09/06/2014 02:11:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Craften Terminal.exe, Version 4.0.5339.19286 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 163c

Startzeit: 01cfc9cb65eaf203

Endzeit: 14

Anwendungspfad: C:\Program Files (x86)\Craften Terminal\Craften Terminal.exe

Berichts-ID: c83ede22-35be-11e4-973e-8c89a5a3345e


System errors:
=============
Error: (09/09/2014 07:30:48 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{5FDEDADD-6F28-4D36-BCAE-1F7B6B0DE51A}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (09/08/2014 08:20:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (09/07/2014 01:58:44 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{BD929A00-050D-4801-9945-F1CB817E8371}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (09/07/2014 01:57:43 PM) (Source: BROWSER) (EventID: 8020) (User: )
Description: Der Suchdienst konnte sich nicht selbst zur Funktion als Hauptsuchdienst heraufstufen.
Der Computer, der zurzeit die Funktion als Hauptsuchdienst erfüllt, ist unbekannt.

Error: (09/07/2014 01:41:58 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 25.103.76.62
registriert werden. Der Computer mit IP-Adresse 25.79.3.125 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (09/06/2014 02:11:41 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (09/06/2014 02:07:49 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ZOCKER-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{BD929A00-050D-4801-9945-F1CB817E8371}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (09/06/2014 02:06:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (09/06/2014 02:05:18 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 25.103.76.62
registriert werden. Der Computer mit IP-Adresse 25.79.3.125 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (09/05/2014 02:55:36 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{5FDEDADD-6F28-4D36-BCAE-1F7B6B0DE51A}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.


Microsoft Office Sessions:
=========================
Error: (09/09/2014 07:24:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TBNotifier.exe31.10.1.053f53368TBNotifier.exe31.10.1.053f53368400000150011486cd5001cfcc521ddb3adcC:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exeC:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe2fd0916f-3846-11e4-b6d5-8c89a5a3345e

Error: (09/09/2014 07:18:18 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (09/08/2014 07:46:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TBNotifier.exe31.10.1.053f53368TBNotifier.exe31.10.1.053f53368400000150011486c12c801cfcb89a1d8049bC:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exeC:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe04e6b729-3780-11e4-b3c1-8c89a5a3345e

Error: (09/08/2014 07:19:59 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (09/07/2014 01:47:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TBNotifier.exe31.10.1.053f53368TBNotifier.exe31.10.1.053f53368400000150011486c134401cfca908623a33bC:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exeC:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exec621e655-3684-11e4-be12-8c89a5a3345e

Error: (09/07/2014 01:39:42 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (09/06/2014 03:59:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: javaw.exe7.0.450.18f8001cfc9d9d6a9f0d02564C:\Program Files\Java\jre7\bin\javaw.exe

Error: (09/06/2014 03:50:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: javaw.exe7.0.450.181b8001cfc9d80986e854521C:\Program Files\Java\jre7\bin\javaw.exeac03ffee-35cc-11e4-973e-8c89a5a3345e

Error: (09/06/2014 03:38:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TBNotifier.exe31.10.1.053f53368TBNotifier.exe31.10.1.053f53368400000150011486c134c01cfc9cadc88db45C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exeC:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe0a174e4c-35cb-11e4-973e-8c89a5a3345e

Error: (09/06/2014 02:11:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Craften Terminal.exe4.0.5339.19286163c01cfc9cb65eaf20314C:\Program Files (x86)\Craften Terminal\Craften Terminal.exec83ede22-35be-11e4-973e-8c89a5a3345e


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 62%
Total physical RAM: 3061.64 MB
Available physical RAM: 1155.78 MB
Total Pagefile: 7155.82 MB
Available Pagefile: 4217.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:880.41 GB) (Free:318.92 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:27.1 GB) NTFS
Drive e: (TSimsM) (CDROM) (Total:5.11 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 58F6BA5B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=880.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
         
Du siehst jetzt zwar was ich alles drauf hab, aber es gibt eig. nichts zu verheimlichen^^ Und ich glaube nicht, dass in dem log iwelche Passwörter stehen...

Hoffentlich kannst du damit was anfangen und mir helfen,
LG
__________________

Geändert von Lenjs (09.09.2014 um 20:23 Uhr)

Alt 10.09.2014, 12:59   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner/Virus eingefangen - Standard

Trojaner/Virus eingefangen



Keine Panik, da stehen keine Passwörter oder ähnliches drin.

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.09.2014, 19:51   #5
Lenjs
 
Trojaner/Virus eingefangen - Standard

Trojaner/Virus eingefangen



Ok, ich werd das jetzt machen, aber ich will vorher noch was sagen:
Als ich jetzt den PC gestartet hab kam folgende Fehlermeldung:
" RegSvr32
Fehler beim Laden des Moduls "".

Stellen Sie sicher, dass die Binärdatei am angegebenen Pfad gespeichert ist, oder debuggen sie die Datei, um Probleme mit der binären Datei oder abhängigen DLL-Dateien auszuschließen.

Das angegebene Modul wurde nicht gefunden. "

Die Logs kommen gleich

~~Edit~~
Ich hab avira deaktiviert, combofix meinte allerdings dass es noch aktiviert ist, deswegen hab ich es einfach deinstalliert. Auch danach meinte combifix noch, avira wäre aktiv. Ich hab dann einfach auf Ok gedrückt. Während dem Scan gab es keine weiteren Probleme.

Hier der Log:
Code:
ATTFilter
ComboFix 14-09-11.01 - leon 10.09.2014  20:15:12.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3062.1383 [GMT 2:00]
ausgeführt von:: c:\users\leon\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
c:\users\leon\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\leon\AppData\Roaming\.#
c:\users\leon\AppData\Roaming\.#\MBX@1020@1FD2740.###
c:\users\leon\AppData\Roaming\.#\MBX@1020@1FD2770.###
c:\users\leon\AppData\Roaming\.#\MBX@17EC@302740.###
c:\users\leon\AppData\Roaming\.#\MBX@17EC@302770.###
c:\users\leon\AppData\Roaming\.#\MBX@54C@2132740.###
c:\users\leon\AppData\Roaming\.#\MBX@54C@2132770.###
c:\users\leon\AppData\Roaming\.#\MBX@B44@252740.###
c:\users\leon\AppData\Roaming\.#\MBX@B44@252770.###
c:\users\leon\AppData\Roaming\Mozilla\Firefox\Profiles\9qns1y8o.default-1393492484300\extensions\staged\jmgjzo@hupuaaii.org
c:\users\leon\AppData\Roaming\Mozilla\Firefox\Profiles\9qns1y8o.default-1393492484300\extensions\staged\jmgjzo@hupuaaii.org\bootstrap.js
c:\users\leon\AppData\Roaming\Mozilla\Firefox\Profiles\9qns1y8o.default-1393492484300\extensions\staged\jmgjzo@hupuaaii.org\chrome.manifest
c:\users\leon\AppData\Roaming\Mozilla\Firefox\Profiles\9qns1y8o.default-1393492484300\extensions\staged\jmgjzo@hupuaaii.org\content\bg.js
c:\users\leon\AppData\Roaming\Mozilla\Firefox\Profiles\9qns1y8o.default-1393492484300\extensions\staged\jmgjzo@hupuaaii.org\install.rdf
c:\users\leon\AppData\Roaming\technic-launcher.jar
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-08-10 bis 2014-09-10  ))))))))))))))))))))))))))))))
.
.
2014-09-09 17:49 . 2014-09-09 17:51	--------	d-----w-	C:\FRST
2014-09-07 12:50 . 2014-09-08 17:43	--------	d-----w-	c:\programdata\AvevrIvexe
2014-09-06 12:06 . 2014-09-06 12:06	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2014-09-05 13:07 . 2014-08-21 03:43	11319192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7E7063D-0383-4083-9C94-B791822014E2}\mpengine.dll
2014-09-01 12:31 . 2014-09-01 12:31	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-08-28 11:19 . 2014-08-23 02:07	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-08-28 11:19 . 2014-08-23 01:45	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2014-08-28 11:19 . 2014-08-23 00:59	3163648	----a-w-	c:\windows\system32\win32k.sys
2014-08-27 10:29 . 2014-08-27 10:29	--------	d-----w-	c:\program files\paint.net
2014-08-27 10:28 . 2014-08-27 10:31	--------	d-----w-	c:\users\leon\AppData\Local\paint.net
2014-08-21 12:06 . 2014-05-14 16:23	44512	----a-w-	c:\windows\system32\wups2.dll
2014-08-21 12:06 . 2014-05-14 16:23	58336	----a-w-	c:\windows\system32\wuauclt.exe
2014-08-21 12:06 . 2014-05-14 16:23	2477536	----a-w-	c:\windows\system32\wuaueng.dll
2014-08-21 12:06 . 2014-05-14 16:21	2620928	----a-w-	c:\windows\system32\wucltux.dll
2014-08-21 12:05 . 2014-05-14 16:23	38880	----a-w-	c:\windows\system32\wups.dll
2014-08-21 12:05 . 2014-05-14 16:23	36320	----a-w-	c:\windows\SysWow64\wups.dll
2014-08-21 12:05 . 2014-05-14 16:23	700384	----a-w-	c:\windows\system32\wuapi.dll
2014-08-21 12:05 . 2014-05-14 16:23	581600	----a-w-	c:\windows\SysWow64\wuapi.dll
2014-08-21 12:05 . 2014-05-14 16:20	97792	----a-w-	c:\windows\system32\wudriver.dll
2014-08-21 12:05 . 2014-05-14 16:17	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2014-08-21 12:05 . 2014-05-14 07:23	198600	----a-w-	c:\windows\system32\wuwebv.dll
2014-08-21 12:05 . 2014-05-14 07:23	179656	----a-w-	c:\windows\SysWow64\wuwebv.dll
2014-08-21 12:05 . 2014-05-14 07:20	36864	----a-w-	c:\windows\system32\wuapp.exe
2014-08-21 12:05 . 2014-05-14 07:17	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2014-08-15 19:11 . 2014-03-09 21:48	171160	----a-w-	c:\windows\system32\infocardapi.dll
2014-08-15 19:11 . 2014-03-09 21:48	1389208	----a-w-	c:\windows\system32\icardagt.exe
2014-08-15 19:11 . 2014-03-09 21:47	99480	----a-w-	c:\windows\SysWow64\infocardapi.dll
2014-08-15 19:11 . 2014-03-09 21:47	619672	----a-w-	c:\windows\SysWow64\icardagt.exe
2014-08-15 19:11 . 2014-06-30 22:24	8856	----a-w-	c:\windows\system32\icardres.dll
2014-08-15 19:11 . 2014-06-30 22:14	8856	----a-w-	c:\windows\SysWow64\icardres.dll
2014-08-15 19:11 . 2014-06-06 06:16	35480	----a-w-	c:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 19:11 . 2014-06-06 06:12	35480	----a-w-	c:\windows\system32\TsWpfWrp.exe
2014-08-15 15:21 . 2010-08-30 06:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-08-15 09:54 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDYAK.DLL
2014-08-15 09:54 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDTAT.DLL
2014-08-15 09:54 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDRU1.DLL
2014-08-15 09:54 . 2014-07-09 02:03	6656	----a-w-	c:\windows\system32\KBDRU.DLL
2014-08-15 09:54 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDBASH.DLL
2014-08-15 09:54 . 2014-07-09 01:31	7168	----a-w-	c:\windows\SysWow64\KBDYAK.DLL
2014-08-15 09:54 . 2014-07-09 01:31	6656	----a-w-	c:\windows\SysWow64\KBDBASH.DLL
2014-08-15 09:53 . 2014-07-16 03:23	2048	----a-w-	c:\windows\system32\tzres.dll
2014-08-15 09:53 . 2014-07-16 02:46	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-08-15 09:53 . 2014-06-03 10:02	3241984	----a-w-	c:\windows\system32\msi.dll
2014-08-15 09:53 . 2014-06-03 10:02	1941504	----a-w-	c:\windows\system32\authui.dll
2014-08-15 09:53 . 2014-06-03 09:29	2363392	----a-w-	c:\windows\SysWow64\msi.dll
2014-08-15 09:53 . 2014-06-03 09:29	1805824	----a-w-	c:\windows\SysWow64\authui.dll
2014-08-15 09:53 . 2014-06-03 10:02	112064	----a-w-	c:\windows\system32\consent.exe
2014-08-15 09:53 . 2014-06-03 10:02	504320	----a-w-	c:\windows\system32\msihnd.dll
2014-08-15 09:53 . 2014-06-03 09:29	337408	----a-w-	c:\windows\SysWow64\msihnd.dll
2014-08-15 09:47 . 2014-07-14 02:02	1216000	----a-w-	c:\windows\system32\rpcrt4.dll
2014-08-15 09:47 . 2014-07-14 01:40	664064	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2014-08-15 09:47 . 2014-08-07 02:06	529920	----a-w-	c:\windows\system32\aepdu.dll
2014-08-15 09:47 . 2014-08-07 02:01	424448	----a-w-	c:\windows\system32\aeinv.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-28 11:07 . 2011-03-29 01:36	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-25 04:53 . 2010-11-21 03:27	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-08-15 19:17 . 2011-07-18 20:31	99218768	----a-w-	c:\windows\system32\MRT.exe
2014-07-25 14:01 . 2014-08-03 15:35	1291280	----a-w-	c:\windows\SysWow64\nvspbridge.dll
2014-07-25 14:01 . 2014-08-03 15:35	1126480	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-07-25 14:01 . 2014-08-03 15:35	1715224	----a-w-	c:\windows\system32\nvspbridge64.dll
2014-07-25 14:01 . 2014-08-03 15:35	1283136	----a-w-	c:\windows\system32\nvspcap64.dll
2014-07-22 13:14 . 2014-07-22 13:14	137376	----a-w-	c:\windows\system32\vcomp120.dll
2014-07-15 12:00 . 2013-08-07 11:30	42040	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-07-03 15:42 . 2013-08-07 11:29	117712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-07-02 21:29 . 2014-08-03 15:31	31520	----a-w-	c:\windows\system32\nvhdap64.dll
2014-07-02 21:29 . 2014-08-03 15:31	197408	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2014-07-02 21:29 . 2012-01-23 23:22	1515296	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2014-07-02 20:48 . 2014-08-03 15:31	846832	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2014-07-02 20:48 . 2014-08-03 15:31	354016	----a-w-	c:\windows\system32\nvoglshim64.dll
2014-07-02 20:48 . 2014-08-03 15:31	31512520	----a-w-	c:\windows\system32\nvoglv64.dll
2014-07-02 20:48 . 2014-08-03 15:31	305600	----a-w-	c:\windows\SysWow64\nvoglshim32.dll
2014-07-02 20:48 . 2014-08-03 15:31	24196896	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2014-07-02 20:48 . 2014-08-03 15:31	16122344	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2014-07-02 20:48 . 2014-08-03 15:31	13922752	----a-w-	c:\windows\system32\nvopencl.dll
2014-07-02 20:48 . 2014-08-03 15:31	11283344	----a-w-	c:\windows\SysWow64\nvopencl.dll
2014-07-02 20:48 . 2014-08-03 15:31	944928	----a-w-	c:\windows\system32\NvIFR64.dll
2014-07-02 20:48 . 2014-08-03 15:31	907096	----a-w-	c:\windows\SysWow64\NvIFR.dll
2014-07-02 20:48 . 2014-08-03 15:31	903624	----a-w-	c:\windows\system32\NvFBC64.dll
2014-07-02 20:48 . 2014-08-03 15:31	869152	----a-w-	c:\windows\SysWow64\NvFBC.dll
2014-07-02 20:48 . 2014-08-03 15:31	4247000	----a-w-	c:\windows\system32\nvcuvid.dll
2014-07-02 20:48 . 2014-08-03 15:31	3989960	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2014-07-02 20:48 . 2014-08-03 15:31	22994208	----a-w-	c:\windows\system32\nvcompiler.dll
2014-07-02 20:48 . 2014-08-03 15:31	1890080	----a-w-	c:\windows\system32\nvdispco6434052.dll
2014-07-02 20:48 . 2014-08-03 15:31	17555104	----a-w-	c:\windows\system32\nvd3dumx.dll
2014-07-02 20:48 . 2014-08-03 15:31	166568	----a-w-	c:\windows\system32\nvinitx.dll
2014-07-02 20:48 . 2014-08-03 15:31	1539928	----a-w-	c:\windows\system32\nvdispgenco6434052.dll
2014-07-02 20:48 . 2014-08-03 15:31	15294296	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2014-07-02 20:48 . 2014-08-03 15:31	146480	----a-w-	c:\windows\SysWow64\nvinit.dll
2014-07-02 20:48 . 2014-08-03 15:31	13835208	----a-w-	c:\windows\system32\nvcuda.dll
2014-07-02 20:48 . 2014-08-03 15:31	12866008	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2014-07-02 20:48 . 2014-08-03 15:31	11222048	----a-w-	c:\windows\SysWow64\nvcuda.dll
2014-07-02 20:48 . 2013-02-25 22:32	2814656	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2013-02-25 22:32	14498552	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2014-07-02 20:48 . 2013-02-25 22:32	3196816	----a-w-	c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2013-02-25 22:32	965312	----a-w-	c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2013-02-25 22:32	18626304	----a-w-	c:\windows\system32\nvwgf2umx.dll
2014-07-02 18:55 . 2012-01-23 23:22	6783776	----a-w-	c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2012-01-23 23:22	3522392	----a-w-	c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2012-01-23 23:22	935368	----a-w-	c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2012-01-23 23:22	62808	----a-w-	c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2012-01-23 23:22	386520	----a-w-	c:\windows\system32\nvmctray.dll
2014-07-02 18:55 . 2012-01-23 23:22	2559960	----a-w-	c:\windows\system32\nvsvcr.dll
2014-07-02 17:44 . 2014-08-03 15:34	609240	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2014-07-02 10:14 . 2012-09-18 12:22	3826628	----a-w-	c:\windows\system32\nvcoproc.bin
2014-06-18 02:18 . 2014-07-10 14:06	692736	----a-w-	c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-10 14:06	646144	----a-w-	c:\windows\SysWow64\osk.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-30 39408]
"Spotify"="c:\users\leon\AppData\Roaming\Spotify\Spotify.exe" [2014-08-28 6621752]
"Spotify Web Helper"="c:\users\leon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-08-28 1245752]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATILGE.EXE" [2013-01-23 297024]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-24 21652064]
"Akamai NetSession Interface"="c:\users\leon\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-05 751184]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-09-04 3802448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	\0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wolfkr;wolfkr;c:\aeriagames\WolfTeam-DE\avital\wolfk64.sys;c:\aeriagames\WolfTeam-DE\avital\wolfk64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R4 FreemiumSelfUpdateService;Freemium Self Update Service;c:\program files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe;c:\program files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 MyEPSON Connect Service;MyEPSON Connect Service;c:\program files (x86)\EPSON\MyEPSON Connect\mepService.exe;c:\program files (x86)\EPSON\MyEPSON Connect\mepService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 SystemStore;System Store;c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe;c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [x]
S2 tor;Tor Win32 Service;c:\program files (x86)\Tor\tor.exe;c:\program files (x86)\Tor\tor.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 GameKB;SHARKOON Skiller;c:\windows\system32\drivers\GameKB.sys;c:\windows\SYSNATIVE\drivers\GameKB.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-14 19:09	1077576	----a-w-	c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-15 22:20]
.
2014-01-12 c:\windows\Tasks\EPSON XP-215 217 Series Invitation {6DD0C5FC-E0D8-4A0F-A5E1-5DF2315571D7}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2014-01-12 16:20]
.
2014-01-12 c:\windows\Tasks\EPSON XP-215 217 Series Update {6DD0C5FC-E0D8-4A0F-A5E1-5DF2315571D7}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2014-01-12 16:20]
.
2014-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf6c2dfa186453.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-30 17:33]
.
2013-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-30 17:33]
.
2013-09-14 c:\windows\Tasks\RunOW.job
- c:\program files (x86)\Overwolf\Overwolf.exe [2013-08-22 13:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F5202FD-5750-9B16-7BDD-3D00C2A20491}]
2014-05-23 15:47	403968	----a-w-	c:\programdata\rEalddealu\qRGaLWf8.x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=24.162.166.54:22644
uSearchAssistant = hxxp://www.google.com
Trusted Zone: aeriagames.com
FF - ProfilePath - c:\users\leon\AppData\Roaming\Mozilla\Firefox\Profiles\9qns1y8o.default-1393492484300\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AvevrIvexe - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
WebBrowser-{B81767E1-672D-4DA1-B5CC-D277185815A6} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ALDI SÜD Mah Jong - c:\windows\system32\Uninstall ALDI SÜD Mah Jong.exe
AddRemove-phase-6 - c:\users\leon\Desktop\phase-6\uninstall.exe
AddRemove-_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83} - c:\program files (x86)\Corel\CorelDRAW Essentials X5\Setup\SetupARP.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\EPSON\MyEPSON Connect\mep.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\BlueStacks\HD-Service.exe
c:\program files (x86)\BlueStacks\HD-Network.exe
c:\program files (x86)\BlueStacks\HD-BlockDevice.exe
c:\program files (x86)\BlueStacks\HD-SharedFolder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-10  20:33:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-09-10 18:33
.
Vor Suchlauf: 18 Verzeichnis(se), 343.025.823.744 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 343.335.559.168 Bytes frei
.
- - End Of File - - 771FE0154FA2B5BD7DE19A26038D741F
         
Hoffentlich kannst du was brauchbares finden und mir helfen, Danke

LG


Geändert von Lenjs (10.09.2014 um 20:48 Uhr) Grund: Logs

Alt 11.09.2014, 12:21   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner/Virus eingefangen - Standard

Trojaner/Virus eingefangen



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Trojaner/Virus eingefangen

Alt 23.09.2014, 17:42   #7
Lenjs
 
Trojaner/Virus eingefangen - Standard

Trojaner/Virus eingefangen



Ok danke für deine Hilfe, hab ihn aber zu nem Experten gebracht und der hat ihn runter gekriegt Trotzdem danke

Wenn dass hier ein Admin sieht, kann er bitte den Thread löschen? Wegen den Logs...

Alt 24.09.2014, 11:41   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Trojaner/Virus eingefangen - Standard

Trojaner/Virus eingefangen



1) nen Experten? Hast Du hier auch . Die meisten "Experten" draussen in den PC Läden haben absoult keinen Schimmer was Malware angeht. Aber ist ja dein Rechner

2) werden keine Logs gelöscht. Hast du auch zugestimmt beim Bestätigen der Forenregeln
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Trojaner/Virus eingefangen
antworten, avira, beschäftigt, einfach, eingefangen, erwünscht, gefangen, gen, komplett, quara, quarantäne, quelle, schnelle, sperre, sperren, tagen, tr/crypt.zpack.96184, troja, trojaner/virus, verschoben, vorgehen, worte



Ähnliche Themen: Trojaner/Virus eingefangen


  1. Wahrscheinlich DHL-Virus/Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 29.05.2015 (2)
  2. BKA Trojaner Virus mit Windows lock eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.03.2013 (21)
  3. Evtl. Virus oder Trojaner eingefangen
    Log-Analyse und Auswertung - 04.02.2013 (24)
  4. BKA Trojaner/Virus GVU Version 2.11 eingefangen
    Log-Analyse und Auswertung - 23.01.2013 (1)
  5. Virus oder Trojaner eingefangen
    Log-Analyse und Auswertung - 18.01.2013 (1)
  6. GVU Virus/Trojaner eingefangen: 48h per Paysafecard bezahlen
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (5)
  7. GUV Virus bzw. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 24.09.2012 (2)
  8. 50€ Trojaner/Virus eingefangen :(
    Log-Analyse und Auswertung - 13.02.2012 (6)
  9. Virus/Trojaner über ICQ eingefangen
    Plagegeister aller Art und deren Bekämpfung - 10.11.2010 (1)
  10. Trojaner oder Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.07.2010 (5)
  11. Virus Trojaner eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 18.01.2010 (1)
  12. Virus oder Trojaner eingefangen!!
    Plagegeister aller Art und deren Bekämpfung - 06.02.2009 (3)
  13. Virus oder Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 08.01.2009 (0)
  14. Trojaner/Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 28.01.2008 (6)
  15. Virus/Trojaner eingefangen beim WOW update
    Plagegeister aller Art und deren Bekämpfung - 20.06.2007 (1)
  16. Virus/Trojaner eingefangen, zum ersten mal!
    Plagegeister aller Art und deren Bekämpfung - 15.04.2007 (18)
  17. Virus Trojaner eingefangen, bitte um hilfe
    Plagegeister aller Art und deren Bekämpfung - 09.03.2006 (4)

Zum Thema Trojaner/Virus eingefangen - Hallo, ich hab ein Problem. Hab mir vor ca. 2 Tagen den " TR/Crypt.ZPACK.96184 eingefangen, quelle ist AvevrIvexe.dat (ka was das ist und woher das ist D . Hab ihn - Trojaner/Virus eingefangen...
Archiv
Du betrachtest: Trojaner/Virus eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.