Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Toolbar Malware (https://www.trojaner-board.de/148291-toolbar-malware.html)

xNato 20.01.2014 17:29
Toolbar Malware
 
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 04
Ran by Jan (administrator) on JAN-PC on 20-01-2014 17:28:39
Running from C:\Users\Jan\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-03] (Realtek Semiconductor)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-06-11] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2413128 2010-06-11] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-06-11] (Logitech Inc.)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-20] (AVAST Software)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: 221.10.102.199:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0C0AtA0D0DtAtA0CyByEtN0D0Tzu0SyCzyyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1974270314&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0C0AtA0D0DtAtA0CyByEtN0D0Tzu0SyCzyyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1974270314&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyD0C0AtA0D0DtAtA0CyByEtN0D0Tzu0SyCzyyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1974270314&ir=
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Programme\MS-Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\MS-Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - D:\Programme\MS-Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Programme\MS-Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR Extension: (Google Docs) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-24]
CHR Extension: (Google Drive) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-24]
CHR Extension: (YouTube) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-24]
CHR Extension: (Google-Suche) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-24]
CHR Extension: (avast! Online Security) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-26]
CHR Extension: (Hedgehog in the fog) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg [2013-11-27]
CHR Extension: (Google Wallet) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]
CHR Extension: (Google Mail) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-20]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-20] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-08] ()
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-01-19] ()
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133120 2012-02-02] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [138768 2012-01-03] (MSI)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-24] ()

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-20] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-20] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-01-11] (DT Soft Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-02] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-02] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-02] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-01-20] ()
S3 MSICDSetup; \??\H:\CDriver64.sys [x]
S3 NTIOLib_1_0_C; \??\H:\NTIOLib_X64.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-20 17:28 - 2014-01-20 17:28 - 00012917 _____ C:\Users\Jan\Downloads\FRST.txt
2014-01-20 17:24 - 2014-01-20 17:24 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-01-20 17:19 - 2014-01-20 17:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-20 17:19 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-20 17:02 - 2014-01-20 17:07 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-20 17:02 - 2014-01-20 17:02 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-20 17:02 - 2014-01-20 17:02 - 00000000 ____D C:\Users\Jan\AppData\Roaming\AVAST Software
2014-01-20 16:54 - 2014-01-20 16:54 - 02076672 _____ (Farbar) C:\Users\Jan\Downloads\FRST64.exe
2014-01-20 16:54 - 2014-01-20 16:54 - 00000000 ____D C:\FRST
2014-01-19 22:45 - 2014-01-19 22:45 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-01-19 22:35 - 2014-01-19 22:53 - 00000000 ____D C:\AdwCleaner
2014-01-19 22:35 - 2014-01-19 22:35 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Malwarebytes
2014-01-19 22:35 - 2014-01-19 22:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 22:10 - 2014-01-19 22:21 - 00000000 ____D C:\Program Files (x86)\Stellar Phoenix Photo Recovery
2014-01-19 22:08 - 2014-01-19 22:08 - 00000000 ____D C:\Users\Jan\.android
2014-01-19 21:59 - 2014-01-19 21:59 - 00000000 ____D C:\Program Files (x86)\Convar
2014-01-19 20:14 - 1998-06-18 00:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL
2014-01-18 22:27 - 2014-01-18 22:27 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-01-16 16:17 - 2014-01-16 16:17 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 16:04 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 16:04 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 16:04 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 16:04 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 16:04 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 16:04 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 16:04 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 16:04 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 16:04 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 20:56 - 2014-01-12 20:56 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-12 20:56 - 2014-01-12 20:56 - 00000000 ____D C:\Program Files\WinRAR
2014-01-12 20:49 - 2014-01-16 16:18 - 00000000 ____D C:\ProgramData\Oracle
2014-01-12 20:49 - 2014-01-16 16:17 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-12 20:49 - 2014-01-12 20:49 - 00000000 ____D C:\ProgramData\Sun
2014-01-12 20:49 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-12 20:49 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-12 20:49 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-12 20:49 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-12 13:21 - 2014-01-12 13:21 - 04126711 _____ C:\Users\Jan\Downloads\dreamboxedit_setup.exe.zip
2014-01-12 13:17 - 2014-01-12 13:18 - 04188532 _____ C:\Users\Jan\Downloads\dcc296.zip
2014-01-11 16:27 - 2014-01-11 16:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-11 16:26 - 2014-01-11 16:26 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2014-01-11 16:26 - 2014-01-11 16:26 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-11 15:32 - 2014-01-11 15:32 - 00000000 __RHD C:\MSOCache
2014-01-11 15:21 - 2014-01-11 15:21 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-01-11 15:20 - 2014-01-11 15:20 - 00000000 ____D C:\Windows\PCHEALTH
2014-01-11 15:20 - 2014-01-11 15:20 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2014-01-11 15:20 - 2014-01-11 15:20 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2014-01-11 15:20 - 2014-01-11 15:20 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-11 15:20 - 2014-01-11 15:20 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2014-01-11 15:20 - 2014-01-11 15:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2014-01-11 15:19 - 2014-01-15 16:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-11 15:19 - 2014-01-11 15:19 - 00000000 ____D C:\Users\Jan\AppData\Local\Microsoft Help
2014-01-11 15:19 - 2014-01-11 15:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2014-01-11 15:17 - 2014-01-11 15:19 - 00000000 ____D C:\Users\Jan\AppData\Roaming\DAEMON Tools Pro
2014-01-11 15:17 - 2014-01-11 15:17 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-01-11 15:17 - 2014-01-11 15:17 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2014-01-11 15:16 - 2014-01-11 15:19 - 00000000 ____D C:\ProgramData\DAEMON Tools Pro
2014-01-11 15:07 - 2014-01-11 15:07 - 00000000 ____D C:\ProgramData\DAEMON Tools Ult
2014-01-11 15:05 - 2014-01-11 15:07 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Ultra
2014-01-11 14:58 - 2014-01-11 14:58 - 00000000 ____D C:\Users\Jan\AppData\Roaming\DAEMON Tools Ult
2014-01-11 14:57 - 2014-01-11 14:57 - 00000000 ____D C:\Users\Jan\AppData\Local\Disc_Soft_Ltd
2014-01-11 14:55 - 2014-01-11 15:07 - 00000000 ____D C:\ProgramData\DAEMON Tools Ultra
2014-01-11 14:55 - 2014-01-11 14:56 - 00000000 ____D C:\Users\Jan\AppData\Roaming\DAEMON Tools Ultra
2014-01-09 12:37 - 2014-01-09 12:37 - 00000000 ____D C:\Users\Jan\AppData\Local\DayZCommander
2014-01-09 12:36 - 2014-01-10 21:38 - 00000000 ____D C:\Program Files (x86)\Dotjosh Studios
2014-01-09 12:36 - 2014-01-09 12:36 - 00001345 _____ C:\Users\Public\Desktop\DayZ Commander.lnk
2014-01-09 12:34 - 2014-01-09 12:34 - 00000000 ____D C:\Users\Jan\AppData\Local\ArmA 2
2014-01-08 15:34 - 2013-12-19 21:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-01-08 15:34 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-01-08 15:34 - 2013-11-28 14:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-01-08 15:34 - 2013-11-28 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-01-08 15:34 - 2013-11-22 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-01-08 15:08 - 2014-01-08 15:08 - 00000000 ____D C:\Program Files (x86)\Six Networks
2014-01-08 14:58 - 2014-01-10 21:38 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-01-08 14:56 - 2014-01-09 21:05 - 00000000 ____D C:\Users\Jan\AppData\Local\ArmA 2 OA
2014-01-08 14:56 - 2014-01-08 14:56 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio
2014-01-08 14:54 - 2014-01-10 21:38 - 00000000 ____D C:\Users\Jan\Documents\arma 2
2014-01-08 14:52 - 2014-01-08 15:08 - 00000000 ____D C:\Users\Jan\AppData\Local\SIX Networks
2014-01-08 14:52 - 2014-01-08 14:52 - 00000000 ____D C:\Users\Jan\AppData\Roaming\SIX Networks
2014-01-08 14:52 - 2014-01-08 14:52 - 00000000 ____D C:\Users\Jan\AppData\Local\IsolatedStorage
2014-01-08 14:52 - 2014-01-08 14:52 - 00000000 ____D C:\ProgramData\SIX Networks
2014-01-08 02:40 - 2014-01-17 13:09 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-08 00:59 - 2014-01-08 00:59 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-08 00:57 - 2014-01-08 00:57 - 00000000 ____D C:\Users\Jan\AppData\Local\SmartTechnology
2014-01-08 00:55 - 2014-01-08 01:11 - 00000000 ____D C:\Program Files\SmartTechnology
2014-01-07 12:36 - 2014-01-07 12:40 - 00000000 ____D C:\Users\Public\Documents\Speedbit
2014-01-02 20:21 - 2014-01-02 20:23 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Notepad++
2014-01-02 20:21 - 2014-01-02 20:21 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-01-02 20:21 - 2014-01-02 20:21 - 00000000 ____D C:\Program Files (x86)\Notepad++

==================== One Month Modified Files and Folders =======

2014-01-20 17:28 - 2014-01-20 17:28 - 00012917 _____ C:\Users\Jan\Downloads\FRST.txt
2014-01-20 17:28 - 2013-11-24 12:52 - 01965478 _____ C:\Windows\WindowsUpdate.log
2014-01-20 17:24 - 2014-01-20 17:24 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-01-20 17:24 - 2013-11-26 18:47 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-20 17:24 - 2013-11-25 13:22 - 00023808 _____ C:\Windows\setupact.log
2014-01-20 17:24 - 2013-11-24 13:53 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-20 17:24 - 2013-11-24 13:05 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-01-20 17:24 - 2010-11-21 04:47 - 00247410 _____ C:\Windows\PFRO.log
2014-01-20 17:24 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-20 17:19 - 2014-01-20 17:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-20 17:07 - 2014-01-20 17:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-20 17:02 - 2014-01-20 17:02 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-20 17:02 - 2014-01-20 17:02 - 00000000 ____D C:\Users\Jan\AppData\Roaming\AVAST Software
2014-01-20 17:02 - 2013-11-24 18:35 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-20 17:01 - 2013-11-24 18:34 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-20 16:59 - 2009-07-14 05:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-20 16:59 - 2009-07-14 05:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-20 16:57 - 2013-11-26 18:47 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-20 16:57 - 2013-11-24 21:48 - 00699416 _____ C:\Windows\system32\perfh007.dat
2014-01-20 16:57 - 2013-11-24 21:48 - 00149556 _____ C:\Windows\system32\perfc007.dat
2014-01-20 16:57 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-20 16:54 - 2014-01-20 16:54 - 02076672 _____ (Farbar) C:\Users\Jan\Downloads\FRST64.exe
2014-01-20 16:54 - 2014-01-20 16:54 - 00000000 ____D C:\FRST
2014-01-19 23:01 - 2013-11-24 18:35 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2014-01-19 22:53 - 2014-01-19 22:35 - 00000000 ____D C:\AdwCleaner
2014-01-19 22:45 - 2014-01-19 22:45 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-01-19 22:35 - 2014-01-19 22:35 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Malwarebytes
2014-01-19 22:35 - 2014-01-19 22:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 22:21 - 2014-01-19 22:10 - 00000000 ____D C:\Program Files (x86)\Stellar Phoenix Photo Recovery
2014-01-19 22:08 - 2014-01-19 22:08 - 00000000 ____D C:\Users\Jan\.android
2014-01-19 22:08 - 2013-11-24 12:53 - 00000000 ____D C:\Users\Jan
2014-01-19 21:59 - 2014-01-19 21:59 - 00000000 ____D C:\Program Files (x86)\Convar
2014-01-19 20:22 - 2013-11-24 13:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-19 20:03 - 2013-11-24 18:12 - 00000000 ____D C:\Program Files (x86)\Origin
2014-01-18 22:27 - 2014-01-18 22:27 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-01-18 21:52 - 2013-11-24 19:34 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-18 21:35 - 2013-11-24 19:34 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2014-01-17 13:09 - 2014-01-08 02:40 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-16 18:28 - 2013-11-24 13:48 - 00111520 _____ C:\Users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-16 16:18 - 2014-01-12 20:49 - 00000000 ____D C:\ProgramData\Oracle
2014-01-16 16:17 - 2014-01-16 16:17 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 16:17 - 2014-01-12 20:49 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-15 16:19 - 2009-07-14 05:45 - 00441160 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 16:08 - 2014-01-11 15:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 16:08 - 2013-11-24 14:41 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 16:08 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2014-01-15 16:07 - 2013-11-24 14:41 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 16:04 - 2013-11-26 10:39 - 00000000 ____D C:\Users\Jan\AppData\Local\CrashDumps
2014-01-12 20:56 - 2014-01-12 20:56 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-12 20:56 - 2014-01-12 20:56 - 00000000 ____D C:\Program Files\WinRAR
2014-01-12 20:49 - 2014-01-12 20:49 - 00000000 ____D C:\ProgramData\Sun
2014-01-12 13:21 - 2014-01-12 13:21 - 04126711 _____ C:\Users\Jan\Downloads\dreamboxedit_setup.exe.zip
2014-01-12 13:18 - 2014-01-12 13:17 - 04188532 _____ C:\Users\Jan\Downloads\dcc296.zip
2014-01-11 16:27 - 2014-01-11 16:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-11 16:26 - 2014-01-11 16:26 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2014-01-11 16:26 - 2014-01-11 16:26 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-11 15:32 - 2014-01-11 15:32 - 00000000 __RHD C:\MSOCache
2014-01-11 15:21 - 2014-01-11 15:21 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-01-11 15:20 - 2014-01-11 15:20 - 00000000 ____D C:\Windows\PCHEALTH
2014-01-11 15:20 - 2014-01-11 15:20 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2014-01-11 15:20 - 2014-01-11 15:20 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2014-01-11 15:20 - 2014-01-11 15:20 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-11 15:20 - 2014-01-11 15:20 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2014-01-11 15:20 - 2014-01-11 15:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2014-01-11 15:20 - 2010-11-21 08:16 - 00000000 ____D C:\Windows\ShellNew
2014-01-11 15:20 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System
2014-01-11 15:20 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-11 15:19 - 2014-01-11 15:19 - 00000000 ____D C:\Users\Jan\AppData\Local\Microsoft Help
2014-01-11 15:19 - 2014-01-11 15:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2014-01-11 15:19 - 2014-01-11 15:17 - 00000000 ____D C:\Users\Jan\AppData\Roaming\DAEMON Tools Pro
2014-01-11 15:19 - 2014-01-11 15:16 - 00000000 ____D C:\ProgramData\DAEMON Tools Pro
2014-01-11 15:17 - 2014-01-11 15:17 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-01-11 15:17 - 2014-01-11 15:17 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2014-01-11 15:09 - 2013-11-24 17:15 - 00000000 ____D C:\Program Files (x86)\JDownloader
2014-01-11 15:07 - 2014-01-11 15:07 - 00000000 ____D C:\ProgramData\DAEMON Tools Ult
2014-01-11 15:07 - 2014-01-11 15:05 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Ultra
2014-01-11 15:07 - 2014-01-11 14:55 - 00000000 ____D C:\ProgramData\DAEMON Tools Ultra
2014-01-11 14:58 - 2014-01-11 14:58 - 00000000 ____D C:\Users\Jan\AppData\Roaming\DAEMON Tools Ult
2014-01-11 14:57 - 2014-01-11 14:57 - 00000000 ____D C:\Users\Jan\AppData\Local\Disc_Soft_Ltd
2014-01-11 14:56 - 2014-01-11 14:55 - 00000000 ____D C:\Users\Jan\AppData\Roaming\DAEMON Tools Ultra
2014-01-10 21:38 - 2014-01-09 12:36 - 00000000 ____D C:\Program Files (x86)\Dotjosh Studios
2014-01-10 21:38 - 2014-01-08 14:58 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-01-10 21:38 - 2014-01-08 14:54 - 00000000 ____D C:\Users\Jan\Documents\arma 2
2014-01-10 21:38 - 2013-11-24 13:07 - 00000000 ___HD C:\SuperChargerProfile
2014-01-10 21:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2014-01-10 21:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2014-01-10 12:56 - 2013-11-24 13:52 - 01593956 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-09 21:05 - 2014-01-08 14:56 - 00000000 ____D C:\Users\Jan\AppData\Local\ArmA 2 OA
2014-01-09 12:37 - 2014-01-09 12:37 - 00000000 ____D C:\Users\Jan\AppData\Local\DayZCommander
2014-01-09 12:36 - 2014-01-09 12:36 - 00001345 _____ C:\Users\Public\Desktop\DayZ Commander.lnk
2014-01-09 12:34 - 2014-01-09 12:34 - 00000000 ____D C:\Users\Jan\AppData\Local\ArmA 2
2014-01-09 12:34 - 2013-11-24 19:32 - 00044769 _____ C:\Windows\DirectX.log
2014-01-09 01:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-08 15:35 - 2013-11-24 13:53 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2014-01-08 15:08 - 2014-01-08 15:08 - 00000000 ____D C:\Program Files (x86)\Six Networks
2014-01-08 15:08 - 2014-01-08 14:52 - 00000000 ____D C:\Users\Jan\AppData\Local\SIX Networks
2014-01-08 14:56 - 2014-01-08 14:56 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio
2014-01-08 14:52 - 2014-01-08 14:52 - 00000000 ____D C:\Users\Jan\AppData\Roaming\SIX Networks
2014-01-08 14:52 - 2014-01-08 14:52 - 00000000 ____D C:\Users\Jan\AppData\Local\IsolatedStorage
2014-01-08 14:52 - 2014-01-08 14:52 - 00000000 ____D C:\ProgramData\SIX Networks
2014-01-08 01:11 - 2014-01-08 00:55 - 00000000 ____D C:\Program Files\SmartTechnology
2014-01-08 00:59 - 2014-01-08 00:59 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-08 00:57 - 2014-01-08 00:57 - 00000000 ____D C:\Users\Jan\AppData\Local\SmartTechnology
2014-01-07 12:40 - 2014-01-07 12:36 - 00000000 ____D C:\Users\Public\Documents\Speedbit
2014-01-02 20:23 - 2014-01-02 20:21 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Notepad++
2014-01-02 20:21 - 2014-01-02 20:21 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-01-02 20:21 - 2014-01-02 20:21 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-12-30 00:40 - 2013-12-05 22:05 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-12-22 12:21 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

Some content of TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\cabex.dll
C:\Users\Jan\AppData\Local\Temp\ChangeIcon.exe
C:\Users\Jan\AppData\Local\Temp\devcon64.exe
C:\Users\Jan\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\Jan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Jan\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Jan\AppData\Local\Temp\nvStInst.exe
C:\Users\Jan\AppData\Local\Temp\ose00000.exe
C:\Users\Jan\AppData\Local\Temp\Quarantine.exe
C:\Users\Jan\AppData\Local\Temp\setup.exe
C:\Users\Jan\AppData\Local\Temp\sonarinst.exe
C:\Users\Jan\AppData\Local\Temp\unelevate.exe
C:\Users\Jan\AppData\Local\Temp\VARemove.exe
C:\Users\Jan\AppData\Local\Temp\VAUninstall.exe
C:\Users\Jan\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 00:16

==================== End Of Log ============================
--- --- ---

--- --- ---
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2014 04
Ran by Jan at 2014-01-20 17:28:57
Running from C:\Users\Jan\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Arma 2 (x32 Version:  - Bohemia Interactive)
ARMA 2 Army of The Czech Republic - Data cache removal (x32 Version:  - )
Arma 2: Operation Arrowhead (x32 Version:  - Bohemia Interactive)
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Battlefield 4™ (x32 Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (x32 Version: 2.3.2 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (x32 Version:  - )
BattlEye Uninstall (x32 Version:  - )
Canon MP250 series MP Drivers (Version:  - )
DAEMON Tools Pro (x32 Version: 5.1.0.0333 - DT Soft Ltd)
DayZ Commander (x32 Version: 0.92.91 - Dotjosh Studios)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (Version:  - Microsoft)
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Intel(R) Management Engine Components (x32 Version: 8.0.1.1399 - Intel Corporation)
Intel(R) Smart Connect Technology 2.0 x64 (Version: 2.0.1069.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.219.2 - Intel Corporation)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (x32 Version: 0.9 - AppWork GmbH)
Logitech GamePanel Software 3.05.151 (Version: 3.05.151 - Logitech Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Notepad++ (x32 Version: 6.5.3 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation)
Origin (x32 Version: 9.3.6.4639 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (x32 Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6564 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Speccy (Version: 1.24 - Piriform)
Steam (x32 Version:  - Valve Corporation)
Super-Charger (x32 Version: 1.2.006 - MSI)
TeamSpeak 3 Client (HKCU Version: 3.0.13 - TeamSpeak Systems GmbH)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837626) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837637) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837638) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2850061) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (Version:  - Microsoft)
VLC media player 2.1.1 (Version: 2.1.1 - VideoLAN)
WinRAR 5.01 (64-Bit) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

11-01-2014 14:17:23 Gerätetreiber-Paketinstallation: DT Soft Ltd Systemgeräte
11-01-2014 14:19:42 Installed Microsoft Office Professional Plus 2013
11-01-2014 14:19:47 PROPLUS
11-01-2014 15:25:04 Windows Update
12-01-2014 19:49:42 Installed Java 7 Update 45
14-01-2014 15:46:40 Windows Update
15-01-2014 15:07:45 Windows Update
16-01-2014 15:17:34 Installed Java 7 Update 51
18-01-2014 18:53:30 Windows Update
19-01-2014 19:14:34 Installiert PC Inspector smart recovery
19-01-2014 19:22:41 Entfernt PC Inspector smart recovery
19-01-2014 22:01:45 avast! antivirus system restore point
20-01-2014 15:49:59 avast! Premier Setup
20-01-2014 16:02:15 avast! antivirus system restore point

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-01-20 17:24 - 00471772 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.egdating.net # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
127.0.0.1 ads.realken.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {2D0289B2-2EE9-46FE-8F94-1196B6D2C1F2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Programme\MS-Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {4FC6A9E8-34FB-43C7-9C65-D4574E0589E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)
Task: {6C5E9681-FEB0-4516-A68C-0E54CDF32C23} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Programme\MS-Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {8F91C353-2D4F-43AF-B4C8-0CD661FAA533} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe
Task: {BB7E0CDD-4E7F-4987-99EB-8CDA562000BF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {D860B0E7-126D-4FA8-B01E-A2095DDED104} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)
Task: {E2CB2F49-4DFC-4B7A-BEBF-09D362157062} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-20] (AVAST Software)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-24 13:53 - 2013-12-19 19:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-02 09:56 - 2012-02-02 09:56 - 00048128 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2012-02-02 09:56 - 2012-02-02 09:56 - 00036864 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetDetect.dll
2014-01-20 17:09 - 2014-01-20 09:05 - 02155520 _____ () C:\Program Files\AVAST Software\Avast\defs\14012000\algo.dll
2014-01-20 17:02 - 2014-01-20 17:02 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-14 21:58 - 2014-01-11 11:28 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
2014-01-14 21:58 - 2014-01-11 11:28 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
2014-01-14 21:58 - 2014-01-11 11:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-14 21:58 - 2014-01-11 11:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-14 21:58 - 2014-01-11 11:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
2013-11-24 13:06 - 2012-01-20 04:23 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:58DD92AC

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/20/2014 05:26:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2014 05:24:57 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (01/20/2014 05:02:15 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary rlafrcrv.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/20/2014 04:53:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2014 04:51:57 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (01/20/2014 04:51:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2014 04:49:45 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (01/20/2014 04:27:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2014 04:26:07 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (01/20/2014 03:49:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/20/2014 05:24:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/20/2014 05:24:55 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HOSTS Anti-PUPs erreicht.

Error: (01/20/2014 04:51:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/20/2014 04:51:57 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HOSTS Anti-PUPs erreicht.

Error: (01/20/2014 04:49:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/20/2014 04:49:44 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HOSTS Anti-PUPs erreicht.

Error: (01/20/2014 04:26:06 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/20/2014 04:26:06 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HOSTS Anti-PUPs erreicht.

Error: (01/20/2014 03:48:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/20/2014 03:48:25 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HOSTS Anti-PUPs erreicht.


Microsoft Office Sessions:
=========================
Error: (01/20/2014 05:26:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2014 05:24:57 PM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (01/20/2014 05:02:15 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary rlafrcrv.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/20/2014 04:53:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2014 04:51:57 PM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (01/20/2014 04:51:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2014 04:49:45 PM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (01/20/2014 04:27:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2014 04:26:07 PM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (01/20/2014 03:49:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 16334.92 MB
Available physical RAM: 13748.49 MB
Total Pagefile: 32668.02 MB
Available Pagefile: 30021 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows 7) (Fixed) (Total:232.88 GB) (Free:133.66 GB) NTFS
Drive d: (HDD Daten) (Fixed) (Total:250 GB) (Free:244.68 GB) NTFS
Drive e: (HDD) (Fixed) (Total:181.41 GB) (Free:172.44 GB) NTFS
Drive f: (SSD) (Fixed) (Total:55.67 GB) (Free:54.53 GB) NTFS
Drive g: (HDD Games) (Fixed) (Total:499.9 GB) (Free:498.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: A04EDF14)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E315B32D)
Partition 1: (Active) - (Size=500 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=250 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=181 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 56 GB) (Disk ID: E315B311)

Partition: GPT Partition Type
==================== End Of Log ============================

M-K-D-B 20.01.2014 19:11
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 4 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.







Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.






Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 4
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    FFdefaults;
    CHRdefaults;
    iedefaults;
    emptyclsid;
    autoclean;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM,
  • die Logdatei von Zoek.

xNato 20.01.2014 20:25
Code:
# AdwCleaner v3.017 - Bericht erstellt am 20/01/2014 um 20:01:24
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Jan - JAN-PC
# Gestartet von : C:\Users\Jan\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v32.0.1700.76

[ Datei : C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3216 octets] - [19/01/2014 22:35:26]
AdwCleaner[R1].txt - [2370 octets] - [19/01/2014 22:50:40]
AdwCleaner[R2].txt - [969 octets] - [19/01/2014 22:53:22]
AdwCleaner[R3].txt - [1085 octets] - [20/01/2014 17:55:45]
AdwCleaner[R4].txt - [1145 octets] - [20/01/2014 17:56:27]
AdwCleaner[R5].txt - [1263 octets] - [20/01/2014 20:00:36]
AdwCleaner[S0].txt - [1790 octets] - [19/01/2014 22:51:23]
AdwCleaner[S1].txt - [1029 octets] - [19/01/2014 22:53:53]
AdwCleaner[S2].txt - [1207 octets] - [20/01/2014 17:57:00]
AdwCleaner[S3].txt - [1185 octets] - [20/01/2014 20:01:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1245 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x64
Ran by Jan on 20.01.2014 at 20:04:23,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.01.2014 at 20:08:17,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.20.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Jan :: JAN-PC [Administrator]

Schutz: Deaktiviert

20.01.2014 20:12:45
mbam-log-2014-01-20 (20-12-45).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 203821
Laufzeit: 1 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Zoek.exe v5.0.0.0 Updated 20-Januari-2014
Tool run by Jan on 20.01.2014 at 20:16:03,72.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jan\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

20.01.2014 20:16:41 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-425414881-164182529-3641603913-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\Jan\.android deleted
C:\PROGRA~2\Hosts_Anti_Adwares_PUPs deleted
C:\ProgramData\Package Cache deleted
C:\Windows\wininit.ini deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [20.01.2014 17:02]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[20.01.2014 17:02]

avast Online Security - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.msn.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.msn.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20131121 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HOSTS Anti-Adware_PUPs deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=18 folders=17 14692520 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Jan\AppData\Local\Temp  will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Jan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 20.01.2014 at 20:21:40,14 ======================

M-K-D-B 21.01.2014 15:52
Servus,



Wir spüren die letzten Reste auf, damit wir sie später entfernen können:




Kontrollscan mit FRST
Führe wie zuvor beschrieben einen Scan mit FRST aus.
Setze dazu eine Haken bei Addition.txt rechts unten und klicke auf Scan.
Es werden wieder zwei Logdateien erzeugt. Poste mir diese.





Gibt es noch Probleme mit Malware? Wenn ja, welche?
Wie läuft der Rechner derzeit?





Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.

xNato 21.01.2014 17:00
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-01-2014
Ran by Jan (administrator) on JAN-PC on 21-01-2014 16:59:07
Running from C:\Users\Jan\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology A6agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-03] (Realtek Semiconductor)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-06-11] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2413128 2010-06-11] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-06-11] (Logitech Inc.)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-20] (AVAST Software)
HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\273f6da4-4b3e-428d-827b-38b74e838ec9.exe /check [181136 2014-01-21] (AVAST Software)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: 221.10.102.199:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-24]
CHR Extension: (Google Drive) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-24]
CHR Extension: (YouTube) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-24]
CHR Extension: (Google-Suche) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-24]
CHR Extension: (avast! Online Security) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-26]
CHR Extension: (Google Wallet) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]
CHR Extension: (Google Mail) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-20]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-20] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-08] ()
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133120 2012-02-02] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [138768 2012-01-03] (MSI)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-24] ()
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [x]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-20] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-20] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-01-11] (DT Soft Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-02] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-02] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-01-21] ()
S3 MSICDSetup; \??\H:\CDriver64.sys [x]
S3 NTIOLib_1_0_C; \??\H:\NTIOLib_X64.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-21 16:59 - 2014-01-21 16:59 - 00011759 _____ C:\Users\Jan\Desktop\FRST.txt
2014-01-21 16:58 - 2014-01-21 16:58 - 00000000 ____D C:\Users\Jan\Desktop\FRST-OlderVersion
2014-01-20 22:25 - 2014-01-21 16:57 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2014-01-20 22:25 - 2014-01-20 22:25 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-01-20 22:15 - 2014-01-20 22:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-20 22:15 - 2014-01-20 22:15 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-20 22:14 - 2014-01-20 22:20 - 00000000 ____D C:\Users\Jan\Desktop\mbar
2014-01-20 22:14 - 2014-01-20 22:14 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-20 22:13 - 2014-01-20 22:14 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Jan\Downloads\mbar-1.07.0.1008.exe
2014-01-20 20:44 - 2014-01-20 20:44 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2014-01-20 20:44 - 2014-01-20 20:44 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2014-01-20 20:16 - 2014-01-20 20:21 - 00006264 _____ C:\zoek-results.log
2014-01-20 20:15 - 2014-01-20 20:20 - 00000000 ____D C:\zoek_backup
2014-01-20 20:13 - 2014-01-20 20:13 - 01282048 _____ C:\Users\Jan\Desktop\zoek.exe
2014-01-20 20:11 - 2014-01-20 20:11 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-20 20:11 - 2014-01-20 20:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-20 20:11 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-20 20:02 - 2014-01-21 16:52 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-01-20 20:01 - 2014-01-21 16:52 - 00000504 _____ C:\Windows\setupact.log
2014-01-20 20:01 - 2014-01-20 20:01 - 00000000 _____ C:\Windows\setuperr.log
2014-01-20 18:10 - 2014-01-20 20:46 - 00005032 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jan-PC-Jan Jan-PC
2014-01-20 17:58 - 2014-01-20 17:58 - 00000000 ____D C:\Windows\ERUNT
2014-01-20 17:55 - 2014-01-20 17:55 - 01037068 _____ (Thisisu) C:\Users\Jan\Desktop\JRT.exe
2014-01-20 17:54 - 2014-01-20 17:55 - 01236282 _____ C:\Users\Jan\Desktop\adwcleaner.exe
2014-01-20 17:02 - 2014-01-20 17:07 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-20 17:02 - 2014-01-20 17:02 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-20 17:02 - 2014-01-20 17:02 - 00000000 ____D C:\Users\Jan\AppData\Roaming\AVAST Software
2014-01-20 16:54 - 2014-01-21 16:58 - 02077184 _____ (Farbar) C:\Users\Jan\Desktop\FRST64.exe
2014-01-20 16:54 - 2014-01-21 16:58 - 00000000 ____D C:\FRST
2014-01-19 22:35 - 2014-01-20 20:23 - 00000000 ____D C:\AdwCleaner
2014-01-19 22:35 - 2014-01-19 22:35 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Malwarebytes
2014-01-19 22:35 - 2014-01-19 22:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 22:10 - 2014-01-19 22:21 - 00000000 ____D C:\Program Files (x86)\Stellar Phoenix Photo Recovery
2014-01-19 21:59 - 2014-01-19 21:59 - 00000000 ____D C:\Program Files (x86)\Convar
2014-01-19 20:14 - 1998-06-18 00:00 - 00089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.DLL
2014-01-18 22:27 - 2014-01-18 22:27 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-01-16 16:17 - 2014-01-16 16:17 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 16:04 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 16:04 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 16:04 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 16:04 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 16:04 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 16:04 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 16:04 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 16:04 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 16:04 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 20:56 - 2014-01-12 20:56 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-12 20:56 - 2014-01-12 20:56 - 00000000 ____D C:\Program Files\WinRAR
2014-01-12 20:49 - 2014-01-16 16:18 - 00000000 ____D C:\ProgramData\Oracle
2014-01-12 20:49 - 2014-01-16 16:17 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-12 20:49 - 2014-01-12 20:49 - 00000000 ____D C:\ProgramData\Sun
2014-01-12 20:49 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-12 20:49 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-12 20:49 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-12 20:49 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-12 13:21 - 2014-01-12 13:21 - 04126711 _____ C:\Users\Jan\Downloads\dreamboxedit_setup.exe.zip
2014-01-12 13:17 - 2014-01-12 13:18 - 04188532 _____ C:\Users\Jan\Downloads\dcc296.zip
2014-01-11 16:26 - 2014-01-11 16:26 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2014-01-11 16:26 - 2014-01-11 16:26 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-11 15:21 - 2014-01-11 15:21 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-01-11 15:19 - 2014-01-20 20:28 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-11 15:19 - 2014-01-11 15:19 - 00000000 ____D C:\Users\Jan\AppData\Local\Microsoft Help
2014-01-11 15:17 - 2014-01-11 15:19 - 00000000 ____D C:\Users\Jan\AppData\Roaming\DAEMON Tools Pro
2014-01-11 15:17 - 2014-01-11 15:17 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-01-11 15:17 - 2014-01-11 15:17 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2014-01-11 15:16 - 2014-01-11 15:19 - 00000000 ____D C:\ProgramData\DAEMON Tools Pro
2014-01-11 15:07 - 2014-01-11 15:07 - 00000000 ____D C:\ProgramData\DAEMON Tools Ult
2014-01-11 15:05 - 2014-01-11 15:07 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Ultra
2014-01-11 14:58 - 2014-01-11 14:58 - 00000000 ____D C:\Users\Jan\AppData\Roaming\DAEMON Tools Ult
2014-01-11 14:57 - 2014-01-11 14:57 - 00000000 ____D C:\Users\Jan\AppData\Local\Disc_Soft_Ltd
2014-01-11 14:55 - 2014-01-11 15:07 - 00000000 ____D C:\ProgramData\DAEMON Tools Ultra
2014-01-11 14:55 - 2014-01-11 14:56 - 00000000 ____D C:\Users\Jan\AppData\Roaming\DAEMON Tools Ultra
2014-01-09 12:37 - 2014-01-09 12:37 - 00000000 ____D C:\Users\Jan\AppData\Local\DayZCommander
2014-01-09 12:36 - 2014-01-10 21:38 - 00000000 ____D C:\Program Files (x86)\Dotjosh Studios
2014-01-09 12:36 - 2014-01-09 12:36 - 00001345 _____ C:\Users\Public\Desktop\DayZ Commander.lnk
2014-01-09 12:34 - 2014-01-09 12:34 - 00000000 ____D C:\Users\Jan\AppData\Local\ArmA 2
2014-01-08 15:34 - 2013-12-19 21:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-01-08 15:34 - 2013-12-19 21:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-01-08 15:34 - 2013-12-19 21:33 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-01-08 15:34 - 2013-11-28 14:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-01-08 15:34 - 2013-11-28 14:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-01-08 15:34 - 2013-11-22 09:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-01-08 15:08 - 2014-01-08 15:08 - 00000000 ____D C:\Program Files (x86)\Six Networks
2014-01-08 14:58 - 2014-01-10 21:38 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-01-08 14:56 - 2014-01-09 21:05 - 00000000 ____D C:\Users\Jan\AppData\Local\ArmA 2 OA
2014-01-08 14:56 - 2014-01-08 14:56 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio
2014-01-08 14:54 - 2014-01-10 21:38 - 00000000 ____D C:\Users\Jan\Documents\arma 2
2014-01-08 14:52 - 2014-01-08 15:08 - 00000000 ____D C:\Users\Jan\AppData\Local\SIX Networks
2014-01-08 14:52 - 2014-01-08 14:52 - 00000000 ____D C:\Users\Jan\AppData\Roaming\SIX Networks
2014-01-08 14:52 - 2014-01-08 14:52 - 00000000 ____D C:\Users\Jan\AppData\Local\IsolatedStorage
2014-01-08 14:52 - 2014-01-08 14:52 - 00000000 ____D C:\ProgramData\SIX Networks
2014-01-08 02:40 - 2014-01-17 13:09 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-08 00:59 - 2014-01-08 00:59 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-08 00:57 - 2014-01-08 00:57 - 00000000 ____D C:\Users\Jan\AppData\Local\SmartTechnology
2014-01-08 00:55 - 2014-01-08 01:11 - 00000000 ____D C:\Program Files\SmartTechnology
2014-01-07 12:36 - 2014-01-07 12:40 - 00000000 ____D C:\Users\Public\Documents\Speedbit
2014-01-02 20:21 - 2014-01-02 20:23 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Notepad++
2014-01-02 20:21 - 2014-01-02 20:21 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-01-02 20:21 - 2014-01-02 20:21 - 00000000 ____D C:\Program Files (x86)\Notepad++

==================== One Month Modified Files and Folders =======

2014-01-21 16:59 - 2014-01-21 16:59 - 00011759 _____ C:\Users\Jan\Desktop\FRST.txt
2014-01-21 16:58 - 2014-01-21 16:58 - 00000000 ____D C:\Users\Jan\Desktop\FRST-OlderVersion
2014-01-21 16:58 - 2014-01-20 16:54 - 02077184 _____ (Farbar) C:\Users\Jan\Desktop\FRST64.exe
2014-01-21 16:58 - 2014-01-20 16:54 - 00000000 ____D C:\FRST
2014-01-21 16:58 - 2013-11-24 21:48 - 00699416 _____ C:\Windows\system32\perfh007.dat
2014-01-21 16:58 - 2013-11-24 21:48 - 00149556 _____ C:\Windows\system32\perfc007.dat
2014-01-21 16:58 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-21 16:57 - 2014-01-20 22:25 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2014-01-21 16:57 - 2013-11-26 18:47 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-21 16:57 - 2013-11-24 12:52 - 02082278 _____ C:\Windows\WindowsUpdate.log
2014-01-21 16:52 - 2014-01-20 20:02 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-01-21 16:52 - 2014-01-20 20:01 - 00000504 _____ C:\Windows\setupact.log
2014-01-21 16:52 - 2013-11-26 18:47 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-21 16:52 - 2013-11-24 13:53 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-21 16:52 - 2013-11-24 13:05 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-01-21 16:52 - 2010-11-21 04:47 - 00250004 _____ C:\Windows\PFRO.log
2014-01-21 16:52 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-21 16:52 - 2009-07-14 05:45 - 00437384 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-20 22:28 - 2009-07-14 05:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-20 22:28 - 2009-07-14 05:45 - 00025872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-20 22:25 - 2014-01-20 22:25 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-01-20 22:25 - 2013-11-25 13:16 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2014-01-20 22:23 - 2013-11-24 13:48 - 00109504 _____ C:\Users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-20 22:20 - 2014-01-20 22:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-20 22:20 - 2014-01-20 22:14 - 00000000 ____D C:\Users\Jan\Desktop\mbar
2014-01-20 22:15 - 2014-01-20 22:15 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-20 22:14 - 2014-01-20 22:14 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-20 22:14 - 2014-01-20 22:13 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Jan\Downloads\mbar-1.07.0.1008.exe
2014-01-20 20:46 - 2014-01-20 18:10 - 00005032 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jan-PC-Jan Jan-PC
2014-01-20 20:44 - 2014-01-20 20:44 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2014-01-20 20:44 - 2014-01-20 20:44 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2014-01-20 20:28 - 2014-01-11 15:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-20 20:28 - 2010-11-21 08:16 - 00000000 ____D C:\Windows\ShellNew
2014-01-20 20:28 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-20 20:27 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System
2014-01-20 20:27 - 2009-07-14 03:34 - 00000387 _____ C:\Windows\win.ini
2014-01-20 20:23 - 2014-01-19 22:35 - 00000000 ____D C:\AdwCleaner
2014-01-20 20:21 - 2014-01-20 20:16 - 00006264 _____ C:\zoek-results.log
2014-01-20 20:20 - 2014-01-20 20:15 - 00000000 ____D C:\zoek_backup
2014-01-20 20:20 - 2013-11-24 12:53 - 00000000 ____D C:\Users\Jan
2014-01-20 20:13 - 2014-01-20 20:13 - 01282048 _____ C:\Users\Jan\Desktop\zoek.exe
2014-01-20 20:11 - 2014-01-20 20:11 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-20 20:11 - 2014-01-20 20:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-20 20:01 - 2014-01-20 20:01 - 00000000 _____ C:\Windows\setuperr.log
2014-01-20 17:58 - 2014-01-20 17:58 - 00000000 ____D C:\Windows\ERUNT
2014-01-20 17:55 - 2014-01-20 17:55 - 01037068 _____ (Thisisu) C:\Users\Jan\Desktop\JRT.exe
2014-01-20 17:55 - 2014-01-20 17:54 - 01236282 _____ C:\Users\Jan\Desktop\adwcleaner.exe
2014-01-20 17:33 - 2013-11-24 18:12 - 00000000 ____D C:\Program Files (x86)\Origin
2014-01-20 17:07 - 2014-01-20 17:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-20 17:02 - 2014-01-20 17:02 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-20 17:02 - 2014-01-20 17:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-20 17:02 - 2014-01-20 17:02 - 00000000 ____D C:\Users\Jan\AppData\Roaming\AVAST Software
2014-01-20 17:02 - 2013-11-24 18:35 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-20 17:01 - 2013-11-24 18:34 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-19 23:01 - 2013-11-24 18:35 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2014-01-19 22:35 - 2014-01-19 22:35 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Malwarebytes
2014-01-19 22:35 - 2014-01-19 22:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 22:21 - 2014-01-19 22:10 - 00000000 ____D C:\Program Files (x86)\Stellar Phoenix Photo Recovery
2014-01-19 21:59 - 2014-01-19 21:59 - 00000000 ____D C:\Program Files (x86)\Convar
2014-01-19 20:22 - 2013-11-24 13:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-18 22:27 - 2014-01-18 22:27 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-01-18 21:52 - 2013-11-24 19:34 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-18 21:35 - 2013-11-24 19:34 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2014-01-17 13:09 - 2014-01-08 02:40 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-16 16:18 - 2014-01-12 20:49 - 00000000 ____D C:\ProgramData\Oracle
2014-01-16 16:17 - 2014-01-16 16:17 - 00005327 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-16 16:17 - 2014-01-12 20:49 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-15 16:08 - 2013-11-24 14:41 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 16:07 - 2013-11-24 14:41 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 16:04 - 2013-11-26 10:39 - 00000000 ____D C:\Users\Jan\AppData\Local\CrashDumps
2014-01-12 20:56 - 2014-01-12 20:56 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-12 20:56 - 2014-01-12 20:56 - 00000000 ____D C:\Program Files\WinRAR
2014-01-12 20:49 - 2014-01-12 20:49 - 00000000 ____D C:\ProgramData\Sun
2014-01-12 13:21 - 2014-01-12 13:21 - 04126711 _____ C:\Users\Jan\Downloads\dreamboxedit_setup.exe.zip
2014-01-12 13:18 - 2014-01-12 13:17 - 04188532 _____ C:\Users\Jan\Downloads\dcc296.zip
2014-01-11 16:26 - 2014-01-11 16:26 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2014-01-11 16:26 - 2014-01-11 16:26 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-11 15:21 - 2014-01-11 15:21 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-01-11 15:19 - 2014-01-11 15:19 - 00000000 ____D C:\Users\Jan\AppData\Local\Microsoft Help
2014-01-11 15:19 - 2014-01-11 15:17 - 00000000 ____D C:\Users\Jan\AppData\Roaming\DAEMON Tools Pro
2014-01-11 15:19 - 2014-01-11 15:16 - 00000000 ____D C:\ProgramData\DAEMON Tools Pro
2014-01-11 15:17 - 2014-01-11 15:17 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-01-11 15:17 - 2014-01-11 15:17 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2014-01-11 15:09 - 2013-11-24 17:15 - 00000000 ____D C:\Program Files (x86)\JDownloader
2014-01-11 15:07 - 2014-01-11 15:07 - 00000000 ____D C:\ProgramData\DAEMON Tools Ult
2014-01-11 15:07 - 2014-01-11 15:05 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Ultra
2014-01-11 15:07 - 2014-01-11 14:55 - 00000000 ____D C:\ProgramData\DAEMON Tools Ultra
2014-01-11 14:58 - 2014-01-11 14:58 - 00000000 ____D C:\Users\Jan\AppData\Roaming\DAEMON Tools Ult
2014-01-11 14:57 - 2014-01-11 14:57 - 00000000 ____D C:\Users\Jan\AppData\Local\Disc_Soft_Ltd
2014-01-11 14:56 - 2014-01-11 14:55 - 00000000 ____D C:\Users\Jan\AppData\Roaming\DAEMON Tools Ultra
2014-01-10 21:38 - 2014-01-09 12:36 - 00000000 ____D C:\Program Files (x86)\Dotjosh Studios
2014-01-10 21:38 - 2014-01-08 14:58 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-01-10 21:38 - 2014-01-08 14:54 - 00000000 ____D C:\Users\Jan\Documents\arma 2
2014-01-10 21:38 - 2013-11-24 13:07 - 00000000 ___HD C:\SuperChargerProfile
2014-01-10 21:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2014-01-10 21:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2014-01-10 12:56 - 2013-11-24 13:52 - 01593956 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-09 21:05 - 2014-01-08 14:56 - 00000000 ____D C:\Users\Jan\AppData\Local\ArmA 2 OA
2014-01-09 12:37 - 2014-01-09 12:37 - 00000000 ____D C:\Users\Jan\AppData\Local\DayZCommander
2014-01-09 12:36 - 2014-01-09 12:36 - 00001345 _____ C:\Users\Public\Desktop\DayZ Commander.lnk
2014-01-09 12:34 - 2014-01-09 12:34 - 00000000 ____D C:\Users\Jan\AppData\Local\ArmA 2
2014-01-09 12:34 - 2013-11-24 19:32 - 00044769 _____ C:\Windows\DirectX.log
2014-01-09 01:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-08 15:35 - 2013-11-24 13:53 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2014-01-08 15:08 - 2014-01-08 15:08 - 00000000 ____D C:\Program Files (x86)\Six Networks
2014-01-08 15:08 - 2014-01-08 14:52 - 00000000 ____D C:\Users\Jan\AppData\Local\SIX Networks
2014-01-08 14:56 - 2014-01-08 14:56 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio
2014-01-08 14:52 - 2014-01-08 14:52 - 00000000 ____D C:\Users\Jan\AppData\Roaming\SIX Networks
2014-01-08 14:52 - 2014-01-08 14:52 - 00000000 ____D C:\Users\Jan\AppData\Local\IsolatedStorage
2014-01-08 14:52 - 2014-01-08 14:52 - 00000000 ____D C:\ProgramData\SIX Networks
2014-01-08 01:11 - 2014-01-08 00:55 - 00000000 ____D C:\Program Files\SmartTechnology
2014-01-08 00:59 - 2014-01-08 00:59 - 00000000 ____D C:\Windows\system32\appmgmt
2014-01-08 00:57 - 2014-01-08 00:57 - 00000000 ____D C:\Users\Jan\AppData\Local\SmartTechnology
2014-01-07 12:40 - 2014-01-07 12:36 - 00000000 ____D C:\Users\Public\Documents\Speedbit
2014-01-02 20:23 - 2014-01-02 20:21 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Notepad++
2014-01-02 20:21 - 2014-01-02 20:21 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-01-02 20:21 - 2014-01-02 20:21 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-12-22 12:21 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

Some content of TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Jan\AppData\Local\Temp\sfareca00001.dll
C:\Users\Jan\AppData\Local\Temp\sfextra.dll
C:\Users\Jan\AppData\Local\Temp\SRLDetectionLibrary3543835576870402505.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 00:16

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-01-2014
Ran by Jan at 2014-01-21 16:59:19
Running from C:\Users\Jan\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Arma 2 (x32 Version:  - Bohemia Interactive)
ARMA 2 Army of The Czech Republic - Data cache removal (x32 Version:  - )
Arma 2: Operation Arrowhead (x32 Version:  - Bohemia Interactive)
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Battlefield 4™ (x32 Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (x32 Version: 2.3.2 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (x32 Version:  - )
BattlEye Uninstall (x32 Version:  - )
Canon MP250 series MP Drivers (Version:  - )
DAEMON Tools Pro (x32 Version: 5.1.0.0333 - DT Soft Ltd)
DayZ Commander (x32 Version: 0.92.91 - Dotjosh Studios)
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Intel(R) Management Engine Components (x32 Version: 8.0.1.1399 - Intel Corporation)
Intel(R) Smart Connect Technology 2.0 x64 (Version: 2.0.1069.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.219.2 - Intel Corporation)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (x32 Version: 0.9 - AppWork GmbH)
Logitech GamePanel Software 3.05.151 (Version: 3.05.151 - Logitech Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Notepad++ (x32 Version: 6.5.3 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation)
Origin (x32 Version: 9.3.6.4639 - Electronic Arts, Inc.)
PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (x32 Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6564 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Speccy (Version: 1.24 - Piriform)
SpeedFan (remove only) (x32 Version:  - )
Steam (x32 Version:  - Valve Corporation)
Super-Charger (x32 Version: 1.2.006 - MSI)
System Requirements Lab CYRI (x32 Version: 6.0.8.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKCU Version: 3.0.13 - TeamSpeak Systems GmbH)
VLC media player 2.1.1 (Version: 2.1.1 - VideoLAN)
WinRAR 5.01 (64-Bit) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

14-01-2014 15:46:40 Windows Update
15-01-2014 15:07:45 Windows Update
16-01-2014 15:17:34 Installed Java 7 Update 51
18-01-2014 18:53:30 Windows Update
19-01-2014 19:14:34 Installiert PC Inspector smart recovery
19-01-2014 19:22:41 Entfernt PC Inspector smart recovery
19-01-2014 22:01:45 avast! antivirus system restore point
20-01-2014 15:49:59 avast! Premier Setup
20-01-2014 16:02:15 avast! antivirus system restore point
20-01-2014 19:16:36 zoek.exe restore point
20-01-2014 19:27:09 Removed Microsoft Office Professional Plus 2013
20-01-2014 19:27:15 PROPLUS

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-01-20 20:02 - 00589303 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.egdating.net # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
127.0.0.1 ads.realken.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {4FC6A9E8-34FB-43C7-9C65-D4574E0589E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)
Task: {8F91C353-2D4F-43AF-B4C8-0CD661FAA533} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe
Task: {D860B0E7-126D-4FA8-B01E-A2095DDED104} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)
Task: {E2CB2F49-4DFC-4B7A-BEBF-09D362157062} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-20] (AVAST Software)
Task: {FCDC32A0-9AD9-4899-932E-A57FE6503E13} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Jan-PC-Jan Jan-PC => D:\Programme\MS-Office\Office15\MsoSync.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-21 00:22 - 2014-01-20 18:52 - 02155520 _____ () C:\Program Files\AVAST Software\Avast\defs\14012001\algo.dll
2014-01-21 16:54 - 2014-01-21 10:27 - 02155520 _____ () C:\Program Files\AVAST Software\Avast\defs\14012100\algo.dll
2014-01-20 17:02 - 2014-01-20 17:02 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-24 13:06 - 2012-01-20 04:23 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-01-21 16:57 - 2014-01-21 16:57 - 00158720 _____ () C:\Users\Jan\AppData\Local\Temp\sfareca00001.dll
2014-01-20 22:25 - 2014-01-21 16:57 - 00192512 _____ () C:\Users\Jan\AppData\Local\Temp\sfamcc00001.dll
2014-01-14 21:58 - 2014-01-11 11:28 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
2014-01-14 21:58 - 2014-01-11 11:28 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
2014-01-14 21:58 - 2014-01-11 11:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-14 21:58 - 2014-01-11 11:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-14 21:58 - 2014-01-11 11:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:58DD92AC

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2014 04:54:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2014 04:52:31 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (01/20/2014 08:23:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2014 08:21:38 PM) (Source: ISCT Agent) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2


System errors:
=============
Error: (01/21/2014 04:52:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (01/20/2014 08:21:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (01/20/2014 08:20:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/20/2014 08:20:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/20/2014 08:20:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/20/2014 08:20:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (01/20/2014 08:20:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================
Error: (01/21/2014 04:54:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2014 04:52:31 PM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (01/20/2014 08:23:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/20/2014 08:21:38 PM) (Source: ISCT Agent)(User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2


==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 16334.92 MB
Available physical RAM: 13638.69 MB
Total Pagefile: 32668.02 MB
Available Pagefile: 29745.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows 7) (Fixed) (Total:232.88 GB) (Free:137.93 GB) NTFS
Drive d: (HDD Daten) (Fixed) (Total:250 GB) (Free:246.65 GB) NTFS
Drive e: (HDD) (Fixed) (Total:181.41 GB) (Free:168.9 GB) NTFS
Drive f: (SSD) (Fixed) (Total:55.67 GB) (Free:54.53 GB) NTFS
Drive g: (HDD Games) (Fixed) (Total:499.9 GB) (Free:498.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: A04EDF14)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E315B32D)
Partition 1: (Active) - (Size=500 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=250 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=181 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 56 GB) (Disk ID: E315B311)

Partition: GPT Partition Type
==================== End Of Log ============================
Pc läuft gut allerdings ist das icon von Speedfan verschwunden, woran liegt das ?

M-K-D-B 21.01.2014 17:05
Servus,



Zitat:
Zitat von xNato (Beitrag 1236256)
Pc läuft gut allerdings ist das icon von Speedfan verschwunden, woran liegt das ?
keines der verwendeten Tools hat das Icon entfernt. Eventuell musst du es nochmal neu anlegen.






Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg.



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
ProxyServer: 221.10.102.199:80
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 






Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von FRST,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

xNato 21.01.2014 21:41
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-01-2014
Ran by Jan at 2014-01-21 17:11:04 Run:1
Running from C:\Users\Jan\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
ProxyServer: 221.10.102.199:80
end
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.

==== End of Fixlog ====
[CODE][code]
HitmanPro 3.7.8.208
www.hitmanpro.com

Computer name . . . . : JAN-PC
Windows . . . . . . . : 6.1.1.7601.X64/8
User name . . . . . . : Jan-PC\Jan
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)

Scan date . . . . . . : 2014-01-21 17:21:36
Scan mode . . . . . . : Normal
Scan duration . . . . : 40s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 10

Objects scanned . . . : 1.274.461
Files scanned . . . . : 13.804
Remnants scanned . . : 228.156 files / 1.032.501 keys

Cookies _____________________________________________________________________

C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.lokalisten.de
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.4players.de
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ookla.com
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Cookies:partypoker.com
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com


Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=71fe1f34221c8d40b00db5cfbb9282e6
# engine=16736
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-21 04:55:07
# local_time=2014-01-21 05:55:07 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 71 77 91847 93162 0 0
# compatibility_mode=5893 16776573 100 94 5788 141953157 0 0
# scanned=119672
# found=0
# cleaned=0
# scan_time=1583
Code:
Results of screen317's Security Check version 0.99.79 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java 7 Update 51 
 Adobe Reader XI 
 Google Chrome 32.0.1700.72 
 Google Chrome 32.0.1700.76 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes' Anti-Malware mbamscheduler.exe 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Bitte gib mir Tipps mit auf dem Weg, wie du sagtest.

Neue Erkenntnisse !
HiJackedThis Log
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:39:39, on 21.01.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Jan\Desktop\HiJackThis204.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~1\MS-OFF~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~1\MS-OFF~1\Office15\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HOSTS Anti-PUPs - Unknown owner - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: ISCT Always Updated Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSI_SuperCharger - MSI - C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8565 bytes
aswMBR Log
Code:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-21 21:29:05
-----------------------------
21:29:05.214    OS Version: Windows x64 6.1.7601 Service Pack 1
21:29:05.214    Number of processors: 8 586 0x3A09
21:29:05.215    ComputerName: JAN-PC  UserName: Jan
21:29:05.740    Initialize success
21:29:08.501    AVAST engine defs: 14012100
21:29:46.760    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
21:29:46.761    Disk 0 Vendor: Samsung_SSD_840_EVO_250GB EXT0BB0Q Size: 238475MB BusType: 11
21:29:46.763    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
21:29:46.764    Disk 1 Vendor: ST1000DM003-9YN162 CC4B Size: 953869MB BusType: 11
21:29:46.773    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-3
21:29:46.775    Disk 2 Vendor: OCZ-AGILITY3 2.22 Size: 57241MB BusType: 11
21:29:46.781    Disk 0 MBR read successfully
21:29:46.783    Disk 0 MBR scan
21:29:46.785    Disk 0 unknown MBR code
21:29:46.787    Disk 0 Partition 1 00    07    HPFS/NTFS NTFS      238473 MB offset 2048
21:29:46.794    Disk 0 scanning C:\Windows\system32\drivers
21:29:48.849    Service scanning
21:29:51.114    Service MSICDSetup H:\CDriver64.sys **LOCKED** 21
21:29:51.737    Service NTIOLib_1_0_C H:\NTIOLib_X64.sys **LOCKED** 21
21:29:54.173    Modules scanning
21:29:54.176    Disk 0 trace - called modules:
21:29:54.180    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:29:54.182    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800cfda790]
21:29:54.185    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800cdc8060]
21:29:54.526    AVAST engine scan C:\
21:37:11.426    Scan finished successfully
21:37:49.619    Disk 0 MBR has been saved successfully to "C:\Users\Jan\Desktop\MBR.dat"
21:37:49.621    The log file has been saved successfully to "C:\Users\Jan\Desktop\aswMBR.txt"

M-K-D-B 22.01.2014 16:41
Servus,






Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.






Schritt 1
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 2
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

xNato 22.01.2014 18:44
Alles erledigt ;)
Vielen Dank für deine Zeit und Geduld.

M-K-D-B 23.01.2014 16:19
Ich bin froh, dass wir helfen konnten :abklatsch:

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:48 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22