Trojaner-Board - [Windows 7] CPU arbeitet neuerdings mit einer Grundlast

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - [Windows 7] CPU arbeitet neuerdings mit einer Grundlast (https://www.trojaner-board.de/150740-windows-7-cpu-arbeitet-neuerdings-grundlast.html)

[Windows 7] CPU arbeitet neuerdings mit einer Grundlast

Guten Tag werte Trojaner-Board Community & Helfer.

Ich habe seit geraumer Zeit,
in meinem Fall seit drei bis vier Tagen,
das Problem, dass mein Prozessor neuerdings mit einer Grundlast von 50% Auslastung arbeitet.

Nachdem ich dies merkte machte ich einen Virenscan mit einer aktivierten AVAST! Version und Malwarebytes Anti-Malware.

Malwarebytes fand im Gegensatz zu AVAST! zwei infizierte Registrierungsschlüssel, ein infiziertes Verzeichnis und in diesem eine infizierte Datei.

Dabei handelte es sich um einen Virus, der einen Ordner namens "dclogs [...]", und jetzt kommts, auch ganz frech stand dahinter "(Stolen.Data)" (Vollst. Name also: "dclogs (Stolen.Data) ) erstellte.

Die zwei vermutlich infizierten Registrierungsschlüssel konnte ich nirgends zuordnen.

Nun, das ist wie oben beschrieben mein Problem:

http://s1.directupload.net/images/140307/j3ssspfa.png

Natürlich habe ich dem "Tutorial" Folge geleistet und habe:

-CD/DVD Emulatoren mithilfe von defogger deaktiviert
-Einen Scan mithilfe von "Farbar's Recovery Scan Tool" durchgeführt
und letztendlich
-Einen Quick Scan mithilfe von GMER gemacht.

Nun, hier sind die Logfiles:

Farbar's Recovery Scan Tool

FRST

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2014 Ran by Jakob (administrator) on JAKOBS-PC on 07-03-2014 13:37:13 Running from D:\Desktop Windows 7 Ultimate (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (AVAST Software) D:\AVAST Software\Avast\AvastSvc.exe (AVAST Software) D:\AVAST Software\Avast\afwServ.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () D:\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (AVAST Software) D:\AVAST Software\Avast\AvastUI.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (WiseCleaner.com) D:\Wise\Wise Care 365\WiseTray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated) HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] - D:\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-03] (AVAST Software) HKLM-x32\...\Run: [PDFPrint] - D:\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH) HKLM-x32\...\Run: [QuickTime Task] - D:\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - D:\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - D:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,userinit.exe HKU\S-1-5-21-1621289240-3782386781-216171386-1000\...\Run: [Steam] - D:\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation) HKU\S-1-5-21-1621289240-3782386781-216171386-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Jakob\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\S-1-5-21-1621289240-3782386781-216171386-1000\...\Run: [EADM] - D:\Origin\Origin.exe [3598680 2014-02-15] (Electronic Arts) HKU\S-1-5-21-1621289240-3782386781-216171386-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Startup: C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Jakob\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.lnk ShortcutTarget: thunderbird.lnk -> D:\Thunderbird\thunderbird.exe (Mozilla Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB57FA4738E08CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - D:\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - D:\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Winsock: Catalog5 08 D:\WideCap\widecapdrv.dll [327168] () Winsock: Catalog9 01 D:\WideCap\widecapdrv.dll [327168] () Winsock: Catalog9 02 D:\WideCap\widecapdrv.dll [327168] () Winsock: Catalog9 03 D:\WideCap\widecapdrv.dll [327168] () Winsock: Catalog9 04 D:\WideCap\widecapdrv.dll [327168] () Winsock: Catalog9 05 D:\WideCap\widecapdrv.dll [327168] () Winsock: Catalog9 16 D:\WideCap\widecapdrv.dll [327168] () Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\0btwckdu.default FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jakob\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - D:\AVAST Software\Avast\WebRep\FF [2014-01-03] FF StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe Chrome: ======= CHR Extension: (ProxTube) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-02-04] CHR Extension: (Google Drive) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-03] CHR Extension: (YouTube) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-03] CHR Extension: (Adblock Plus) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-27] CHR Extension: (Google-Suche) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-03] CHR Extension: (avast! Online Security) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-03] CHR Extension: (Google Wallet) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-03] CHR Extension: (Google Mail) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-03] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-03] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; D:\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-03] (AVAST Software) R2 avast! Firewall; D:\AVAST Software\Avast\afwServ.exe [113704 2014-01-03] (AVAST Software) R2 mi-raysat_3dsmax2014_64; D:\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-15] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-06] () ==================== Drivers (Whitelisted) ==================== R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-01-03] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-03] (AVAST Software) R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [439648 2014-01-08] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-03] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-03] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-03] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-03] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-03] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-03] () R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X] U0 mfcorefs; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-07 13:37 - 2014-03-07 13:37 - 00000000 ____D () C:\FRST 2014-03-07 13:35 - 2014-03-07 13:35 - 00000000 _____ () C:\Users\Jakob\defogger_reenable 2014-03-06 19:58 - 2014-03-06 19:58 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Malwarebytes 2014-03-06 19:58 - 2014-03-06 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-06 19:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-05 11:21 - 2014-03-05 11:21 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\ZokanBINDER 2014-03-04 16:57 - 2014-03-04 18:30 - 00000000 ____D () C:\Users\Jakob\Documents\GTA San Andreas User Files 2014-03-04 16:39 - 2014-03-04 16:41 - 00000000 ____D () C:\Users\Public\Documents\GTA San Andreas User Files 2014-03-04 12:32 - 2014-03-04 12:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01005.Wdf 2014-03-03 19:54 - 2014-03-03 19:54 - 01283480 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.dll 2014-03-03 19:54 - 2014-03-03 19:54 - 01241440 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.exe 2014-03-03 19:54 - 2014-03-03 19:54 - 00531352 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.dll 2014-03-03 19:54 - 2014-03-03 19:54 - 00420744 _____ () C:\Windows\system32\mfcoredll.dll 2014-03-03 19:54 - 2014-03-03 19:54 - 00382856 _____ () C:\Windows\SysWOW64\mfcoredll.dll 2014-03-03 19:54 - 2014-03-03 19:54 - 00316760 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.exe 2014-03-03 19:54 - 2014-03-03 19:54 - 00147344 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.x64 2014-03-03 19:54 - 2014-03-03 19:54 - 00073624 _____ () C:\Windows\system32\Drivers\mfcore.sys 2014-03-03 19:54 - 2014-03-03 19:54 - 00067472 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.x86 2014-03-03 19:54 - 2014-03-03 19:54 - 00016792 _____ () C:\Windows\system32\mfcoresvc.exe 2014-03-03 19:54 - 2014-03-03 19:54 - 00000000 ____D () C:\Program Files\MiniFrame 2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\OBS 2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software 2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Program Files\OBS 2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Program Files (x86)\OBS 2014-03-02 10:52 - 2014-03-02 10:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-02 10:52 - 2014-03-02 10:52 - 00000000 ____D () C:\Program Files\iTunes 2014-03-02 10:52 - 2014-03-02 10:52 - 00000000 ____D () C:\Program Files\iPod 2014-02-28 20:49 - 2014-03-01 20:08 - 00000000 ____D () C:\output 2014-02-28 19:45 - 2014-03-03 20:01 - 00000000 ____D () C:\Program Files\Recuva 2014-02-28 19:42 - 2014-02-28 19:42 - 05510289 _____ (Essential Data Tools ) C:\Users\Jakob\Downloads\photorescuepro_setup.exe 2014-02-24 21:15 - 2014-02-24 21:15 - 00000000 ____D () C:\Users\Jakob\AppData\Local\PDF24 2014-02-24 20:25 - 2014-03-06 19:15 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SA-MP Live 2014-02-24 20:01 - 2014-02-24 20:01 - 00087704 _____ () C:\Windows\cadkasdeinst01.exe 2014-02-24 20:01 - 2014-02-24 20:01 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 4.0 2014-02-24 20:01 - 2014-02-24 20:01 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\CAD-KAS 2014-02-22 20:08 - 2014-03-07 12:44 - 00075365 _____ () C:\Windows\WindowsUpdate.log 2014-02-22 18:42 - 2014-02-22 18:42 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\JAM Software 2014-02-22 16:15 - 2014-02-22 16:59 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\uTorrent 2014-02-22 15:18 - 2014-02-22 15:18 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\MAXON 2014-02-22 15:00 - 2014-02-22 16:57 - 00000000 ____D () C:\Users\Jakob\Documents\Adobe 2014-02-22 15:00 - 2014-02-22 15:00 - 00003504 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Jakobs-PC-Jakob 2014-02-22 15:00 - 2014-02-22 15:00 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\PDAppFlex 2014-02-22 14:59 - 2014-02-22 17:12 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe 2014-02-22 14:13 - 2014-02-22 16:09 - 00000000 ____D () C:\Program Files\Adobe 2014-02-22 13:37 - 2014-02-22 14:19 - 02951193 _____ () C:\Users\Jakob\Documents\Fertiges LiedWindows Media Audio V11_Audio in CD-Qualität mit 128 Kbit-s, 24 Bit, Stereo.wma 2014-02-21 18:04 - 2014-02-21 18:04 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-02-21 18:03 - 2014-02-08 17:18 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-02-21 18:02 - 2014-02-08 19:34 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-02-21 18:02 - 2014-02-08 19:34 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 00483104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 00408352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 00378656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-02-21 18:02 - 2014-02-08 19:34 - 00148528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-02-19 22:35 - 2014-02-19 22:36 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\DVDVideoSoft 2014-02-19 21:52 - 2014-02-22 18:48 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\MediaPurge 2014-02-19 21:52 - 2014-02-19 21:52 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mediapurge 2014-02-19 21:22 - 2014-02-19 21:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-02-19 21:18 - 2014-02-22 11:47 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Apple Computer 2014-02-19 21:18 - 2014-02-19 21:18 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Apple Computer 2014-02-19 21:18 - 2014-02-19 21:18 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-02-19 21:18 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Apple 2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\ProgramData\Apple 2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files\Bonjour 2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update 2014-02-17 18:11 - 2014-02-17 18:11 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer 2014-02-15 21:17 - 2014-02-15 21:17 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab 2014-02-15 21:06 - 2014-02-15 21:06 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Sony Creative Software Inc 2014-02-15 19:35 - 2014-02-15 19:41 - 00000000 ____D () C:\Users\Jakob\AppData\Local\LooksBuilder 2014-02-15 19:34 - 2014-02-15 19:34 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Red Giant Link 2014-02-15 19:33 - 2014-02-15 19:33 - 00004202 _____ () C:\Windows\System32\Tasks\Red Giant Link 2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files\Magic Bullet Looks Vegas 2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files (x86)\Red Giant Link 2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files (x86)\LooksBuilder 2014-02-15 19:32 - 2014-03-03 19:54 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Downloaded Installations 2014-02-15 19:32 - 2014-02-15 19:32 - 00000000 ____D () C:\ProgramData\RedGiant 2014-02-14 15:22 - 2014-02-14 15:22 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Unity 2014-02-12 17:34 - 1999-01-18 21:55 - 00348160 _____ (DevPower Development Tools) C:\Windows\SysWOW64\FlatBtn6.ocx 2014-02-09 18:52 - 2014-02-09 18:52 - 00000000 ____D () C:\ProgramData\Screaming Bee 2014-02-09 18:50 - 2014-02-09 18:52 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Screaming Bee 2014-02-09 14:36 - 2014-02-09 14:36 - 00002853 _____ () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk 2014-02-09 14:36 - 2014-02-09 14:36 - 00000000 ____D () C:\Program Files (x86)\Windows Installer Clean Up 2014-02-09 14:35 - 2014-02-09 14:36 - 00000000 ____D () C:\Program Files (x86)\MSECACHE 2014-02-08 16:27 - 2014-02-08 16:27 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo 2014-02-08 16:27 - 2014-02-08 16:27 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan 2014-02-06 15:10 - 2014-02-06 15:36 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-02-06 15:10 - 2014-02-06 15:10 - 00000000 ____D () C:\Users\Jakob\AppData\Local\PunkBuster 2014-02-06 15:10 - 2014-02-06 15:10 - 00000000 ____D () C:\Users\Jakob\AppData\Local\ESN 2014-02-06 15:10 - 2014-02-06 15:10 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-02-06 15:06 - 2014-02-06 15:10 - 00000000 ____D () C:\Users\Jakob\Documents\Battlefield 3 2014-02-06 15:06 - 2014-02-06 15:06 - 00000000 ____D () C:\ProgramData\EA Core 2014-02-05 06:59 - 2014-02-06 15:36 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-02-05 06:59 - 2014-02-06 15:36 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-02-05 06:59 - 2014-02-06 15:17 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe ==================== One Month Modified Files and Folders ======= 2014-03-07 13:37 - 2014-03-07 13:37 - 00000000 ____D () C:\FRST 2014-03-07 13:35 - 2014-03-07 13:35 - 00000000 _____ () C:\Users\Jakob\defogger_reenable 2014-03-07 13:35 - 2014-01-03 15:13 - 00000000 ____D () C:\Users\Jakob 2014-03-07 13:34 - 2014-01-03 15:17 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-07 12:44 - 2014-02-22 20:08 - 00075365 _____ () C:\Windows\WindowsUpdate.log 2014-03-07 12:44 - 2014-01-03 21:11 - 00004154 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-03-07 12:44 - 2014-01-03 16:50 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Adobe 2014-03-06 20:47 - 2009-07-14 05:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-06 20:47 - 2009-07-14 05:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-06 19:58 - 2014-03-06 19:58 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Malwarebytes 2014-03-06 19:58 - 2014-03-06 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-06 19:15 - 2014-02-24 20:25 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SA-MP Live 2014-03-06 19:15 - 2014-01-03 21:19 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Wise Care 365 2014-03-06 19:15 - 2014-01-03 20:58 - 00000000 ____D () C:\Windows\Minidump 2014-03-06 19:13 - 2014-01-03 21:21 - 00000342 _____ () C:\Windows\Tasks\Wise Care 365.job 2014-03-06 19:00 - 2014-01-03 17:14 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Dropbox 2014-03-06 17:49 - 2009-07-14 18:58 - 00696506 _____ () C:\Windows\system32\perfh007.dat 2014-03-06 17:49 - 2009-07-14 18:58 - 00147802 _____ () C:\Windows\system32\perfc007.dat 2014-03-06 17:49 - 2009-07-14 06:13 - 01611992 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-06 17:44 - 2014-01-03 17:16 - 00000000 ___RD () C:\Users\Jakob\Dropbox 2014-03-06 17:43 - 2014-01-03 15:22 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-03-06 17:43 - 2014-01-03 15:17 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-06 17:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-05 19:27 - 2014-01-03 17:27 - 00000132 _____ () C:\Users\Jakob\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen 2014-03-05 11:21 - 2014-03-05 11:21 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\ZokanBINDER 2014-03-04 18:30 - 2014-03-04 16:57 - 00000000 ____D () C:\Users\Jakob\Documents\GTA San Andreas User Files 2014-03-04 16:41 - 2014-03-04 16:39 - 00000000 ____D () C:\Users\Public\Documents\GTA San Andreas User Files 2014-03-04 12:32 - 2014-03-04 12:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01005.Wdf 2014-03-04 12:32 - 2009-07-14 03:34 - 00000431 _____ () C:\Windows\win.ini 2014-03-04 10:16 - 2014-01-04 15:29 - 00000000 ____D () C:\ProgramData\PMS 2014-03-03 20:01 - 2014-02-28 19:45 - 00000000 ____D () C:\Program Files\Recuva 2014-03-03 19:54 - 2014-03-03 19:54 - 01283480 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.dll 2014-03-03 19:54 - 2014-03-03 19:54 - 01241440 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.exe 2014-03-03 19:54 - 2014-03-03 19:54 - 00531352 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.dll 2014-03-03 19:54 - 2014-03-03 19:54 - 00420744 _____ () C:\Windows\system32\mfcoredll.dll 2014-03-03 19:54 - 2014-03-03 19:54 - 00382856 _____ () C:\Windows\SysWOW64\mfcoredll.dll 2014-03-03 19:54 - 2014-03-03 19:54 - 00316760 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.exe 2014-03-03 19:54 - 2014-03-03 19:54 - 00147344 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.x64 2014-03-03 19:54 - 2014-03-03 19:54 - 00073624 _____ () C:\Windows\system32\Drivers\mfcore.sys 2014-03-03 19:54 - 2014-03-03 19:54 - 00067472 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.x86 2014-03-03 19:54 - 2014-03-03 19:54 - 00016792 _____ () C:\Windows\system32\mfcoresvc.exe 2014-03-03 19:54 - 2014-03-03 19:54 - 00000000 ____D () C:\Program Files\MiniFrame 2014-03-03 19:54 - 2014-02-15 19:32 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Downloaded Installations 2014-03-03 16:09 - 2014-01-04 17:00 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-03-02 19:58 - 2014-01-18 16:37 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Audacity 2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\OBS 2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software 2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Program Files\OBS 2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Program Files (x86)\OBS 2014-03-02 10:52 - 2014-03-02 10:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-02 10:52 - 2014-03-02 10:52 - 00000000 ____D () C:\Program Files\iTunes 2014-03-02 10:52 - 2014-03-02 10:52 - 00000000 ____D () C:\Program Files\iPod 2014-03-01 20:08 - 2014-02-28 20:49 - 00000000 ____D () C:\output 2014-02-28 19:42 - 2014-02-28 19:42 - 05510289 _____ (Essential Data Tools ) C:\Users\Jakob\Downloads\photorescuepro_setup.exe 2014-02-27 17:24 - 2014-01-03 17:33 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\.minecraft 2014-02-24 21:15 - 2014-02-24 21:15 - 00000000 ____D () C:\Users\Jakob\AppData\Local\PDF24 2014-02-24 20:01 - 2014-02-24 20:01 - 00087704 _____ () C:\Windows\cadkasdeinst01.exe 2014-02-24 20:01 - 2014-02-24 20:01 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 4.0 2014-02-24 20:01 - 2014-02-24 20:01 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\CAD-KAS 2014-02-22 20:06 - 2009-07-14 05:45 - 04945032 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-22 18:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help 2014-02-22 18:48 - 2014-02-19 21:52 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\MediaPurge 2014-02-22 18:42 - 2014-02-22 18:42 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\JAM Software 2014-02-22 17:12 - 2014-02-22 14:59 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe 2014-02-22 17:12 - 2014-01-03 16:51 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Adobe 2014-02-22 16:59 - 2014-02-22 16:15 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\uTorrent 2014-02-22 16:57 - 2014-02-22 15:00 - 00000000 ____D () C:\Users\Jakob\Documents\Adobe 2014-02-22 16:09 - 2014-02-22 14:13 - 00000000 ____D () C:\Program Files\Adobe 2014-02-22 16:09 - 2014-01-03 15:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-02-22 15:18 - 2014-02-22 15:18 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\MAXON 2014-02-22 15:00 - 2014-02-22 15:00 - 00003504 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Jakobs-PC-Jakob 2014-02-22 15:00 - 2014-02-22 15:00 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\PDAppFlex 2014-02-22 14:19 - 2014-02-22 13:37 - 02951193 _____ () C:\Users\Jakob\Documents\Fertiges LiedWindows Media Audio V11_Audio in CD-Qualität mit 128 Kbit-s, 24 Bit, Stereo.wma 2014-02-22 14:18 - 2014-01-03 15:16 - 00060728 _____ () C:\Users\Jakob\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-22 14:13 - 2014-01-03 17:14 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-02-22 13:53 - 2014-01-03 16:52 - 00000000 ____D () C:\ProgramData\Adobe 2014-02-22 11:47 - 2014-02-19 21:18 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Apple Computer 2014-02-21 18:04 - 2014-02-21 18:04 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-02-21 18:04 - 2014-01-03 15:22 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-02-21 14:28 - 2014-01-03 15:17 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-21 14:28 - 2014-01-03 15:17 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-02-19 22:36 - 2014-02-19 22:35 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\DVDVideoSoft 2014-02-19 21:52 - 2014-02-19 21:52 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mediapurge 2014-02-19 21:22 - 2014-02-19 21:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-02-19 21:18 - 2014-02-19 21:18 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Apple Computer 2014-02-19 21:18 - 2014-02-19 21:18 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Apple 2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\ProgramData\Apple 2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files\Bonjour 2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update 2014-02-17 18:11 - 2014-02-17 18:11 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer 2014-02-15 21:17 - 2014-02-15 21:17 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab 2014-02-15 21:06 - 2014-02-15 21:06 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Sony Creative Software Inc 2014-02-15 19:41 - 2014-02-15 19:35 - 00000000 ____D () C:\Users\Jakob\AppData\Local\LooksBuilder 2014-02-15 19:34 - 2014-02-15 19:34 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Red Giant Link 2014-02-15 19:33 - 2014-02-15 19:33 - 00004202 _____ () C:\Windows\System32\Tasks\Red Giant Link 2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files\Magic Bullet Looks Vegas 2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files (x86)\Red Giant Link 2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files (x86)\LooksBuilder 2014-02-15 19:32 - 2014-02-15 19:32 - 00000000 ____D () C:\ProgramData\RedGiant 2014-02-15 17:01 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-15 09:44 - 2014-02-01 18:23 - 00000000 ____D () C:\ProgramData\Origin 2014-02-14 15:22 - 2014-02-14 15:22 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Unity 2014-02-09 19:01 - 2014-01-06 18:57 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\PhotoScape 2014-02-09 18:52 - 2014-02-09 18:52 - 00000000 ____D () C:\ProgramData\Screaming Bee 2014-02-09 18:52 - 2014-02-09 18:50 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Screaming Bee 2014-02-09 16:19 - 2014-01-03 17:13 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Sony 2014-02-09 14:36 - 2014-02-09 14:36 - 00002853 _____ () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk 2014-02-09 14:36 - 2014-02-09 14:36 - 00000000 ____D () C:\Program Files (x86)\Windows Installer Clean Up 2014-02-09 14:36 - 2014-02-09 14:35 - 00000000 ____D () C:\Program Files (x86)\MSECACHE 2014-02-09 14:35 - 2014-01-03 15:13 - 00000000 ____D () C:\Users\Jakob\AppData\Local\VirtualStore 2014-02-09 14:32 - 2014-01-12 14:32 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-02-08 19:34 - 2014-02-21 18:02 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-02-08 19:34 - 2014-02-21 18:02 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 00483104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 00408352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 00378656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-02-08 19:34 - 2014-02-21 18:02 - 00148528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-02-08 19:34 - 2014-01-03 15:22 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2014-02-08 19:34 - 2014-01-03 15:22 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2014-02-08 19:34 - 2014-01-03 15:20 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-02-08 19:34 - 2014-01-03 15:20 - 18257576 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2014-02-08 19:34 - 2014-01-03 15:20 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-02-08 19:34 - 2014-01-03 15:20 - 14669032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2014-02-08 19:34 - 2014-01-03 15:20 - 03090184 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2014-02-08 19:34 - 2014-01-03 15:20 - 02713728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-02-08 19:34 - 2014-01-03 15:20 - 00947296 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2014-02-08 19:34 - 2014-01-03 15:20 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-02-08 19:34 - 2014-01-03 15:20 - 00024544 _____ () C:\Windows\system32\nvinfo.pb 2014-02-08 18:42 - 2014-01-03 15:22 - 06712608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2014-02-08 18:42 - 2014-01-03 15:22 - 03498272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2014-02-08 18:42 - 2014-01-03 15:22 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2014-02-08 18:42 - 2014-01-03 15:22 - 00923936 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2014-02-08 18:42 - 2014-01-03 15:22 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2014-02-08 18:42 - 2014-01-03 15:22 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2014-02-08 17:18 - 2014-02-21 18:03 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-02-08 16:27 - 2014-02-08 16:27 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo 2014-02-08 16:27 - 2014-02-08 16:27 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan 2014-02-06 15:36 - 2014-02-06 15:10 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-02-06 15:36 - 2014-02-05 06:59 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-02-06 15:36 - 2014-02-05 06:59 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-02-06 15:17 - 2014-02-05 06:59 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-02-06 15:10 - 2014-02-06 15:10 - 00000000 ____D () C:\Users\Jakob\AppData\Local\PunkBuster 2014-02-06 15:10 - 2014-02-06 15:10 - 00000000 ____D () C:\Users\Jakob\AppData\Local\ESN 2014-02-06 15:10 - 2014-02-06 15:10 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-02-06 15:10 - 2014-02-06 15:06 - 00000000 ____D () C:\Users\Jakob\Documents\Battlefield 3 2014-02-06 15:06 - 2014-02-06 15:06 - 00000000 ____D () C:\ProgramData\EA Core 2014-02-06 15:06 - 2014-02-01 18:24 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Origin 2014-02-06 15:06 - 2014-02-01 18:23 - 00000000 ____D () C:\ProgramData\Electronic Arts 2014-02-05 18:52 - 2014-01-03 15:22 - 03573739 _____ () C:\Windows\system32\nvcoproc.bin ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-01 14:53 ==================== End Of Log ============================

--- --- ---

Addition

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2014 Ran by Jakob at 2014-03-07 13:37:22 Running from D:\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Internet Security (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== µTorrent (HKCU\...\uTorrent) (Version: 3.4.0.30596 - BitTorrent Inc.) Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.1 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.1.351 - Adobe Systems Incorporated) Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) APB Reloaded (HKLM-x32\...\Steam App 113400) (Version: - Reloaded Productions) Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology) aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.5187 - DsNET Corp) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) Autodesk 3ds Max 2014 (HKLM\...\Autodesk 3ds Max 2014) (Version: 16.0.420.0 - Autodesk) Autodesk 3ds Max 2014 (Version: 16.0.420.0 - Autodesk) Hidden Autodesk 3ds Max 2014 64-bit Populate Data (HKLM\...\{7491836B-659E-47DD-ABBF-F875AD48FD10}) (Version: 1.0.0.1 - Autodesk) Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.) Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk) Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk) Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden Autodesk Essential Skills Movies for 3ds Max 2014 64-bit (HKLM\...\{E8814D63-BB76-4C89-A25E-264ECF11D00D}) (Version: 1.2.0.0 - Autodesk) Autodesk Inventor Server Engine for 3ds Max 2014 64-bit (HKLM\...\{009751C6-22D7-4548-A313-AD48FA57076F}) (Version: 16.0 - Autodesk) Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.32.600 - Autodesk) Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.32.600 - Autodesk) Autodesk Material Library Medium Resolution Image Library 2014 (HKLM-x32\...\{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}) (Version: 4.0.32.600 - Autodesk) Autodesk Revit Interoperability for 3ds Max 2014 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2014) (Version: 13.02.15161 - Autodesk) Autodesk Revit Interoperability for 3ds Max 2014 (Version: 13.02.15161 - Autodesk) Hidden AutoHotkey 1.1.14.01 (HKLM-x32\...\AutoHotkey) (Version: 1.1.14.01 - Lexikos) avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2011 - Avast Software) Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB) BeamNG.drive (HKCU\...\BeamNG.drive) (Version: 0.3.0.5 - beamng.com) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version: - Criterion Games) Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth) CheckDrive (HKLM-x32\...\{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1) (Version: 4.4 - Abelssoft) Cinema 4D version R12 (HKLM-x32\...\{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1) (Version: R12 - Salat Production) Command and Conquer: Red Alert 3 - Uprising (HKLM-x32\...\Steam App 24800) (Version: - EA Los Angeles) Configo (HKLM-x32\...\{9DDF445F-D818-4280-B182-41FAC10DB715}) (Version: 2.1.7.0 - Philips) CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version: - Crytek Studios) CrystalDiskInfo 6.0.4 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.0.4 - Crystal Dew World) Dead Space (HKLM-x32\...\Steam App 17470) (Version: - EA Redwood Shores) DisplayShare (HKLM-x32\...\{9E72D298-A015-4EB5-B11A-7B24A53A652F}) (Version: 1.1.0 - Golden Signals) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Driver: Parallel Lines (HKLM-x32\...\Steam App 21780) (Version: - Ubisoft Reflections) Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.) Dropbox Folder Sync addon (HKLM-x32\...\{E0B7CA7A-98B0-4EF1-87F5-FF6B02DC06A9}_is1) (Version: 2.7 - Sowrabh & Satyadeep) Duke Nukem Forever (HKLM-x32\...\Steam App 57900) (Version: - Gearbox Software) ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation) FalNET G19 Display Manager (HKLM-x32\...\FalNET G19 Display Manager_is1) (Version: - FalNET) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.2.7.218 - DVDVideoSoft Ltd.) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North) Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto) GTASA Ultimate Editor 3.6.6 (HKLM-x32\...\GTASA Ultimate Editor_is1) (Version: 3.6.6 - Wackedout Ink.) Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation) iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle) Left 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve) Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.) Logon Screen (HKLM\...\{1730D13B-7517-4321-A88B-64627CF67CDC}_is1) (Version: - Daniel Rebelo) Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{26055432-339E-4776-803B-F22240B91864}) (Version: 11.1.2 - Red Giant Software) Magic Bullet Suite 64-bit (Version: 11.1.2 - Red Giant Software) Hidden Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Medal of Honor(TM) Multiplayer (HKLM-x32\...\Steam App 47830) (Version: - Electronic Arts) Medal of Honor(TM) Single Player (HKLM-x32\...\Steam App 47790) (Version: - Electronic Arts) Mediapurge (HKLM-x32\...\Mediapurge) (Version: 1.10 - Peter Lorenz) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft) Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version: - DICE) MorphVOX Junior (HKLM-x32\...\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}) (Version: 2.8.1 - Screaming Bee) MorphVOX Pro (HKLM-x32\...\{53AB1F25-D607-4B4D-8FD5-74E03F2F9414}) (Version: 4.4.7 - Screaming Bee) Mozilla Firefox 26.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla) Mozilla Thunderbird 24.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.1.1 (x86 de)) (Version: 24.1.1 - Mozilla) Mozilla Thunderbird 24.3.0 (x86 de) (HKCU\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla) MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD) MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - MSI Co., LTD) MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden MTA:SA v1.3.1 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.1 - Multi Theft Auto) Need for Speed: Undercover (HKLM-x32\...\Steam App 17430) (Version: - EA Black Box) Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 334.89 - NVIDIA Corporation) NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation) NVIDIA Grafiktreiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3489 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.) PDF Editor 4 (HKLM-x32\...\PDF Editor 4) (Version: - ) PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PhotoRescue Pro (HKLM-x32\...\{5260B91C-28E1-4fe9-B2EE-BE1B6C82621A}_is1) (Version: 6.10 - Essential Data Tools) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Populous (HKLM-x32\...\{476CD9DE-C45F-4443-BFA7-E51C58B7E455}) (Version: 1.0.0.0 - Electronic Arts) Portal (HKLM-x32\...\Steam App 400) (Version: - Valve) Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve) PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek) Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform) Red Faction: Guerrilla (HKLM-x32\...\Steam App 20500) (Version: - Volition) Rigs of Rods 0.38.67 (HKLM-x32\...\Rigs of Rods 0.38.67) (Version: 0.38.67 - Rigs of Rods Team) RivaTuner Statistics Server 5.2.0 (HKLM-x32\...\RTSS) (Version: 5.2.0 - Unwinder) Sanny Builder 3.1.3 (HKLM-x32\...\Sanny Builder 3_is1) (Version: - ) SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version: - Sumo Digital) Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer) Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic) TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation) Vegas Pro 11.0 (64-bit) (HKLM\...\{7E3B2D0F-029B-11E2-BD68-F04DA23A5C58}) (Version: 11.0.701 - Sony) WideCap 1.5 (HKLM-x32\...\WideCap_is1) (Version: - ) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation) WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2014-02-22 11:21 - 2014-02-09 15:46 - 00517700 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 0.0.0.0 fr.a2dfp.net 0.0.0.0 m.fr.a2dfp.net 0.0.0.0 mfr.a2dfp.net 0.0.0.0 ad.a8.net 0.0.0.0 asy.a8ww.net 0.0.0.0 abcstats.com 0.0.0.0 ad4.abradio.cz 0.0.0.0 a.abv.bg 0.0.0.0 adserver.abv.bg 0.0.0.0 adv.abv.bg 0.0.0.0 bimg.abv.bg 0.0.0.0 ca.abv.bg 0.0.0.0 www2.a-counter.kiev.ua 0.0.0.0 track.acclaimnetwork.com 0.0.0.0 accuserveadsystem.com 0.0.0.0 www.accuserveadsystem.com 0.0.0.0 achmedia.com 0.0.0.0 csh.actiondesk.com 0.0.0.0 ads.activepower.net 0.0.0.0 app.activetrail.com 0.0.0.0 stat.active24stats.nl #[Tracking.Cookie] 0.0.0.0 traffic.acwebconnecting.com 0.0.0.0 office.ad1.ru 0.0.0.0 cms.ad2click.nl 0.0.0.0 ad2games.com 0.0.0.0 ads.ad2games.com 0.0.0.0 content.ad20.net 0.0.0.0 core.ad20.net There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {00E50BDE-BB4E-4C7C-B3CC-BE5008C48210} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-03] (Google Inc.) Task: {06BD44F4-2064-4579-B0D0-E2EC7CD65226} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-03] (Google Inc.) Task: {540E9963-F316-4CD0-A46D-B5AFA2CA3A7E} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2014-02-15] () Task: {872D460C-475C-46E1-B5F3-D86271A28E6C} - System32\Tasks\AdobeAAMUpdater-1.0-Jakobs-PC-Jakob => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated) Task: {8B7BF08D-2AE7-4681-85DB-A146B9B53558} - System32\Tasks\avast! Emergency Update => D:\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-03] (AVAST Software) Task: {C84E150E-189D-4F36-8E9E-53C986DB2AE8} - System32\Tasks\Wise Care 365 => D:\Wise\Wise Care 365\WiseTray.exe [2012-11-19] (WiseCleaner.com) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Wise Care 365.job => D:\Wise\Wise Care 365\WiseTray.exe ==================== Loaded Modules (whitelisted) ============= 2014-01-03 15:22 - 2014-02-08 18:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-02-11 03:21 - 2014-02-11 03:21 - 00644464 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll 2011-09-15 05:19 - 2011-09-15 05:19 - 00086016 _____ () D:\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe 2014-02-05 06:59 - 2014-02-06 15:17 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-03-05 18:41 - 2014-03-05 17:31 - 02186752 _____ () D:\AVAST Software\Avast\defs\14030500\algo.dll 2014-03-05 16:58 - 2009-05-05 19:10 - 00327168 _____ () D:\WideCap\widecapdrv.dll 2014-03-05 16:58 - 2009-05-05 19:10 - 00578048 _____ () D:\WideCap\proxy32.dll 2014-03-07 12:44 - 2014-03-07 10:38 - 02186752 _____ () D:\AVAST Software\Avast\defs\14030700\algo.dll 2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-01-03 21:11 - 2014-01-03 21:11 - 19336120 _____ () D:\AVAST Software\Avast\libcef.dll 2014-03-04 10:30 - 2014-03-02 03:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll 2014-03-04 10:30 - 2014-03-02 03:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll 2014-03-04 10:30 - 2014-03-02 03:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll 2014-03-04 10:30 - 2014-03-02 03:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll 2014-03-04 10:30 - 2014-03-02 03:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll 2014-03-04 10:30 - 2014-03-02 03:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Jakob\Anwendungsdaten:NT AlternateDataStreams: C:\Users\Jakob\AppData\Roaming:NT ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: SM-Bus-Controller Description: SM-Bus-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: PCI-Kommunikationscontroller (einfach) Description: PCI-Kommunikationscontroller (einfach) Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/06/2014 08:42:07 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.75.0.1, Zeitstempel: 0x511f8eb2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003207d4 ID des fehlerhaften Prozesses: 0x1b4c Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 Error: (03/06/2014 05:43:59 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (03/06/2014 05:43:27 PM) (Source: WideCap) (User: ) Description: [pnkbstra.exe] (2160) Exception EAccessViolation: Access violation at address 0601B8AA in module 'widecapdrv.dll'. Read of address 00000001 (OS Exception) Exception occured at $00000000 (Module "", Procedure "", Unit "", Line 0) Except frame-dump: Frame at $00C3D378 (type: efkUnknown) Code at $00C3D37C Module "", Procedure "", Unit "", Line 0 Frame at $00C3D384 (type: efkUnknown) Code at $00C3D388 Module "", Procedure "", Unit "", Line 0 Frame at $00C3D480 (type: efkUnknown) Code at $00C3D484 Module "", Procedure "", Unit "", Line 0 Error: (03/05/2014 05:45:54 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7005 Error: (03/05/2014 05:45:54 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7005 Error: (03/05/2014 05:45:54 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/05/2014 05:45:53 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6006 Error: (03/05/2014 05:45:53 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6006 Error: (03/05/2014 05:45:53 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/05/2014 05:45:52 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5008 System errors: ============= Error: (03/04/2014 08:10:27 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (03/04/2014 00:30:59 PM) (Source: DCOM) (User: ) Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} Error: (03/03/2014 08:05:12 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (03/03/2014 07:54:53 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SoftXpand 2011 Watchdog" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (02/27/2014 04:18:29 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (02/27/2014 04:18:29 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (02/22/2014 09:46:15 PM) (Source: BugCheck) (User: ) Description: 0x0000003b (0x00000000c0000005, 0xfffff960000c4283, 0xfffff880039bdff0, 0x0000000000000000)C:\Windows\MEMORY.DMP022214-6240-01 Error: (02/22/2014 09:46:14 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am ‎22.‎02.‎2014 um 21:44:46 unerwartet heruntergefahren. Error: (02/22/2014 08:06:40 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird, auswählen. Error: (02/22/2014 08:06:46 PM) (Source: BugCheck) (User: ) Description: 0x00000050 (0xfffff900c381ecf0, 0x0000000000000000, 0xfffff960002fc69d, 0x0000000000000000)C:\Windows\MEMORY.DMP022214-11949-01 Microsoft Office Sessions: ========================= Error: (03/06/2014 08:42:07 PM) (Source: Application Error)(User: ) Description: mbam.exe1.75.0.1511f8eb2unknown0.0.0.000000000c0000005003207d41b4c01cf396e04691205D:\Malwarebytes' Anti-Malware\mbam.exeunknown65e9e10d-a567-11e3-a40e-10bf4889a312 Error: (03/06/2014 05:43:59 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (03/06/2014 05:43:27 PM) (Source: WideCap)(User: ) Description: [pnkbstra.exe] (2160) Exception EAccessViolation: Access violation at address 0601B8AA in module 'widecapdrv.dll'. Read of address 00000001 (OS Exception) Exception occured at $00000000 (Module "", Procedure "", Unit "", Line 0) Except frame-dump: Frame at $00C3D378 (type: efkUnknown) Code at $00C3D37C Module "", Procedure "", Unit "", Line 0 Frame at $00C3D384 (type: efkUnknown) Code at $00C3D388 Module "", Procedure "", Unit "", Line 0 Frame at $00C3D480 (type: efkUnknown) Code at $00C3D484 Module "", Procedure "", Unit "", Line 0 Error: (03/05/2014 05:45:54 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7005 Error: (03/05/2014 05:45:54 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7005 Error: (03/05/2014 05:45:54 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/05/2014 05:45:53 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6006 Error: (03/05/2014 05:45:53 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6006 Error: (03/05/2014 05:45:53 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/05/2014 05:45:52 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5008 CodeIntegrity Errors: =================================== Date: 2014-01-03 15:33:03.674 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Jakob\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-03 15:33:03.672 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Jakob\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-03 15:33:03.633 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-01-03 15:33:03.631 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 29% Total physical RAM: 8143.79 MB Available physical RAM: 5779.7 MB Total Pagefile: 16285.72 MB Available Pagefile: 13337.79 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (SSD) (Fixed) (Total:111.79 GB) (Free:65.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (SSHD) (Fixed) (Total:931.51 GB) (Free:688.99 GB) NTFS Drive e: (HDD) (Fixed) (Total:931.51 GB) (Free:465.72 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 00030506) Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 000D8998) Partition: GPT Partition Type. ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 83DB944D) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Defogger gab keine Fehlermeldung aus, weshalb ich dessen Log nicht einfügen werde.

Der GMER-Log war zu groß und musste somit als Anhang zur Verfügung gestellt werden!

Dies ist noch der Log von Malwarebytes, der mich darauf aufmerksam machte:

Code:

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.06.08 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Jakob :: JAKOBS-PC [Administrator] 06.03.2014 19:58:51 mbam-log-2014-03-06 (19-58-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 602619 Laufzeit: 32 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCR\Typelib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.OutBrowse) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.OutBrowse) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\Jakob\AppData\Roaming\dclogs (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 1 C:\Users\Jakob\AppData\Roaming\dclogs\2014-01-12-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende)

Ich glaube das sollte es gewesen sein.

Mit freundlichen Grüßen
Jakob

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Guten Tag schrauber,
hier die Logfile:

Combofix Logfile:

Code:

ComboFix 14-03-05.01 - Jakob 07.03.2014 15:09:56.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.8144.5739 [GMT 1:00] ausgeführt von:: d:\desktop\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\settings.ini . . ((((((((((((((((((((((( Dateien erstellt von 2014-02-07 bis 2014-03-07 )))))))))))))))))))))))))))))) . . 2014-03-07 14:12 . 2014-03-07 14:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-07 12:37 . 2014-03-07 12:37 -------- d-----w- C:\FRST 2014-03-06 18:58 . 2014-03-06 18:58 -------- d-----w- c:\users\Jakob\AppData\Roaming\Malwarebytes 2014-03-06 18:58 . 2014-03-06 18:58 -------- d-----w- c:\programdata\Malwarebytes 2014-03-06 18:58 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-03-05 10:21 . 2014-03-05 10:21 -------- d-----w- c:\users\Jakob\AppData\Roaming\ZokanBINDER 2014-03-03 18:54 . 2014-03-03 18:54 67472 ----a-w- c:\windows\SysWow64\mfcoresfp.x86 2014-03-03 18:54 . 2014-03-03 18:54 -------- d-----w- c:\program files\MiniFrame 2014-03-03 18:54 . 2014-03-03 18:54 316760 ----a-w- c:\windows\SysWow64\mfcoresfp.exe 2014-03-03 18:54 . 2014-03-03 18:54 73624 ----a-w- c:\windows\system32\drivers\mfcore.sys 2014-03-03 18:54 . 2014-03-03 18:54 531352 ----a-w- c:\windows\SysWow64\mfcoresfp.dll 2014-03-03 18:54 . 2014-03-03 18:54 420744 ----a-w- c:\windows\system32\mfcoredll.dll 2014-03-03 18:54 . 2014-03-03 18:54 382856 ----a-w- c:\windows\SysWow64\mfcoredll.dll 2014-03-03 18:54 . 2014-03-03 18:54 16792 ----a-w- c:\windows\system32\mfcoresvc.exe 2014-03-03 18:54 . 2014-03-03 18:54 147344 ----a-w- c:\windows\system32\mfcoresfp.x64 2014-03-03 18:54 . 2014-03-03 18:54 1283480 ----a-w- c:\windows\system32\mfcoresfp.dll 2014-03-03 18:54 . 2014-03-03 18:54 1241440 ----a-w- c:\windows\system32\mfcoresfp.exe 2014-03-02 13:31 . 2014-03-02 13:31 -------- d-----w- c:\users\Jakob\AppData\Roaming\OBS 2014-03-02 13:31 . 2014-03-02 13:31 -------- d-----w- c:\program files\OBS 2014-03-02 13:31 . 2014-03-02 13:31 -------- d-----w- c:\program files (x86)\OBS 2014-03-02 09:52 . 2014-03-02 09:52 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-02 09:52 . 2014-03-02 09:52 -------- d-----w- c:\program files\iTunes 2014-03-02 09:52 . 2014-03-02 09:52 -------- d-----w- c:\program files\iPod 2014-02-28 19:49 . 2014-03-01 19:08 -------- d-----w- C:\output 2014-02-28 18:45 . 2014-03-03 19:01 -------- d-----w- c:\program files\Recuva 2014-02-24 20:15 . 2014-02-24 20:15 -------- d-----w- c:\users\Jakob\AppData\Local\PDF24 2014-02-24 19:01 . 2014-02-24 19:01 -------- d-----w- c:\users\Jakob\AppData\Roaming\CAD-KAS 2014-02-24 19:01 . 2014-02-24 19:01 87704 ----a-w- c:\windows\cadkasdeinst01.exe 2014-02-22 17:42 . 2014-02-22 17:42 -------- d-----w- c:\users\Jakob\AppData\Roaming\JAM Software 2014-02-22 15:15 . 2014-02-22 15:59 -------- d-----w- c:\users\Jakob\AppData\Roaming\uTorrent 2014-02-22 14:21 . 2014-03-02 09:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2014-02-22 14:21 . 2014-03-02 09:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2014-02-22 14:21 . 2014-03-02 09:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2014-02-22 14:21 . 2014-03-02 09:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2014-02-22 14:21 . 2014-03-02 09:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2014-02-22 14:18 . 2014-02-22 14:18 -------- d-----w- c:\users\Jakob\AppData\Roaming\MAXON 2014-02-22 14:00 . 2014-02-22 14:00 -------- d-----w- c:\users\Jakob\AppData\Roaming\PDAppFlex 2014-02-22 13:59 . 2014-02-22 16:12 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2014-02-22 13:13 . 2014-02-22 15:09 -------- d-----w- c:\program files\Adobe 2014-02-22 10:17 . 2014-02-22 10:17 -------- d-----w- c:\users\Jakob\AppData\Local\ElevatedDiagnostics 2014-02-21 17:04 . 2014-02-21 17:04 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2014-02-21 17:03 . 2014-02-08 16:18 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2014-02-19 21:35 . 2014-02-19 21:36 -------- d-----w- c:\users\Jakob\AppData\Roaming\DVDVideoSoft 2014-02-19 21:35 . 2014-02-19 21:35 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft 2014-02-19 20:52 . 2014-02-22 17:48 -------- d-----w- c:\users\Jakob\AppData\Roaming\MediaPurge 2014-02-19 20:18 . 2014-02-22 10:47 -------- d-----w- c:\users\Jakob\AppData\Roaming\Apple Computer 2014-02-19 20:18 . 2014-02-19 20:18 -------- d-----w- c:\users\Jakob\AppData\Local\Apple Computer 2014-02-19 20:18 . 2014-02-19 20:18 -------- dc----w- c:\windows\system32\DRVSTORE 2014-02-19 20:18 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2014-02-19 20:18 . 2014-02-19 20:18 -------- d-----w- c:\programdata\Apple Computer 2014-02-19 20:17 . 2014-02-19 20:17 -------- d-----w- c:\users\Jakob\AppData\Local\Apple 2014-02-19 20:17 . 2014-02-19 20:17 -------- d-----w- c:\program files (x86)\Apple Software Update 2014-02-19 20:17 . 2014-02-19 20:17 -------- d-----w- c:\program files\Common Files\Apple 2014-02-19 20:17 . 2014-02-19 20:17 -------- d-----w- c:\program files\Bonjour 2014-02-19 20:17 . 2014-02-19 20:17 -------- d-----w- c:\program files (x86)\Bonjour 2014-02-19 20:17 . 2014-03-02 09:52 -------- d-----w- c:\program files (x86)\Common Files\Apple 2014-02-19 20:17 . 2014-02-19 20:17 -------- d-----w- c:\programdata\Apple 2014-02-15 20:17 . 2014-02-15 20:17 -------- d-----w- c:\program files (x86)\SystemRequirementsLab 2014-02-15 20:06 . 2014-02-15 20:06 -------- d-----w- c:\users\Jakob\AppData\Roaming\Sony Creative Software Inc 2014-02-15 18:35 . 2014-02-15 18:41 -------- d-----w- c:\users\Jakob\AppData\Local\LooksBuilder 2014-02-15 18:34 . 2014-02-15 18:34 -------- d-----w- c:\users\Jakob\AppData\Roaming\Red Giant Link 2014-02-15 18:33 . 2014-02-15 18:33 -------- d-----w- c:\program files\Magic Bullet Looks Vegas 2014-02-15 18:33 . 2014-02-15 18:33 -------- d-----w- c:\program files (x86)\LooksBuilder 2014-02-15 18:33 . 2014-02-15 18:33 -------- d-----w- c:\program files (x86)\Red Giant Link 2014-02-15 18:32 . 2014-02-15 18:32 -------- d-----w- c:\programdata\RedGiant 2014-02-15 18:32 . 2014-03-03 18:54 -------- d-----w- c:\users\Jakob\AppData\Local\Downloaded Installations 2014-02-14 14:22 . 2014-02-14 14:22 -------- d-----w- c:\users\Jakob\AppData\Local\Unity 2014-02-12 16:34 . 1999-01-18 20:55 348160 ----a-w- c:\windows\SysWow64\FlatBtn6.ocx 2014-02-09 17:52 . 2014-02-09 17:52 -------- d-----w- c:\program files (x86)\Common Files\Screaming Bee 2014-02-09 17:52 . 2014-02-09 17:52 -------- d-----w- c:\programdata\Screaming Bee 2014-02-09 17:50 . 2014-02-09 17:52 -------- d-----w- c:\users\Jakob\AppData\Roaming\Screaming Bee 2014-02-09 13:36 . 2014-02-09 13:36 3584 ----a-r- c:\users\Jakob\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe 2014-02-09 13:36 . 2014-02-09 13:36 -------- d-----w- c:\program files (x86)\Windows Installer Clean Up 2014-02-09 13:35 . 2014-02-09 13:36 -------- d-----w- c:\program files (x86)\MSECACHE 2014-02-06 14:10 . 2014-02-06 14:36 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2014-02-06 14:10 . 2014-02-06 14:10 -------- d-----w- c:\users\Jakob\AppData\Local\PunkBuster 2014-02-06 14:10 . 2014-02-06 14:10 -------- d-----w- c:\users\Jakob\AppData\Local\ESN 2014-02-06 14:10 . 2014-02-06 14:10 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins 2014-02-06 14:06 . 2014-02-07 14:18 -------- d-----w- c:\programdata\EA Logs 2014-02-06 14:06 . 2014-02-06 14:06 -------- d-----w- c:\programdata\EA Core . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-08 18:34 . 2014-01-03 14:22 61216 ----a-w- c:\windows\system32\OpenCL.dll 2014-02-08 18:34 . 2014-01-03 14:22 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll 2014-02-08 18:34 . 2014-01-03 14:20 947296 ----a-w- c:\windows\system32\nvumdshimx.dll 2014-02-08 18:34 . 2014-01-03 14:20 875296 ----a-w- c:\windows\system32\NvFBC64.dll 2014-02-08 18:34 . 2014-01-03 14:20 31432480 ----a-w- c:\windows\system32\nvoglv64.dll 2014-02-08 18:34 . 2014-01-03 14:20 18257576 ----a-w- c:\windows\system32\nvwgf2umx.dll 2014-02-08 18:34 . 2014-01-03 14:20 3090184 ----a-w- c:\windows\system32\nvapi64.dll 2014-02-08 18:34 . 2014-01-03 14:20 2713728 ----a-w- c:\windows\SysWow64\nvapi.dll 2014-02-08 18:34 . 2014-01-03 14:20 17715784 ----a-w- c:\windows\system32\nvd3dumx.dll 2014-02-08 18:34 . 2014-01-03 14:20 14669032 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2014-02-08 17:42 . 2014-01-03 14:22 6712608 ----a-w- c:\windows\system32\nvcpl.dll 2014-02-08 17:42 . 2014-01-03 14:22 3498272 ----a-w- c:\windows\system32\nvsvc64.dll 2014-02-08 17:42 . 2014-01-03 14:22 923936 ----a-w- c:\windows\system32\nvvsvc.exe 2014-02-08 17:42 . 2014-01-03 14:22 63776 ----a-w- c:\windows\system32\nvshext.dll 2014-02-08 17:42 . 2014-01-03 14:22 386336 ----a-w- c:\windows\system32\nvmctray.dll 2014-02-08 17:42 . 2014-01-03 14:22 2559776 ----a-w- c:\windows\system32\nvsvcr.dll 2014-02-06 14:36 . 2014-02-05 05:59 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2014-02-06 14:36 . 2014-02-05 05:59 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2014-02-06 14:17 . 2014-02-05 05:59 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2014-02-05 17:52 . 2014-01-03 14:22 3573739 ----a-w- c:\windows\system32\nvcoproc.bin 2014-01-31 21:29 . 2014-01-31 21:29 119808 ----a-r- c:\users\Jakob\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe 2014-01-21 02:53 . 2014-01-10 19:53 1048152 ----a-w- c:\windows\SysWow64\nvspcap.dll 2014-01-21 02:53 . 2014-01-10 19:53 1179576 ----a-w- c:\windows\system32\nvspcap64.dll 2014-01-17 15:24 . 2014-01-17 15:24 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2014-01-17 15:24 . 2014-01-17 15:24 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2014-01-11 16:36 . 2014-01-11 16:36 1227264 ----a-w- c:\windows\SysWow64\dx8vb.dll 2014-01-08 12:30 . 2014-01-03 20:17 439648 ----a-w- c:\windows\system32\drivers\aswndisflt.sys 2014-01-03 20:17 . 2014-01-03 20:17 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2014-01-03 20:11 . 2014-01-03 20:11 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys 2014-01-03 20:11 . 2014-01-03 20:11 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2014-01-03 20:11 . 2014-01-03 20:11 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-01-03 20:11 . 2014-01-03 20:11 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-01-03 20:11 . 2014-01-03 20:11 43152 ----a-w- c:\windows\avastSS.scr 2014-01-03 20:11 . 2014-01-03 20:11 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys 2014-01-03 20:11 . 2014-01-03 20:11 334136 ----a-w- c:\windows\system32\aswBoot.exe 2014-01-03 20:11 . 2014-01-03 20:11 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-01-03 20:11 . 2014-01-03 20:11 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-01-03 16:37 . 2014-01-03 16:37 312744 ----a-w- c:\windows\system32\javaws.exe 2014-01-03 16:37 . 2014-01-03 16:37 189352 ----a-w- c:\windows\system32\javaw.exe 2014-01-03 16:37 . 2014-01-03 16:37 189352 ----a-w- c:\windows\system32\java.exe 2014-01-03 16:37 . 2014-01-03 16:37 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-12-27 18:42 . 2014-01-23 17:14 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2013-12-27 18:42 . 2014-01-23 17:14 33056 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2013-12-27 18:42 . 2014-01-10 19:52 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll 2013-12-19 20:33 . 2014-01-10 16:21 1884448 ----a-w- c:\windows\system32\nvdispco6433221.dll 2013-12-19 20:33 . 2014-01-10 16:21 1511712 ----a-w- c:\windows\system32\nvdispgenco6433221.dll 2013-12-16 00:54 . 2014-01-03 14:41 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCD6F1E3-2224-4E38-9F85-41B23D77F229}\mpengine.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Jakob\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Jakob\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Jakob\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="d:\steam\Steam.exe" [2014-02-25 1821888] "Akamai NetSession Interface"="c:\users\Jakob\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472] "EADM"="d:\origin\Origin.exe" [2014-02-15 3598680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648] "Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-02-11 2239376] "AvastUI.exe"="d:\avast software\Avast\AvastUI.exe" [2014-01-03 3764024] "PDFPrint"="d:\pdf24\pdf24.exe" [2014-02-06 189480] "QuickTime Task"="d:\quicktime\QTTask.exe" [2014-01-17 421888] "iTunesHelper"="d:\itunes\iTunesHelper.exe" [2014-02-21 152392] . c:\users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Jakob\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328] thunderbird.lnk - d:\thunderbird\thunderbird.exe [2014-2-6 390256] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Philips Configo.lnk - d:\configo\2.1.7.0\Configo.exe --daemon [2011-9-28 6343952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit;d:\autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe;d:\autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [x] R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys [x] R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x] S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 avast! Firewall;avast! Firewall;d:\avast software\Avast\afwServ.exe;d:\avast software\Avast\afwServ.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x] S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x] S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys;c:\windows\SYSNATIVE\Drivers\LGPBTDD.sys [x] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - kwriqpog . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-03-04 09:29 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2014-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-03 14:17] . 2014-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-03 14:17] . 2014-03-07 c:\windows\Tasks\Wise Care 365.job - d:\wise\Wise Care 365\WiseTray.exe [2014-01-03 18:49] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1] @="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}" [HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}] 2014-02-11 02:21 644464 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2] @="{853B7E05-C47D-4985-909A-D0DC5C6D7303}" [HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}] 2014-02-11 02:21 644464 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3] @="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}" [HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}] 2014-02-11 02:21 644464 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-01-03 20:11 287280 ----a-w- d:\avast software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Jakob\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Jakob\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Jakob\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Jakob\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-11-14 8292120] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-12-10 472984] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-01-21 1179576] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;*.local LSP: d:\widecap\widecapdrv.dll TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\0btwckdu.default\ . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1621289240-3782386781-216171386-1000\Software\SecuROM\License information*] "datasecu"=hex:de,1f,4a,48,95,b7,d4,6d,8d,79,3f,d3,17,cc,b8,bc,a8,37,a5,e1,ad, 1a,6a,1d,5b,4b,ca,bd,e1,a4,67,36,97,3d,62,87,d3,52,9f,7b,c7,52,52,c2,db,3a,\ "rkeysecu"=hex:d7,a4,ef,ee,7b,a3,71,24,e4,8c,8d,8f,a8,6c,a9,49 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2014-03-07 15:13:02 ComboFix-quarantined-files.txt 2014-03-07 14:13 . Vor Suchlauf: 11 Verzeichnis(se), 69.619.339.264 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 69.523.730.432 Bytes frei . - - End Of File - - 87010B1872604F9AAB1597AC3E5E3EDC A36C5E4F47E84449FF07ED3517B43A31

Bitte normal posten, ohne mittig, Fettschrift oder so :)

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hallo Schrauber,
hier die Logfiles:

AdwCleaner:

Code:

# AdwCleaner v3.020 - Bericht erstellt am 08/03/2014 um 15:53:20

# Aktualisiert 27/02/2014 von Xplode

# Betriebssystem : Windows 7 Ultimate  (64 bits)

# Benutzername : Jakob - JAKOBS-PC

# Gestartet von : D:\Desktop\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Show-Password
 

***** [ Browser ] *****
 

-\\ Internet Explorer v8.0.7600.16385
 
 

-\\ Mozilla Firefox v26.0 (de)
 

[ Datei : C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\0btwckdu.default\prefs.js ]
 
 

-\\ Google Chrome v33.0.1750.146
 

[ Datei : C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 

*************************
 

AdwCleaner[R0].txt - [1290 octets] - [08/03/2014 15:52:13]

AdwCleaner[S0].txt - [1161 octets] - [08/03/2014 15:53:20]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1221 octets] ##########

Malwarebytes:

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2014.03.06.08
 

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Jakob :: JAKOBS-PC [Administrator]
 

06.03.2014 19:58:51

mbam-log-2014-03-06 (19-58-51).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 602619

Laufzeit: 32 Minute(n), 32 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 2

HKCR\Typelib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.OutBrowse) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.OutBrowse) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 1

C:\Users\Jakob\AppData\Roaming\dclogs (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateien: 1

C:\Users\Jakob\AppData\Roaming\dclogs\2014-01-12-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2014

Ran by Jakob (administrator) on JAKOBS-PC on 08-03-2014 16:03:21

Running from D:\Desktop

Windows 7 Ultimate (X64) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(AVAST Software) D:\AVAST Software\Avast\AvastSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(AVAST Software) D:\AVAST Software\Avast\afwServ.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() D:\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Safer-Networking Ltd.) D:\Spybot - Search & Destroy 2\SDFSSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Safer-Networking Ltd.) D:\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) D:\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

(Valve Corporation) D:\Steam\Steam.exe

(Akamai Technologies, Inc.) C:\Users\Jakob\AppData\Local\Akamai\netsession_win.exe

(Electronic Arts) D:\Origin\Origin.exe

(Akamai Technologies, Inc.) C:\Users\Jakob\AppData\Local\Akamai\netsession_win.exe

(Philips) D:\Configo\2.1.7.0\Configo.exe

(Dropbox, Inc.) C:\Users\Jakob\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Mozilla Corporation) D:\Thunderbird\thunderbird.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

(AVAST Software) D:\AVAST Software\Avast\AvastUI.exe

(Geek Software GmbH) D:\PDF24\pdf24.exe

(Apple Inc.) D:\iTunes\iTunesHelper.exe

(Safer-Networking Ltd.) D:\Spybot - Search & Destroy 2\SDTray.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncV1\CoreSync.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)

HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)

HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)

HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)

HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AvastUI.exe] - D:\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-03] (AVAST Software)

HKLM-x32\...\Run: [PDFPrint] - D:\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)

HKLM-x32\...\Run: [QuickTime Task] - D:\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - D:\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)

HKLM-x32\...\Run: [SDTray] - D:\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-1621289240-3782386781-216171386-1000\...\Run: [Steam] - D:\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)

HKU\S-1-5-21-1621289240-3782386781-216171386-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Jakob\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)

HKU\S-1-5-21-1621289240-3782386781-216171386-1000\...\Run: [EADM] - D:\Origin\Origin.exe [3598680 2014-02-15] (Electronic Arts)

HKU\S-1-5-21-1621289240-3782386781-216171386-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

Startup: C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Jakob\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.lnk

ShortcutTarget: thunderbird.lnk -> D:\Thunderbird\thunderbird.exe (Mozilla Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB57FA4738E08CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - D:\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - D:\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Winsock: Catalog5 08 D:\WideCap\widecapdrv.dll [327168] ()

Winsock: Catalog9 01 D:\WideCap\widecapdrv.dll [327168] ()

Winsock: Catalog9 02 D:\WideCap\widecapdrv.dll [327168] ()

Winsock: Catalog9 03 D:\WideCap\widecapdrv.dll [327168] ()

Winsock: Catalog9 04 D:\WideCap\widecapdrv.dll [327168] ()

Winsock: Catalog9 05 D:\WideCap\widecapdrv.dll [327168] ()

Winsock: Catalog9 16 D:\WideCap\widecapdrv.dll [327168] ()

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\0btwckdu.default

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jakob\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - D:\AVAST Software\Avast\WebRep\FF [2014-01-03]

FF StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe
 

Chrome: 

=======

CHR Extension: (ProxTube) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-02-04]

CHR Extension: (Google Drive) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-03]

CHR Extension: (YouTube) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-03]

CHR Extension: (Adblock Plus) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-27]

CHR Extension: (Google-Suche) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-03]

CHR Extension: (avast! Online Security) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-03]

CHR Extension: (Google Wallet) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-03]

CHR Extension: (Google Mail) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-03]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-03]
 

==================== Services (Whitelisted) =================
 

R2 avast! Antivirus; D:\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-03] (AVAST Software)

R2 avast! Firewall; D:\AVAST Software\Avast\afwServ.exe [113704 2014-01-03] (AVAST Software)

R2 mi-raysat_3dsmax2014_64; D:\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-15] ()

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-06] ()

R2 SDScannerService; D:\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

R2 SDUpdateService; D:\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

R2 SDWSCService; D:\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
 

==================== Drivers (Whitelisted) ====================
 

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-01-03] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-03] (AVAST Software)

R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [439648 2014-01-08] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-03] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-03] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-03] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-03] (AVAST Software)

S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-03] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-03] ()

R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]

U0 mfcorefs; 
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-03-08 15:56 - 2014-03-08 15:56 - 00000000 ____D () C:\Windows\ERUNT

2014-03-08 15:51 - 2014-03-08 15:53 - 00000000 ____D () C:\AdwCleaner

2014-03-08 15:17 - 2014-03-08 15:17 - 00017513 _____ () C:\Windows\DirectX.log

2014-03-08 10:22 - 2014-03-08 10:25 - 00000000 ____D () C:\Users\Jakob\Documents\Rockstar Games

2014-03-07 19:41 - 2014-03-07 19:41 - 00000000 ____D () C:\Program Files (x86)\ProcessExplorer

2014-03-07 18:23 - 2014-03-07 19:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-03-07 18:23 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

2014-03-07 18:16 - 2014-03-07 18:16 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SARDU

2014-03-07 15:13 - 2014-03-07 15:13 - 00024760 _____ () C:\ComboFix.txt

2014-03-07 14:59 - 2014-03-07 15:13 - 00000000 ____D () C:\Qoobox

2014-03-07 14:59 - 2014-03-07 15:12 - 00000000 ____D () C:\Windows\erdnt

2014-03-07 14:59 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-03-07 14:59 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-03-07 14:59 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-03-07 14:59 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-03-07 14:59 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-03-07 14:59 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2014-03-07 14:59 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2014-03-07 14:59 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2014-03-07 13:46 - 2014-03-08 15:58 - 00037240 _____ () C:\Windows\WindowsUpdate.log

2014-03-07 13:44 - 2014-03-08 15:59 - 00001232 _____ () C:\Windows\setupact.log

2014-03-07 13:44 - 2014-03-07 19:19 - 00002572 _____ () C:\Windows\PFRO.log

2014-03-07 13:44 - 2014-03-07 13:44 - 1047184538 _____ () C:\Windows\MEMORY.DMP

2014-03-07 13:44 - 2014-03-07 13:44 - 00293560 _____ () C:\Windows\Minidump\030714-4087-01.dmp

2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 _____ () C:\Windows\setuperr.log

2014-03-07 13:37 - 2014-03-08 16:03 - 00000000 ____D () C:\FRST

2014-03-07 13:35 - 2014-03-07 13:35 - 00000000 _____ () C:\Users\Jakob\defogger_reenable

2014-03-06 19:58 - 2014-03-06 19:58 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Malwarebytes

2014-03-06 19:58 - 2014-03-06 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-06 19:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-05 11:21 - 2014-03-05 11:21 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\ZokanBINDER

2014-03-04 16:57 - 2014-03-04 18:30 - 00000000 ____D () C:\Users\Jakob\Documents\GTA San Andreas User Files

2014-03-04 16:39 - 2014-03-04 16:41 - 00000000 ____D () C:\Users\Public\Documents\GTA San Andreas User Files

2014-03-04 12:32 - 2014-03-04 12:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01005.Wdf

2014-03-03 19:54 - 2014-03-03 19:54 - 01283480 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.dll

2014-03-03 19:54 - 2014-03-03 19:54 - 01241440 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.exe

2014-03-03 19:54 - 2014-03-03 19:54 - 00531352 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.dll

2014-03-03 19:54 - 2014-03-03 19:54 - 00420744 _____ () C:\Windows\system32\mfcoredll.dll

2014-03-03 19:54 - 2014-03-03 19:54 - 00382856 _____ () C:\Windows\SysWOW64\mfcoredll.dll

2014-03-03 19:54 - 2014-03-03 19:54 - 00316760 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.exe

2014-03-03 19:54 - 2014-03-03 19:54 - 00147344 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.x64

2014-03-03 19:54 - 2014-03-03 19:54 - 00073624 _____ () C:\Windows\system32\Drivers\mfcore.sys

2014-03-03 19:54 - 2014-03-03 19:54 - 00067472 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.x86

2014-03-03 19:54 - 2014-03-03 19:54 - 00016792 _____ () C:\Windows\system32\mfcoresvc.exe

2014-03-03 19:54 - 2014-03-03 19:54 - 00000000 ____D () C:\Program Files\MiniFrame

2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\OBS

2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software

2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Program Files\OBS

2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Program Files (x86)\OBS

2014-03-02 10:52 - 2014-03-02 10:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-03-02 10:52 - 2014-03-02 10:52 - 00000000 ____D () C:\Program Files\iTunes

2014-03-02 10:52 - 2014-03-02 10:52 - 00000000 ____D () C:\Program Files\iPod

2014-02-28 20:49 - 2014-03-01 20:08 - 00000000 ____D () C:\output

2014-02-28 19:45 - 2014-03-03 20:01 - 00000000 ____D () C:\Program Files\Recuva

2014-02-28 19:42 - 2014-02-28 19:42 - 05510289 _____ (Essential Data Tools ) C:\Users\Jakob\Downloads\photorescuepro_setup.exe

2014-02-24 21:15 - 2014-02-24 21:15 - 00000000 ____D () C:\Users\Jakob\AppData\Local\PDF24

2014-02-24 20:25 - 2014-03-06 19:15 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SA-MP Live

2014-02-24 20:01 - 2014-02-24 20:01 - 00087704 _____ () C:\Windows\cadkasdeinst01.exe

2014-02-24 20:01 - 2014-02-24 20:01 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 4.0

2014-02-24 20:01 - 2014-02-24 20:01 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\CAD-KAS

2014-02-22 18:42 - 2014-02-22 18:42 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\JAM Software

2014-02-22 16:15 - 2014-02-22 16:59 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\uTorrent

2014-02-22 15:18 - 2014-02-22 15:18 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\MAXON

2014-02-22 15:00 - 2014-02-22 16:57 - 00000000 ____D () C:\Users\Jakob\Documents\Adobe

2014-02-22 15:00 - 2014-02-22 15:00 - 00003504 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Jakobs-PC-Jakob

2014-02-22 15:00 - 2014-02-22 15:00 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\PDAppFlex

2014-02-22 14:59 - 2014-02-22 17:12 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe

2014-02-22 14:13 - 2014-02-22 16:09 - 00000000 ____D () C:\Program Files\Adobe

2014-02-22 13:37 - 2014-02-22 14:19 - 02951193 _____ () C:\Users\Jakob\Documents\Fertiges LiedWindows Media Audio V11_Audio in CD-Qualität mit 128 Kbit-s, 24 Bit, Stereo.wma

2014-02-21 18:04 - 2014-02-21 18:04 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

2014-02-21 18:03 - 2014-02-08 17:18 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2014-02-21 18:02 - 2014-02-08 19:34 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2014-02-21 18:02 - 2014-02-08 19:34 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00483104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00408352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00378656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00148528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2014-02-19 22:35 - 2014-02-19 22:36 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\DVDVideoSoft

2014-02-19 21:52 - 2014-02-22 18:48 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\MediaPurge

2014-02-19 21:52 - 2014-02-19 21:52 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mediapurge

2014-02-19 21:22 - 2014-02-19 21:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2014-02-19 21:18 - 2014-02-22 11:47 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Apple Computer

2014-02-19 21:18 - 2014-02-19 21:18 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Apple Computer

2014-02-19 21:18 - 2014-02-19 21:18 - 00000000 ____D () C:\ProgramData\Apple Computer

2014-02-19 21:18 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Apple

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\ProgramData\Apple

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files\Bonjour

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files (x86)\Bonjour

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

2014-02-17 18:11 - 2014-02-17 18:11 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer

2014-02-15 21:17 - 2014-02-15 21:17 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab

2014-02-15 21:06 - 2014-02-15 21:06 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Sony Creative Software Inc

2014-02-15 19:35 - 2014-02-15 19:41 - 00000000 ____D () C:\Users\Jakob\AppData\Local\LooksBuilder

2014-02-15 19:34 - 2014-02-15 19:34 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Red Giant Link

2014-02-15 19:33 - 2014-02-15 19:33 - 00004202 _____ () C:\Windows\System32\Tasks\Red Giant Link

2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files\Magic Bullet Looks Vegas

2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files (x86)\Red Giant Link

2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files (x86)\LooksBuilder

2014-02-15 19:32 - 2014-03-03 19:54 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Downloaded Installations

2014-02-15 19:32 - 2014-02-15 19:32 - 00000000 ____D () C:\ProgramData\RedGiant

2014-02-14 15:22 - 2014-02-14 15:22 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Unity

2014-02-12 17:34 - 1999-01-18 21:55 - 00348160 _____ (DevPower Development Tools) C:\Windows\SysWOW64\FlatBtn6.ocx

2014-02-09 18:52 - 2014-02-09 18:52 - 00000000 ____D () C:\ProgramData\Screaming Bee

2014-02-09 18:50 - 2014-02-09 18:52 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Screaming Bee

2014-02-09 14:36 - 2014-02-09 14:36 - 00002853 _____ () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk

2014-02-09 14:36 - 2014-02-09 14:36 - 00000000 ____D () C:\Program Files (x86)\Windows Installer Clean Up

2014-02-09 14:35 - 2014-02-09 14:36 - 00000000 ____D () C:\Program Files (x86)\MSECACHE

2014-02-08 16:27 - 2014-02-08 16:27 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo

2014-02-08 16:27 - 2014-02-08 16:27 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan

2014-02-06 15:10 - 2014-02-06 15:36 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2014-02-06 15:10 - 2014-02-06 15:10 - 00000000 ____D () C:\Users\Jakob\AppData\Local\PunkBuster

2014-02-06 15:10 - 2014-02-06 15:10 - 00000000 ____D () C:\Users\Jakob\AppData\Local\ESN

2014-02-06 15:10 - 2014-02-06 15:10 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins

2014-02-06 15:06 - 2014-02-06 15:10 - 00000000 ____D () C:\Users\Jakob\Documents\Battlefield 3

2014-02-06 15:06 - 2014-02-06 15:06 - 00000000 ____D () C:\ProgramData\EA Core
 

==================== One Month Modified Files and Folders =======
 

2014-03-08 16:03 - 2014-03-07 13:37 - 00000000 ____D () C:\FRST

2014-03-08 16:02 - 2014-03-07 13:46 - 00037240 _____ () C:\Windows\WindowsUpdate.log

2014-03-08 15:59 - 2014-03-07 13:44 - 00001232 _____ () C:\Windows\setupact.log

2014-03-08 15:59 - 2014-01-03 17:16 - 00000000 ___RD () C:\Users\Jakob\Dropbox

2014-03-08 15:59 - 2014-01-03 17:14 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Dropbox

2014-03-08 15:59 - 2014-01-03 15:22 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-03-08 15:59 - 2014-01-03 15:17 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-08 15:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-08 15:58 - 2009-07-14 05:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-08 15:58 - 2009-07-14 05:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-08 15:56 - 2014-03-08 15:56 - 00000000 ____D () C:\Windows\ERUNT

2014-03-08 15:53 - 2014-03-08 15:51 - 00000000 ____D () C:\AdwCleaner

2014-03-08 15:34 - 2014-01-03 15:17 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-08 15:17 - 2014-03-08 15:17 - 00017513 _____ () C:\Windows\DirectX.log

2014-03-08 14:49 - 2014-01-03 17:27 - 00000132 _____ () C:\Users\Jakob\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen

2014-03-08 10:25 - 2014-03-08 10:22 - 00000000 ____D () C:\Users\Jakob\Documents\Rockstar Games

2014-03-08 10:00 - 2014-01-10 20:32 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Rockstar Games

2014-03-08 10:00 - 2014-01-03 16:50 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Adobe

2014-03-08 09:56 - 2009-07-14 18:58 - 00696506 _____ () C:\Windows\system32\perfh007.dat

2014-03-08 09:56 - 2009-07-14 18:58 - 00147802 _____ () C:\Windows\system32\perfc007.dat

2014-03-08 09:56 - 2009-07-14 06:13 - 01611992 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-03-07 19:41 - 2014-03-07 19:41 - 00000000 ____D () C:\Program Files (x86)\ProcessExplorer

2014-03-07 19:20 - 2014-03-07 18:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-03-07 19:19 - 2014-03-07 13:44 - 00002572 _____ () C:\Windows\PFRO.log

2014-03-07 18:16 - 2014-03-07 18:16 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SARDU

2014-03-07 15:13 - 2014-03-07 15:13 - 00024760 _____ () C:\ComboFix.txt

2014-03-07 15:13 - 2014-03-07 14:59 - 00000000 ____D () C:\Qoobox

2014-03-07 15:13 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2014-03-07 15:12 - 2014-03-07 14:59 - 00000000 ____D () C:\Windows\erdnt

2014-03-07 15:12 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-03-07 13:44 - 2014-03-07 13:44 - 1047184538 _____ () C:\Windows\MEMORY.DMP

2014-03-07 13:44 - 2014-03-07 13:44 - 00293560 _____ () C:\Windows\Minidump\030714-4087-01.dmp

2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 _____ () C:\Windows\setuperr.log

2014-03-07 13:44 - 2014-01-03 20:58 - 00000000 ____D () C:\Windows\Minidump

2014-03-07 13:35 - 2014-03-07 13:35 - 00000000 _____ () C:\Users\Jakob\defogger_reenable

2014-03-07 13:35 - 2014-01-03 15:13 - 00000000 ____D () C:\Users\Jakob

2014-03-07 12:44 - 2014-01-03 21:11 - 00004154 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-03-06 19:58 - 2014-03-06 19:58 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Malwarebytes

2014-03-06 19:58 - 2014-03-06 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-06 19:15 - 2014-02-24 20:25 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SA-MP Live

2014-03-06 19:15 - 2014-01-03 21:19 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Wise Care 365

2014-03-05 11:21 - 2014-03-05 11:21 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\ZokanBINDER

2014-03-04 18:30 - 2014-03-04 16:57 - 00000000 ____D () C:\Users\Jakob\Documents\GTA San Andreas User Files

2014-03-04 16:41 - 2014-03-04 16:39 - 00000000 ____D () C:\Users\Public\Documents\GTA San Andreas User Files

2014-03-04 12:32 - 2014-03-04 12:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01005.Wdf

2014-03-04 12:32 - 2009-07-14 03:34 - 00000431 _____ () C:\Windows\win.ini

2014-03-04 10:16 - 2014-01-04 15:29 - 00000000 ____D () C:\ProgramData\PMS

2014-03-03 20:01 - 2014-02-28 19:45 - 00000000 ____D () C:\Program Files\Recuva

2014-03-03 19:54 - 2014-03-03 19:54 - 01283480 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.dll

2014-03-03 19:54 - 2014-03-03 19:54 - 01241440 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.exe

2014-03-03 19:54 - 2014-03-03 19:54 - 00531352 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.dll

2014-03-03 19:54 - 2014-03-03 19:54 - 00420744 _____ () C:\Windows\system32\mfcoredll.dll

2014-03-03 19:54 - 2014-03-03 19:54 - 00382856 _____ () C:\Windows\SysWOW64\mfcoredll.dll

2014-03-03 19:54 - 2014-03-03 19:54 - 00316760 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.exe

2014-03-03 19:54 - 2014-03-03 19:54 - 00147344 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.x64

2014-03-03 19:54 - 2014-03-03 19:54 - 00073624 _____ () C:\Windows\system32\Drivers\mfcore.sys

2014-03-03 19:54 - 2014-03-03 19:54 - 00067472 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.x86

2014-03-03 19:54 - 2014-03-03 19:54 - 00016792 _____ () C:\Windows\system32\mfcoresvc.exe

2014-03-03 19:54 - 2014-03-03 19:54 - 00000000 ____D () C:\Program Files\MiniFrame

2014-03-03 19:54 - 2014-02-15 19:32 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Downloaded Installations

2014-03-03 16:09 - 2014-01-04 17:00 - 00000000 ____D () C:\Windows\SysWOW64\directx

2014-03-02 19:58 - 2014-01-18 16:37 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Audacity

2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\OBS

2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software

2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Program Files\OBS

2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Program Files (x86)\OBS

2014-03-02 10:52 - 2014-03-02 10:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-03-02 10:52 - 2014-03-02 10:52 - 00000000 ____D () C:\Program Files\iTunes

2014-03-02 10:52 - 2014-03-02 10:52 - 00000000 ____D () C:\Program Files\iPod

2014-03-01 20:08 - 2014-02-28 20:49 - 00000000 ____D () C:\output

2014-02-28 19:42 - 2014-02-28 19:42 - 05510289 _____ (Essential Data Tools ) C:\Users\Jakob\Downloads\photorescuepro_setup.exe

2014-02-27 17:24 - 2014-01-03 17:33 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\.minecraft

2014-02-24 21:15 - 2014-02-24 21:15 - 00000000 ____D () C:\Users\Jakob\AppData\Local\PDF24

2014-02-24 20:01 - 2014-02-24 20:01 - 00087704 _____ () C:\Windows\cadkasdeinst01.exe

2014-02-24 20:01 - 2014-02-24 20:01 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 4.0

2014-02-24 20:01 - 2014-02-24 20:01 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\CAD-KAS

2014-02-22 20:06 - 2009-07-14 05:45 - 04945032 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-02-22 18:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help

2014-02-22 18:48 - 2014-02-19 21:52 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\MediaPurge

2014-02-22 18:42 - 2014-02-22 18:42 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\JAM Software

2014-02-22 17:12 - 2014-02-22 14:59 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe

2014-02-22 17:12 - 2014-01-03 16:51 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Adobe

2014-02-22 16:59 - 2014-02-22 16:15 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\uTorrent

2014-02-22 16:57 - 2014-02-22 15:00 - 00000000 ____D () C:\Users\Jakob\Documents\Adobe

2014-02-22 16:09 - 2014-02-22 14:13 - 00000000 ____D () C:\Program Files\Adobe

2014-02-22 16:09 - 2014-01-03 15:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-02-22 15:18 - 2014-02-22 15:18 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\MAXON

2014-02-22 15:00 - 2014-02-22 15:00 - 00003504 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Jakobs-PC-Jakob

2014-02-22 15:00 - 2014-02-22 15:00 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\PDAppFlex

2014-02-22 14:19 - 2014-02-22 13:37 - 02951193 _____ () C:\Users\Jakob\Documents\Fertiges LiedWindows Media Audio V11_Audio in CD-Qualität mit 128 Kbit-s, 24 Bit, Stereo.wma

2014-02-22 14:18 - 2014-01-03 15:16 - 00060728 _____ () C:\Users\Jakob\AppData\Local\GDIPFONTCACHEV1.DAT

2014-02-22 14:13 - 2014-01-03 17:14 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2014-02-22 13:53 - 2014-01-03 16:52 - 00000000 ____D () C:\ProgramData\Adobe

2014-02-22 11:47 - 2014-02-19 21:18 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Apple Computer

2014-02-21 18:04 - 2014-02-21 18:04 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

2014-02-21 18:04 - 2014-01-03 15:22 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-02-21 14:28 - 2014-01-03 15:17 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-02-21 14:28 - 2014-01-03 15:17 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-02-19 22:36 - 2014-02-19 22:35 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\DVDVideoSoft

2014-02-19 21:52 - 2014-02-19 21:52 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mediapurge

2014-02-19 21:22 - 2014-02-19 21:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2014-02-19 21:18 - 2014-02-19 21:18 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Apple Computer

2014-02-19 21:18 - 2014-02-19 21:18 - 00000000 ____D () C:\ProgramData\Apple Computer

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Apple

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\ProgramData\Apple

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files\Bonjour

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files (x86)\Bonjour

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

2014-02-17 18:11 - 2014-02-17 18:11 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer

2014-02-15 21:17 - 2014-02-15 21:17 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab

2014-02-15 21:06 - 2014-02-15 21:06 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Sony Creative Software Inc

2014-02-15 19:41 - 2014-02-15 19:35 - 00000000 ____D () C:\Users\Jakob\AppData\Local\LooksBuilder

2014-02-15 19:34 - 2014-02-15 19:34 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Red Giant Link

2014-02-15 19:33 - 2014-02-15 19:33 - 00004202 _____ () C:\Windows\System32\Tasks\Red Giant Link

2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files\Magic Bullet Looks Vegas

2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files (x86)\Red Giant Link

2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files (x86)\LooksBuilder

2014-02-15 19:32 - 2014-02-15 19:32 - 00000000 ____D () C:\ProgramData\RedGiant

2014-02-15 17:01 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-02-15 09:44 - 2014-02-01 18:23 - 00000000 ____D () C:\ProgramData\Origin

2014-02-14 15:22 - 2014-02-14 15:22 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Unity

2014-02-09 19:01 - 2014-01-06 18:57 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\PhotoScape

2014-02-09 18:52 - 2014-02-09 18:52 - 00000000 ____D () C:\ProgramData\Screaming Bee

2014-02-09 18:52 - 2014-02-09 18:50 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Screaming Bee

2014-02-09 16:19 - 2014-01-03 17:13 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Sony

2014-02-09 14:36 - 2014-02-09 14:36 - 00002853 _____ () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk

2014-02-09 14:36 - 2014-02-09 14:36 - 00000000 ____D () C:\Program Files (x86)\Windows Installer Clean Up

2014-02-09 14:36 - 2014-02-09 14:35 - 00000000 ____D () C:\Program Files (x86)\MSECACHE

2014-02-09 14:35 - 2014-01-03 15:13 - 00000000 ____D () C:\Users\Jakob\AppData\Local\VirtualStore

2014-02-09 14:32 - 2014-01-12 14:32 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-02-08 19:34 - 2014-02-21 18:02 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2014-02-08 19:34 - 2014-02-21 18:02 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00483104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00408352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00378656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00148528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2014-02-08 19:34 - 2014-01-03 15:22 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll

2014-02-08 19:34 - 2014-01-03 15:22 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll

2014-02-08 19:34 - 2014-01-03 15:20 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2014-02-08 19:34 - 2014-01-03 15:20 - 18257576 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2014-02-08 19:34 - 2014-01-03 15:20 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2014-02-08 19:34 - 2014-01-03 15:20 - 14669032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2014-02-08 19:34 - 2014-01-03 15:20 - 03090184 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

2014-02-08 19:34 - 2014-01-03 15:20 - 02713728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2014-02-08 19:34 - 2014-01-03 15:20 - 00947296 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll

2014-02-08 19:34 - 2014-01-03 15:20 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2014-02-08 19:34 - 2014-01-03 15:20 - 00024544 _____ () C:\Windows\system32\nvinfo.pb

2014-02-08 18:42 - 2014-01-03 15:22 - 06712608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2014-02-08 18:42 - 2014-01-03 15:22 - 03498272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2014-02-08 18:42 - 2014-01-03 15:22 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2014-02-08 18:42 - 2014-01-03 15:22 - 00923936 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

2014-02-08 18:42 - 2014-01-03 15:22 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2014-02-08 18:42 - 2014-01-03 15:22 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2014-02-08 17:18 - 2014-02-21 18:03 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2014-02-08 16:27 - 2014-02-08 16:27 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo

2014-02-08 16:27 - 2014-02-08 16:27 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan

2014-02-06 15:36 - 2014-02-06 15:10 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2014-02-06 15:36 - 2014-02-05 06:59 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-02-06 15:36 - 2014-02-05 06:59 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-02-06 15:17 - 2014-02-05 06:59 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-02-06 15:10 - 2014-02-06 15:10 - 00000000 ____D () C:\Users\Jakob\AppData\Local\PunkBuster

2014-02-06 15:10 - 2014-02-06 15:10 - 00000000 ____D () C:\Users\Jakob\AppData\Local\ESN

2014-02-06 15:10 - 2014-02-06 15:10 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins

2014-02-06 15:10 - 2014-02-06 15:06 - 00000000 ____D () C:\Users\Jakob\Documents\Battlefield 3

2014-02-06 15:06 - 2014-02-06 15:06 - 00000000 ____D () C:\ProgramData\EA Core

2014-02-06 15:06 - 2014-02-01 18:24 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Origin

2014-02-06 15:06 - 2014-02-01 18:23 - 00000000 ____D () C:\ProgramData\Electronic Arts
 

Some content of TEMP:

====================

C:\Users\Jakob\AppData\Local\Temp\drm_dyndata_7410004.dll

C:\Users\Jakob\AppData\Local\Temp\Quarantine.exe

C:\Users\Jakob\AppData\Local\Temp\tester.dll
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-03-01 14:53
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Junkware:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.2 (02.20.2014:1)

OS: Windows 7 Ultimate x64

Ran by Jakob on 08.03.2014 at 15:59:39,68

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASMANCS
 
 
 

~~~ Files
 

Successfully deleted: [File] "C:\Windows\Tasks\wise care 365.job"
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 08.03.2014 at 16:00:36,35

Computer was rebooted

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Guten Tag,
ich habe mich selber auf die Suche des Virusknechts gemacht und folgendes herausgefunden:

Tatsächlich war die "iTunesHelper.exe" die Lösung meines Problems.
Nachdem ich in zwei Taskmanagern Prozess für Prozess abklapperte,
sank meine CPU Auslastung drastisch nach unten - der normale Zustand kehrte wieder zurück.

Wahrscheinlich hat sich ein Virus als iTunesHelper.exe ausgegeben.

An der CPU (Intel Core i5 3570k @4,5GHz) kann es ja wohl schlecht liegen.

iTunes ist nun komplett vom System geschmissen und macht nach einer Neuinstallation keine Probleme mehr - ist der Virus beseitigt?
Oder nervt er mich wenigstens nicht mehr? :lach:

s1.directupload.net/images/140308/llqklzj7.png

MfG
Jakob

Nee, die ITunes Helper.exe ist legitim. Die hatte nur nen Macken, das muss nicht immer Malware sein nur weil ein Programm viel CPU zieht.

Daneben war aber auch jede Menge Adware auf dem System Kontrollscans, dann sind wir durch :)

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Nächstes Problem.
Beim starten erscheinen folgende Crashmeldungen:

s1.directupload.net/images/140309/f7iyskre.jpg

Ich habe keinen internetzugriff mehr.
Alles ist richtig konfiguriert, Rechner als auch Router.
Beim starten ruft er sogar noch die Mails mit Thunderbird ab.

Danach nada, nix mehr.

Ich kann jetzt höchstens das Tool via USB Speichermedium auf den Rechner bringen,
Onlinescan wird nichts mehr.

Ich krieg die Krise, ich brauch den Rechner.

Ach ja,
ich finds echt klasse wie du mir und anderen hilfst.

Mit freundlichen Grüßen
Jakobs Mobiltelefon

Man muss hinzufügen dass ich über die Eingabeaufforderung jegliche Webseite anpingen kann.

Den Beitrag hier bitte missachten, alles funktioniert nach einer Wiederherstellung wieder.
Logs folgen.

Was für eine Wiederherstellung?

Nun,
das System hat mir Fehlermeldungen diverser Treiber & Virenprogramme gemeldet und verbat mir den Internetzugriff.
Nach einer Wiederherstellung auf den 07.03 (normale Systemwiederherstellung die man mit F8 erreichen kann) konnte ich wieder arbeiten.
Grundlast blieb nach wie vor.

Security Check:

Code:

 Results of screen317's Security Check version 0.99.80  

 Windows 7  x64 (UAC is enabled)  

 Out of date service pack!! 
 ``````````````Antivirus/Firewall Check:`````````````` 

avast! Internet Security   

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Spybot - Search & Destroy 

 Malwarebytes Anti-Malware Version 1.75.0.1300  

 Mozilla Firefox (26.0) 

 Mozilla Thunderbird (24.1.1) 

 Google Chrome 33.0.1750.117  

 Google Chrome 33.0.1750.146  
 ````````Process Check: objlist.exe by Laurent````````  

 Spybot Teatimer.exe is disabled! 

 ESET ESET Online Scanner OnlineScannerApp.exe  

 Avast AvastSvc.exe   

 Avast afwServ.exe   

 Avast AvastUI.exe   
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

ESET:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=742e3dd3b615db479b2f6ad6850176c4

# engine=17370

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-03-09 01:00:32

# local_time=2014-03-09 02:00:32 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7600 NT 

# compatibility_mode=5893 16776573 66 85 146775703 146775703 0 0

# scanned=398234

# found=0

# cleaned=0

# scan_time=3180

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=742e3dd3b615db479b2f6ad6850176c4

# engine=17382

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-03-10 02:04:32

# local_time=2014-03-10 03:04:32 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7600 NT 

# compatibility_mode=772 16777213 66 82 5679954 5684013 0 0

# compatibility_mode=5893 16776573 100 94 93325 146865943 0 0

# scanned=399019

# found=0

# cleaned=0

# scan_time=3325

FRST:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2014 02

Ran by Jakob (administrator) on JAKOBS-PC on 10-03-2014 15:57:22

Running from D:\Desktop

Windows 7 Ultimate (X64) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(AVAST Software) D:\AVAST Software\Avast\AvastSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(AVAST Software) D:\AVAST Software\Avast\afwServ.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() D:\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Safer-Networking Ltd.) D:\Spybot - Search & Destroy 2\SDFSSvc.exe

(WiseCleaner.com) D:\Wise\Wise Care 365\WiseTray.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Safer-Networking Ltd.) D:\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) D:\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

(Valve Corporation) D:\Steam\Steam.exe

(Akamai Technologies, Inc.) C:\Users\Jakob\AppData\Local\Akamai\netsession_win.exe

(Electronic Arts) D:\Origin\Origin.exe

(Philips) D:\Configo\2.1.7.0\Configo.exe

(Akamai Technologies, Inc.) C:\Users\Jakob\AppData\Local\Akamai\netsession_win.exe

(Dropbox, Inc.) C:\Users\Jakob\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Mozilla Corporation) D:\Thunderbird\thunderbird.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(AVAST Software) D:\AVAST Software\Avast\AvastUI.exe

(Geek Software GmbH) D:\PDF24\pdf24.exe

(Safer-Networking Ltd.) D:\Spybot - Search & Destroy 2\SDTray.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncV1\CoreSync.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)

HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)

HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)

HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)

HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AvastUI.exe] - D:\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-03] (AVAST Software)

HKLM-x32\...\Run: [PDFPrint] - D:\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)

HKLM-x32\...\Run: [QuickTime Task] - D:\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - "D:\iTunes\iTunesHelper.exe"

HKLM-x32\...\Run: [SDTray] - D:\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-1621289240-3782386781-216171386-1000\...\Run: [Steam] - D:\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)

HKU\S-1-5-21-1621289240-3782386781-216171386-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Jakob\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)

HKU\S-1-5-21-1621289240-3782386781-216171386-1000\...\Run: [EADM] - D:\Origin\Origin.exe [3588952 2014-03-08] (Electronic Arts)

HKU\S-1-5-21-1621289240-3782386781-216171386-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

Startup: C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Jakob\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.lnk

ShortcutTarget: thunderbird.lnk -> D:\Thunderbird\thunderbird.exe (Mozilla Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB57FA4738E08CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - D:\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - D:\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Winsock: Catalog5 08 D:\WideCap\widecapdrv.dll [327168] ()

Winsock: Catalog9 01 D:\WideCap\widecapdrv.dll [327168] ()

Winsock: Catalog9 02 D:\WideCap\widecapdrv.dll [327168] ()

Winsock: Catalog9 03 D:\WideCap\widecapdrv.dll [327168] ()

Winsock: Catalog9 04 D:\WideCap\widecapdrv.dll [327168] ()

Winsock: Catalog9 05 D:\WideCap\widecapdrv.dll [327168] ()

Winsock: Catalog9 16 D:\WideCap\widecapdrv.dll [327168] ()

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\0btwckdu.default

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\iTunes\Mozilla Plugins\npitunes.dll No File

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jakob\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - D:\AVAST Software\Avast\WebRep\FF [2014-01-03]

FF StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe
 

Chrome: 

=======

CHR Extension: (ProxTube) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-02-04]

CHR Extension: (Google Drive) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-03]

CHR Extension: (YouTube) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-03]

CHR Extension: (Adblock Plus) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-27]

CHR Extension: (Google-Suche) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-03]

CHR Extension: (avast! Online Security) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-03]

CHR Extension: (Google Wallet) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-03]

CHR Extension: (Google Mail) - C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-03]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-03]
 

==================== Services (Whitelisted) =================
 

R2 avast! Antivirus; D:\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-03] (AVAST Software)

R2 avast! Firewall; D:\AVAST Software\Avast\afwServ.exe [113704 2014-01-03] (AVAST Software)

R2 mi-raysat_3dsmax2014_64; D:\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-15] ()

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-06] ()

R2 SDScannerService; D:\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

R2 SDUpdateService; D:\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

R2 SDWSCService; D:\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
 

==================== Drivers (Whitelisted) ====================
 

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-01-03] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-03] (AVAST Software)

R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [439648 2014-01-08] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-03] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-03] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-03] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-03] (AVAST Software)

S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-03] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-03] ()

R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]

U0 mfcorefs; 
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-03-09 13:05 - 2014-03-09 13:05 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-03-08 20:06 - 2014-03-08 20:06 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\ProxySwitcher

2014-03-08 20:06 - 2014-03-08 20:06 - 00000000 ____D () C:\Users\Jakob\AppData\Local\IsolatedStorage

2014-03-08 17:07 - 2014-03-09 12:51 - 00000000 ____D () C:\Program Files\CyberGhost 5

2014-03-08 16:40 - 2014-03-09 12:51 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\globalip

2014-03-08 15:51 - 2014-03-09 12:51 - 00000000 ____D () C:\AdwCleaner

2014-03-08 10:22 - 2014-03-08 10:25 - 00000000 ____D () C:\Users\Jakob\Documents\Rockstar Games

2014-03-07 19:41 - 2014-03-09 12:51 - 00000000 ____D () C:\Program Files (x86)\ProcessExplorer

2014-03-07 18:23 - 2014-03-09 10:50 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-03-07 18:23 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

2014-03-07 18:16 - 2014-03-07 18:16 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SARDU

2014-03-07 15:13 - 2014-03-07 15:13 - 00024760 _____ () C:\ComboFix.txt

2014-03-07 14:59 - 2014-03-07 15:13 - 00000000 ____D () C:\Qoobox

2014-03-07 14:59 - 2014-03-07 15:12 - 00000000 ____D () C:\Windows\erdnt

2014-03-07 14:59 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-03-07 14:59 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-03-07 14:59 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-03-07 14:59 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-03-07 14:59 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-03-07 14:59 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2014-03-07 14:59 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2014-03-07 14:59 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2014-03-07 13:46 - 2014-03-10 13:48 - 00044875 _____ () C:\Windows\WindowsUpdate.log

2014-03-07 13:44 - 2014-03-10 13:45 - 00001008 _____ () C:\Windows\setupact.log

2014-03-07 13:44 - 2014-03-07 16:52 - 00002104 _____ () C:\Windows\PFRO.log

2014-03-07 13:44 - 2014-03-07 13:44 - 1047184538 _____ () C:\Windows\MEMORY.DMP

2014-03-07 13:44 - 2014-03-07 13:44 - 00293560 _____ () C:\Windows\Minidump\030714-4087-01.dmp

2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 _____ () C:\Windows\setuperr.log

2014-03-07 13:37 - 2014-03-10 15:57 - 00000000 ____D () C:\FRST

2014-03-06 19:58 - 2014-03-06 19:58 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Malwarebytes

2014-03-06 19:58 - 2014-03-06 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-06 19:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-05 11:21 - 2014-03-05 11:21 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\ZokanBINDER

2014-03-04 16:57 - 2014-03-04 18:30 - 00000000 ____D () C:\Users\Jakob\Documents\GTA San Andreas User Files

2014-03-04 16:39 - 2014-03-04 16:41 - 00000000 ____D () C:\Users\Public\Documents\GTA San Andreas User Files

2014-03-04 12:32 - 2014-03-04 12:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01005.Wdf

2014-03-03 19:54 - 2014-03-03 19:54 - 01283480 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.dll

2014-03-03 19:54 - 2014-03-03 19:54 - 01241440 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.exe

2014-03-03 19:54 - 2014-03-03 19:54 - 00531352 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.dll

2014-03-03 19:54 - 2014-03-03 19:54 - 00420744 _____ () C:\Windows\system32\mfcoredll.dll

2014-03-03 19:54 - 2014-03-03 19:54 - 00382856 _____ () C:\Windows\SysWOW64\mfcoredll.dll

2014-03-03 19:54 - 2014-03-03 19:54 - 00316760 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.exe

2014-03-03 19:54 - 2014-03-03 19:54 - 00147344 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.x64

2014-03-03 19:54 - 2014-03-03 19:54 - 00073624 _____ () C:\Windows\system32\Drivers\mfcore.sys

2014-03-03 19:54 - 2014-03-03 19:54 - 00067472 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.x86

2014-03-03 19:54 - 2014-03-03 19:54 - 00016792 _____ () C:\Windows\system32\mfcoresvc.exe

2014-03-03 19:54 - 2014-03-03 19:54 - 00000000 ____D () C:\Program Files\MiniFrame

2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\OBS

2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software

2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Program Files\OBS

2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Program Files (x86)\OBS

2014-03-02 10:52 - 2014-03-09 12:51 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-03-02 10:52 - 2014-03-09 12:51 - 00000000 ____D () C:\Program Files\iTunes

2014-03-02 10:52 - 2014-03-09 12:51 - 00000000 ____D () C:\Program Files\iPod

2014-02-28 20:49 - 2014-03-01 20:08 - 00000000 ____D () C:\output

2014-02-28 19:45 - 2014-03-03 20:01 - 00000000 ____D () C:\Program Files\Recuva

2014-02-28 19:42 - 2014-02-28 19:42 - 05510289 _____ (Essential Data Tools ) C:\Users\Jakob\Downloads\photorescuepro_setup.exe

2014-02-24 21:15 - 2014-02-24 21:15 - 00000000 ____D () C:\Users\Jakob\AppData\Local\PDF24

2014-02-24 20:25 - 2014-03-06 19:15 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SA-MP Live

2014-02-24 20:01 - 2014-02-24 20:01 - 00087704 _____ () C:\Windows\cadkasdeinst01.exe

2014-02-24 20:01 - 2014-02-24 20:01 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 4.0

2014-02-24 20:01 - 2014-02-24 20:01 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\CAD-KAS

2014-02-22 18:42 - 2014-02-22 18:42 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\JAM Software

2014-02-22 16:15 - 2014-02-22 16:59 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\uTorrent

2014-02-22 15:18 - 2014-02-22 15:18 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\MAXON

2014-02-22 15:00 - 2014-02-22 16:57 - 00000000 ____D () C:\Users\Jakob\Documents\Adobe

2014-02-22 15:00 - 2014-02-22 15:00 - 00003504 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Jakobs-PC-Jakob

2014-02-22 15:00 - 2014-02-22 15:00 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\PDAppFlex

2014-02-22 14:59 - 2014-02-22 17:12 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe

2014-02-22 14:13 - 2014-02-22 16:09 - 00000000 ____D () C:\Program Files\Adobe

2014-02-22 13:37 - 2014-02-22 14:19 - 02951193 _____ () C:\Users\Jakob\Documents\Fertiges LiedWindows Media Audio V11_Audio in CD-Qualität mit 128 Kbit-s, 24 Bit, Stereo.wma

2014-02-21 18:04 - 2014-02-21 18:04 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

2014-02-21 18:03 - 2014-02-08 17:18 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2014-02-21 18:02 - 2014-02-08 19:34 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2014-02-21 18:02 - 2014-02-08 19:34 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00483104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00408352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00378656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2014-02-21 18:02 - 2014-02-08 19:34 - 00148528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2014-02-19 22:35 - 2014-02-19 22:36 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\DVDVideoSoft

2014-02-19 21:52 - 2014-02-22 18:48 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\MediaPurge

2014-02-19 21:52 - 2014-02-19 21:52 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mediapurge

2014-02-19 21:22 - 2014-02-19 21:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2014-02-19 21:18 - 2014-02-22 11:47 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Apple Computer

2014-02-19 21:18 - 2014-02-19 21:18 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Apple Computer

2014-02-19 21:18 - 2014-02-19 21:18 - 00000000 ____D () C:\ProgramData\Apple Computer

2014-02-19 21:18 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Apple

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\ProgramData\Apple

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files\Bonjour

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files (x86)\Bonjour

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

2014-02-17 18:11 - 2014-02-17 18:11 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer

2014-02-15 21:17 - 2014-02-15 21:17 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab

2014-02-15 21:06 - 2014-02-15 21:06 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Sony Creative Software Inc

2014-02-15 19:35 - 2014-02-15 19:41 - 00000000 ____D () C:\Users\Jakob\AppData\Local\LooksBuilder

2014-02-15 19:34 - 2014-02-15 19:34 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Red Giant Link

2014-02-15 19:33 - 2014-02-15 19:33 - 00004202 _____ () C:\Windows\System32\Tasks\Red Giant Link

2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files\Magic Bullet Looks Vegas

2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files (x86)\Red Giant Link

2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files (x86)\LooksBuilder

2014-02-15 19:32 - 2014-03-03 19:54 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Downloaded Installations

2014-02-15 19:32 - 2014-02-15 19:32 - 00000000 ____D () C:\ProgramData\RedGiant

2014-02-14 15:22 - 2014-02-14 15:22 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Unity

2014-02-12 17:34 - 1999-01-18 21:55 - 00348160 _____ (DevPower Development Tools) C:\Windows\SysWOW64\FlatBtn6.ocx

2014-02-09 18:52 - 2014-02-09 18:52 - 00000000 ____D () C:\ProgramData\Screaming Bee

2014-02-09 18:50 - 2014-02-09 18:52 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Screaming Bee

2014-02-09 14:36 - 2014-02-09 14:36 - 00002853 _____ () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk

2014-02-09 14:36 - 2014-02-09 14:36 - 00000000 ____D () C:\Program Files (x86)\Windows Installer Clean Up

2014-02-09 14:35 - 2014-02-09 14:36 - 00000000 ____D () C:\Program Files (x86)\MSECACHE

2014-02-08 16:27 - 2014-02-08 16:27 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo

2014-02-08 16:27 - 2014-02-08 16:27 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
 

==================== One Month Modified Files and Folders =======
 

2014-03-10 15:57 - 2014-03-07 13:37 - 00000000 ____D () C:\FRST

2014-03-10 15:33 - 2014-01-03 15:17 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-10 14:33 - 2014-01-03 15:17 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-10 13:55 - 2014-01-03 16:50 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Adobe

2014-03-10 13:52 - 2009-07-14 05:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-10 13:52 - 2009-07-14 05:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-10 13:51 - 2009-07-14 18:58 - 00696506 _____ () C:\Windows\system32\perfh007.dat

2014-03-10 13:51 - 2009-07-14 18:58 - 00147802 _____ () C:\Windows\system32\perfc007.dat

2014-03-10 13:51 - 2009-07-14 06:13 - 01611992 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-03-10 13:48 - 2014-03-07 13:46 - 00044875 _____ () C:\Windows\WindowsUpdate.log

2014-03-10 13:45 - 2014-03-07 13:44 - 00001008 _____ () C:\Windows\setupact.log

2014-03-10 13:45 - 2014-01-03 21:21 - 00000342 _____ () C:\Windows\Tasks\Wise Care 365.job

2014-03-10 13:45 - 2014-01-03 17:16 - 00000000 ___RD () C:\Users\Jakob\Dropbox

2014-03-10 13:45 - 2014-01-03 17:14 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Dropbox

2014-03-10 13:45 - 2014-01-03 15:22 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-03-10 13:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-09 21:37 - 2014-01-03 21:11 - 00004154 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-03-09 13:05 - 2014-03-09 13:05 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-03-09 12:59 - 2014-01-03 17:27 - 00000132 _____ () C:\Users\Jakob\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen

2014-03-09 12:52 - 2014-02-01 18:23 - 00000000 ____D () C:\ProgramData\Origin

2014-03-09 12:52 - 2014-01-03 15:16 - 00060728 _____ () C:\Users\Jakob\AppData\Local\GDIPFONTCACHEV1.DAT

2014-03-09 12:52 - 2014-01-03 15:13 - 00000000 ____D () C:\Users\Jakob

2014-03-09 12:51 - 2014-03-08 17:07 - 00000000 ____D () C:\Program Files\CyberGhost 5

2014-03-09 12:51 - 2014-03-08 16:40 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\globalip

2014-03-09 12:51 - 2014-03-08 15:51 - 00000000 ____D () C:\AdwCleaner

2014-03-09 12:51 - 2014-03-07 19:41 - 00000000 ____D () C:\Program Files (x86)\ProcessExplorer

2014-03-09 12:51 - 2014-03-02 10:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-03-09 12:51 - 2014-03-02 10:52 - 00000000 ____D () C:\Program Files\iTunes

2014-03-09 12:51 - 2014-03-02 10:52 - 00000000 ____D () C:\Program Files\iPod

2014-03-09 12:51 - 2014-01-18 16:37 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Audacity

2014-03-09 12:51 - 2014-01-12 17:48 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\TeamViewer

2014-03-09 12:51 - 2014-01-12 17:47 - 00000000 ____D () C:\Program Files (x86)\TeamViewer

2014-03-09 12:51 - 2014-01-10 14:13 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Akamai

2014-03-09 12:51 - 2014-01-06 18:57 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\PhotoScape

2014-03-09 12:51 - 2014-01-03 21:19 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Wise Care 365

2014-03-09 12:51 - 2014-01-03 20:58 - 00000000 ____D () C:\Windows\Minidump

2014-03-09 12:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration

2014-03-09 10:50 - 2014-03-07 18:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-03-08 20:06 - 2014-03-08 20:06 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\ProxySwitcher

2014-03-08 20:06 - 2014-03-08 20:06 - 00000000 ____D () C:\Users\Jakob\AppData\Local\IsolatedStorage

2014-03-08 10:25 - 2014-03-08 10:22 - 00000000 ____D () C:\Users\Jakob\Documents\Rockstar Games

2014-03-08 10:00 - 2014-01-10 20:32 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Rockstar Games

2014-03-07 18:16 - 2014-03-07 18:16 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SARDU

2014-03-07 16:52 - 2014-03-07 13:44 - 00002104 _____ () C:\Windows\PFRO.log

2014-03-07 15:13 - 2014-03-07 15:13 - 00024760 _____ () C:\ComboFix.txt

2014-03-07 15:13 - 2014-03-07 14:59 - 00000000 ____D () C:\Qoobox

2014-03-07 15:13 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2014-03-07 15:12 - 2014-03-07 14:59 - 00000000 ____D () C:\Windows\erdnt

2014-03-07 15:12 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-03-07 13:44 - 2014-03-07 13:44 - 1047184538 _____ () C:\Windows\MEMORY.DMP

2014-03-07 13:44 - 2014-03-07 13:44 - 00293560 _____ () C:\Windows\Minidump\030714-4087-01.dmp

2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 _____ () C:\Windows\setuperr.log

2014-03-06 19:58 - 2014-03-06 19:58 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Malwarebytes

2014-03-06 19:58 - 2014-03-06 19:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-06 19:15 - 2014-02-24 20:25 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SA-MP Live

2014-03-05 11:21 - 2014-03-05 11:21 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\ZokanBINDER

2014-03-04 18:30 - 2014-03-04 16:57 - 00000000 ____D () C:\Users\Jakob\Documents\GTA San Andreas User Files

2014-03-04 16:41 - 2014-03-04 16:39 - 00000000 ____D () C:\Users\Public\Documents\GTA San Andreas User Files

2014-03-04 12:32 - 2014-03-04 12:32 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01005.Wdf

2014-03-04 12:32 - 2009-07-14 03:34 - 00000431 _____ () C:\Windows\win.ini

2014-03-04 10:16 - 2014-01-04 15:29 - 00000000 ____D () C:\ProgramData\PMS

2014-03-03 20:01 - 2014-02-28 19:45 - 00000000 ____D () C:\Program Files\Recuva

2014-03-03 19:54 - 2014-03-03 19:54 - 01283480 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.dll

2014-03-03 19:54 - 2014-03-03 19:54 - 01241440 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.exe

2014-03-03 19:54 - 2014-03-03 19:54 - 00531352 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.dll

2014-03-03 19:54 - 2014-03-03 19:54 - 00420744 _____ () C:\Windows\system32\mfcoredll.dll

2014-03-03 19:54 - 2014-03-03 19:54 - 00382856 _____ () C:\Windows\SysWOW64\mfcoredll.dll

2014-03-03 19:54 - 2014-03-03 19:54 - 00316760 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.exe

2014-03-03 19:54 - 2014-03-03 19:54 - 00147344 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.x64

2014-03-03 19:54 - 2014-03-03 19:54 - 00073624 _____ () C:\Windows\system32\Drivers\mfcore.sys

2014-03-03 19:54 - 2014-03-03 19:54 - 00067472 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.x86

2014-03-03 19:54 - 2014-03-03 19:54 - 00016792 _____ () C:\Windows\system32\mfcoresvc.exe

2014-03-03 19:54 - 2014-03-03 19:54 - 00000000 ____D () C:\Program Files\MiniFrame

2014-03-03 19:54 - 2014-02-15 19:32 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Downloaded Installations

2014-03-03 16:09 - 2014-01-04 17:00 - 00000000 ____D () C:\Windows\SysWOW64\directx

2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\OBS

2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software

2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Program Files\OBS

2014-03-02 14:31 - 2014-03-02 14:31 - 00000000 ____D () C:\Program Files (x86)\OBS

2014-03-01 20:08 - 2014-02-28 20:49 - 00000000 ____D () C:\output

2014-02-28 19:42 - 2014-02-28 19:42 - 05510289 _____ (Essential Data Tools ) C:\Users\Jakob\Downloads\photorescuepro_setup.exe

2014-02-27 17:24 - 2014-01-03 17:33 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\.minecraft

2014-02-24 21:15 - 2014-02-24 21:15 - 00000000 ____D () C:\Users\Jakob\AppData\Local\PDF24

2014-02-24 20:01 - 2014-02-24 20:01 - 00087704 _____ () C:\Windows\cadkasdeinst01.exe

2014-02-24 20:01 - 2014-02-24 20:01 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 4.0

2014-02-24 20:01 - 2014-02-24 20:01 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\CAD-KAS

2014-02-22 20:06 - 2009-07-14 05:45 - 04945032 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-02-22 18:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help

2014-02-22 18:48 - 2014-02-19 21:52 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\MediaPurge

2014-02-22 18:42 - 2014-02-22 18:42 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\JAM Software

2014-02-22 17:12 - 2014-02-22 14:59 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe

2014-02-22 17:12 - 2014-01-03 16:51 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Adobe

2014-02-22 16:59 - 2014-02-22 16:15 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\uTorrent

2014-02-22 16:57 - 2014-02-22 15:00 - 00000000 ____D () C:\Users\Jakob\Documents\Adobe

2014-02-22 16:09 - 2014-02-22 14:13 - 00000000 ____D () C:\Program Files\Adobe

2014-02-22 16:09 - 2014-01-03 15:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-02-22 15:18 - 2014-02-22 15:18 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\MAXON

2014-02-22 15:00 - 2014-02-22 15:00 - 00003504 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Jakobs-PC-Jakob

2014-02-22 15:00 - 2014-02-22 15:00 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\PDAppFlex

2014-02-22 14:19 - 2014-02-22 13:37 - 02951193 _____ () C:\Users\Jakob\Documents\Fertiges LiedWindows Media Audio V11_Audio in CD-Qualität mit 128 Kbit-s, 24 Bit, Stereo.wma

2014-02-22 14:13 - 2014-01-03 17:14 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2014-02-22 13:53 - 2014-01-03 16:52 - 00000000 ____D () C:\ProgramData\Adobe

2014-02-22 11:47 - 2014-02-19 21:18 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Apple Computer

2014-02-21 18:04 - 2014-02-21 18:04 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

2014-02-21 18:04 - 2014-01-03 15:22 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-02-21 14:28 - 2014-01-03 15:17 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-02-21 14:28 - 2014-01-03 15:17 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-02-19 22:36 - 2014-02-19 22:35 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\DVDVideoSoft

2014-02-19 21:52 - 2014-02-19 21:52 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mediapurge

2014-02-19 21:22 - 2014-02-19 21:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2014-02-19 21:18 - 2014-02-19 21:18 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Apple Computer

2014-02-19 21:18 - 2014-02-19 21:18 - 00000000 ____D () C:\ProgramData\Apple Computer

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Apple

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\ProgramData\Apple

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files\Bonjour

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files (x86)\Bonjour

2014-02-19 21:17 - 2014-02-19 21:17 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

2014-02-17 18:11 - 2014-02-17 18:11 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer

2014-02-15 21:17 - 2014-02-15 21:17 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab

2014-02-15 21:06 - 2014-02-15 21:06 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Sony Creative Software Inc

2014-02-15 19:41 - 2014-02-15 19:35 - 00000000 ____D () C:\Users\Jakob\AppData\Local\LooksBuilder

2014-02-15 19:34 - 2014-02-15 19:34 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Red Giant Link

2014-02-15 19:33 - 2014-02-15 19:33 - 00004202 _____ () C:\Windows\System32\Tasks\Red Giant Link

2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files\Magic Bullet Looks Vegas

2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files (x86)\Red Giant Link

2014-02-15 19:33 - 2014-02-15 19:33 - 00000000 ____D () C:\Program Files (x86)\LooksBuilder

2014-02-15 19:32 - 2014-02-15 19:32 - 00000000 ____D () C:\ProgramData\RedGiant

2014-02-15 17:01 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-02-14 15:22 - 2014-02-14 15:22 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Unity

2014-02-09 18:52 - 2014-02-09 18:52 - 00000000 ____D () C:\ProgramData\Screaming Bee

2014-02-09 18:52 - 2014-02-09 18:50 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Screaming Bee

2014-02-09 16:19 - 2014-01-03 17:13 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Sony

2014-02-09 14:36 - 2014-02-09 14:36 - 00002853 _____ () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk

2014-02-09 14:36 - 2014-02-09 14:36 - 00000000 ____D () C:\Program Files (x86)\Windows Installer Clean Up

2014-02-09 14:36 - 2014-02-09 14:35 - 00000000 ____D () C:\Program Files (x86)\MSECACHE

2014-02-09 14:35 - 2014-01-03 15:13 - 00000000 ____D () C:\Users\Jakob\AppData\Local\VirtualStore

2014-02-09 14:32 - 2014-01-12 14:32 - 00000000 ____D () C:\Windows\system32\appmgmt

2014-02-08 19:34 - 2014-02-21 18:02 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2014-02-08 19:34 - 2014-02-21 18:02 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00483104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00408352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00378656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2014-02-08 19:34 - 2014-02-21 18:02 - 00148528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2014-02-08 19:34 - 2014-01-03 15:22 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll

2014-02-08 19:34 - 2014-01-03 15:22 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll

2014-02-08 19:34 - 2014-01-03 15:20 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2014-02-08 19:34 - 2014-01-03 15:20 - 18257576 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2014-02-08 19:34 - 2014-01-03 15:20 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2014-02-08 19:34 - 2014-01-03 15:20 - 14669032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2014-02-08 19:34 - 2014-01-03 15:20 - 03090184 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

2014-02-08 19:34 - 2014-01-03 15:20 - 02713728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2014-02-08 19:34 - 2014-01-03 15:20 - 00947296 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll

2014-02-08 19:34 - 2014-01-03 15:20 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2014-02-08 19:34 - 2014-01-03 15:20 - 00024544 _____ () C:\Windows\system32\nvinfo.pb

2014-02-08 18:42 - 2014-01-03 15:22 - 06712608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2014-02-08 18:42 - 2014-01-03 15:22 - 03498272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2014-02-08 18:42 - 2014-01-03 15:22 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2014-02-08 18:42 - 2014-01-03 15:22 - 00923936 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

2014-02-08 18:42 - 2014-01-03 15:22 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2014-02-08 18:42 - 2014-01-03 15:22 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2014-02-08 17:18 - 2014-02-21 18:03 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2014-02-08 16:27 - 2014-02-08 16:27 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo

2014-02-08 16:27 - 2014-02-08 16:27 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
 

Some content of TEMP:

====================

C:\Users\Jakob\AppData\Local\Temp\tester.dll
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-03-01 14:53
 

==================== End Of Log ============================

--- --- ---

Entschuldigung wenn ich mit der Wiederherstellung etwas vermiest habe,
doch man konnte ansonsten nichts mehr machen.

MfG

Mach mal bitte Windows Updates, da fehlt ein ganzes Servicepack-

Ich glaube ich setze alle drei Festplatten einfach neu auf...
Wird jetzt nicht die Welt sein, nachdem alles wichtige gesichert wurde.

Entschuldigung wenn ich jetzt deine Zeit verschwendet habe.

MfG