Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Browser Funktionieren nicht, Mehrfache Prozesse, Grafikfehler und Abstürze (https://www.trojaner-board.de/161211-browser-funktionieren-mehrfache-prozesse-grafikfehler-abstuerze.html)

schrauber 02.12.2014 18:29
Ok, das ist jetzt mysteriös. Bitte nochmal ein frisches FRST log.

Kelethine 03.12.2014 08:15
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2014
Ran by Jann (administrator) on NAMELOL on 02-12-2014 20:50:49
Running from C:\Users\Jann\Downloads
Loaded Profile: Jann (Available profiles: Jann & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Spotify Ltd) C:\Users\Jann\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
() C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(PortableApps.com) C:\Users\Jann\Desktop\GoogleChromePortable\GoogleChromePortable.exe
(Google Inc.) C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-12-01] (LogMeIn Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\...\Run: [Spotify] => C:\Users\Jann\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-08] (Spotify Ltd)
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\...\Run: [Spotify Web Helper] => C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-08] (Spotify Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * autocheck turegopt

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50467;https=127.0.0.1:50467
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5A6EC3786809D001
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 16 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 16 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default
FF SelectedSearchEngine: Google
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_34 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @protectdisc.com/NPPDLicenseHelper -> C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: EPUBReader - C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-04]
FF Extension: Techgile - C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default\Extensions\{1e3cbb53-e197-4e2a-92c5-00bc91f79189}.xpi [2014-11-16]
FF Extension: AddonFox - C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default\Extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi [2011-05-27]
FF Extension: Greasemonkey - C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-04-25]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203264 2009-08-18] (AMD) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-30] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
S4 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2010-02-13] (DATA BECKER GmbH & Co KG) [File not signed]
S3 fussvc; D:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-11-14] (LogMeIn, Inc.)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
S3 Te.Service; D:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2014-08-15] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-07-09] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [549704 2012-07-09] (PacketVideo)
R2 TwonkyWebDav; C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [271176 2012-07-09] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 acedrv09; C:\Windows\system32\drivers\acedrv09.sys [134880 2010-04-16] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [31904 2014-11-26] () [File not signed]
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2014-11-26] () [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-26] (Disc Soft Ltd)
S3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [25528 2011-08-08] (Turtle Entertainment GmbH)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 21:56 - 2014-12-01 21:56 - 00096206 _____ () C:\Users\Jann\Downloads\OTL.Txt
2014-12-01 21:56 - 2014-12-01 21:56 - 00090678 _____ () C:\Users\Jann\Downloads\Extras.Txt
2014-12-01 21:40 - 2014-12-01 21:40 - 00602112 _____ (OldTimer Tools) C:\Users\Jann\Downloads\OTL.exe
2014-11-30 10:48 - 2014-11-30 10:48 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-30 10:47 - 2014-11-30 10:45 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-11-30 10:37 - 2014-11-30 10:37 - 00002852 _____ () C:\Users\Jann\Desktop\fixlist.txt
2014-11-29 22:43 - 2014-11-29 22:43 - 00852490 _____ () C:\Users\Jann\Downloads\SecurityCheck.exe
2014-11-29 17:27 - 2014-11-29 17:27 - 00000000 ____D () C:\Users\Jann\AppData\Roaming\Avira
2014-11-29 17:26 - 2014-11-30 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-29 17:26 - 2014-11-30 10:48 - 00000000 ____D () C:\ProgramData\Avira
2014-11-29 17:26 - 2014-11-30 10:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-29 17:26 - 2014-11-30 10:45 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-11-29 17:26 - 2014-11-30 10:45 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-11-29 17:26 - 2014-11-29 17:26 - 00002066 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-11-29 17:26 - 2013-12-18 09:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-11-29 17:23 - 2014-11-26 18:53 - 00378280 _____ (Say Media Group LTD) C:\Windows\system32\ColorMedia64.dll
2014-11-29 17:23 - 2014-11-26 18:53 - 00332584 _____ (Say Media Group LTD) C:\Windows\SysWOW64\ColorMedia.dll
2014-11-29 17:23 - 2014-11-26 18:53 - 00045216 _____ () C:\Windows\system32\Drivers\cmwr.sys
2014-11-29 17:23 - 2014-11-26 18:53 - 00031904 _____ () C:\Windows\system32\Drivers\cmwf.sys
2014-11-29 17:21 - 2014-11-29 17:21 - 00687552 _____ () C:\Users\Jann\Downloads\avira-free-antivir.exe
2014-11-28 09:16 - 2014-11-28 09:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-28 09:15 - 2014-11-28 09:16 - 02347384 _____ (ESET) C:\Users\Jann\Downloads\esetsmartinstaller_deu.exe
2014-11-27 11:57 - 2014-11-27 11:57 - 00055046 _____ () C:\Users\Jann\Downloads\DBM-PvP-r39.zip
2014-11-27 11:16 - 2014-11-27 11:16 - 00023265 _____ () C:\Users\Jann\Downloads\InterruptBar_v1.1.6.zip
2014-11-27 11:02 - 2014-11-27 11:02 - 01957481 _____ () C:\Users\Jann\Downloads\DBM-Core-6.0.5.zip
2014-11-27 10:26 - 2014-11-30 19:01 - 00000000 ____D () C:\Users\Jann\Downloads\FRST-OlderVersion
2014-11-27 10:25 - 2014-11-27 10:25 - 00001994 _____ () C:\Users\Jann\Desktop\JRT.txt
2014-11-27 10:22 - 2014-11-27 10:22 - 01707532 _____ (Thisisu) C:\Users\Jann\Downloads\JRT.exe
2014-11-27 10:22 - 2014-11-27 10:22 - 00000000 ____D () C:\Windows\ERUNT
2014-11-27 10:14 - 2014-11-27 10:14 - 02148864 _____ () C:\Users\Jann\Downloads\AdwCleaner_4.102.exe
2014-11-27 10:12 - 2014-11-27 10:12 - 00000162 ____H () C:\Users\Jann\Downloads\~$mbam.txt
2014-11-27 10:11 - 2014-11-27 10:11 - 00024555 _____ () C:\Users\Jann\Downloads\mbam.txt
2014-11-27 09:52 - 2014-11-29 18:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-27 09:52 - 2014-11-27 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-27 09:52 - 2014-11-27 09:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-27 09:52 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-27 09:52 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-27 09:52 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-27 09:51 - 2014-11-27 09:51 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Jann\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-26 13:28 - 2014-11-26 13:28 - 00019649 _____ () C:\ComboFix.txt
2014-11-26 13:11 - 2014-11-26 13:29 - 00000000 ____D () C:\Qoobox
2014-11-26 13:11 - 2014-11-26 13:29 - 00000000 ____D () C:\ComboFix
2014-11-26 13:11 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-26 13:11 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-26 13:11 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-26 13:11 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-26 13:11 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-26 13:11 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-26 13:11 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-26 13:11 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-26 13:08 - 2014-11-26 13:08 - 05599228 ____R (Swearware) C:\Users\Jann\Downloads\ComboFix.exe
2014-11-26 12:58 - 2014-11-26 12:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jann\Downloads\revosetup95.exe
2014-11-26 11:56 - 2014-11-26 11:56 - 00380416 _____ () C:\Users\Jann\Downloads\hhfp4u78.exe
2014-11-26 11:51 - 2014-11-30 19:03 - 00038233 _____ () C:\Users\Jann\Downloads\Addition.txt
2014-11-26 11:50 - 2014-12-02 20:50 - 00015898 _____ () C:\Users\Jann\Downloads\FRST.txt
2014-11-26 11:49 - 2014-12-02 20:50 - 00000000 ____D () C:\FRST
2014-11-26 11:49 - 2014-11-30 19:01 - 02117120 _____ (Farbar) C:\Users\Jann\Downloads\FRST64.exe
2014-11-26 11:48 - 2014-11-26 11:48 - 00000540 _____ () C:\Users\Jann\Downloads\defogger_disable.log
2014-11-26 11:48 - 2014-11-26 11:48 - 00000168 _____ () C:\Users\Jann\defogger_reenable
2014-11-26 11:47 - 2014-11-26 11:47 - 00050477 _____ () C:\Users\Jann\Downloads\Defogger.exe
2014-11-24 14:19 - 2014-11-24 14:19 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Jann\Downloads\tdsskiller.exe
2014-11-24 14:11 - 2014-11-24 14:11 - 00001264 _____ () C:\Users\Jann\Desktop\Revo Uninstaller.lnk
2014-11-24 14:11 - 2014-11-24 14:11 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-24 13:58 - 2014-11-24 13:59 - 01046528 _____ () C:\Users\Jann\Downloads\MicrosoftFixit50848.msi
2014-11-23 16:42 - 2014-11-23 18:13 - 00705513 ____N () C:\Windows\Minidump\112314-21216-01.dmp
2014-11-18 21:12 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 21:12 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 21:12 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 21:12 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-16 20:18 - 2014-11-26 13:06 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-11-16 17:43 - 2014-11-16 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Mouse Auto Clicker
2014-11-16 17:43 - 2014-11-16 17:43 - 00000000 ____D () C:\Program Files (x86)\Free Mouse Auto Clicker
2014-11-15 22:43 - 2014-11-26 11:28 - 00002806 _____ () C:\Users\Jann\Documents\priest2.txt
2014-11-12 13:50 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 13:50 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 13:50 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 13:50 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 13:50 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 13:50 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 13:50 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 13:50 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 13:50 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 13:50 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 13:50 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 13:50 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 13:50 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 13:50 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 13:50 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 13:50 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 13:50 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 13:50 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 13:50 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 13:50 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 13:50 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 13:50 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 13:50 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 13:50 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 13:50 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 13:50 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 13:50 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 13:50 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 13:50 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 13:50 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 13:50 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 13:50 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 13:50 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 13:50 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 13:50 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 13:50 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 13:50 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 13:50 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 13:50 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 13:50 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 13:50 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 13:50 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 13:50 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 13:50 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 13:50 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 13:50 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 13:50 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 13:50 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 13:50 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 13:50 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 13:50 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 13:50 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 13:50 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 13:50 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 13:50 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 13:50 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 13:50 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 13:50 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 13:50 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 13:50 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 13:50 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 13:50 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 13:50 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 13:50 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 13:50 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 13:50 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 13:50 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 13:50 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 13:50 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 13:49 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 13:49 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 13:49 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 13:49 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 13:49 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 13:49 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 13:49 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 13:49 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 13:49 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 13:49 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 13:49 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 13:49 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 13:49 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 13:49 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 13:49 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 13:49 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 13:49 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-02 22:15 - 2014-11-02 22:15 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
2014-11-02 22:14 - 2014-11-02 22:14 - 00000000 ____D () C:\Program Files\Application Verifier
2014-11-02 22:14 - 2014-11-02 22:14 - 00000000 ____D () C:\Program Files (x86)\Application Verifier
2014-11-02 22:13 - 2014-11-02 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-11-02 18:50 - 2014-11-02 18:50 - 00000000 ____D () C:\Users\Jann\AppData\Local\NVIDIA
2014-11-02 18:47 - 2014-07-02 18:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-02 18:46 - 2014-07-02 11:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2014-11-02 17:01 - 2014-11-02 17:01 - 00017475 _____ () C:\Windows\DirectX.log
2014-11-02 16:59 - 2014-11-30 10:47 - 00000000 ____D () C:\ProgramData\Package Cache

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-02 20:45 - 2012-10-15 19:29 - 00000000 ____D () C:\Users\Jann\AppData\Roaming\Spotify
2014-12-02 20:44 - 2013-01-11 18:05 - 00000000 ____D () C:\ProgramData\TwonkyServer
2014-12-02 20:44 - 2011-02-27 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-02 20:44 - 2011-02-27 17:19 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-02 20:42 - 2014-08-15 01:34 - 00014204 _____ () C:\Windows\setupact.log
2014-12-02 20:42 - 2009-12-30 17:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-02 20:42 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-02 20:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-02 18:39 - 2014-10-21 16:23 - 00000000 ____D () C:\Users\Jann\AppData\Local\Battle.net
2014-12-02 18:39 - 2009-12-30 15:55 - 01611756 _____ () C:\Windows\WindowsUpdate.log
2014-12-02 18:03 - 2012-07-29 16:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-02 09:55 - 2009-07-14 05:45 - 00015184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-02 09:55 - 2009-07-14 05:45 - 00015184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-02 01:46 - 2009-12-30 16:12 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AE0088BC-E7E3-4916-9D36-3ABEF7151AB7}
2014-12-01 21:37 - 2014-08-15 10:34 - 00000000 ____D () C:\Users\Jann\AppData\Local\Spotify
2014-11-30 10:40 - 2014-08-15 02:45 - 00000008 __RSH () C:\Users\Jann\ntuser.pol
2014-11-30 10:40 - 2009-12-30 16:00 - 00000000 ____D () C:\Users\Jann
2014-11-30 10:39 - 2014-08-15 01:34 - 00846204 _____ () C:\Windows\PFRO.log
2014-11-30 10:38 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-29 17:29 - 2014-10-26 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stronghold Crusader 2
2014-11-27 22:56 - 2014-08-15 02:11 - 00000000 ____D () C:\AdwCleaner
2014-11-27 10:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Globalization
2014-11-26 13:29 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-26 13:24 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-26 13:23 - 2014-08-15 01:21 - 00000000 ____D () C:\Windows\erdnt
2014-11-26 13:23 - 2009-07-14 03:34 - 92012544 _____ () C:\Windows\system32\config\software.bak
2014-11-26 13:23 - 2009-07-14 03:34 - 57933824 _____ () C:\Windows\system32\config\components.bak
2014-11-26 13:23 - 2009-07-14 03:34 - 19660800 _____ () C:\Windows\system32\config\system.bak
2014-11-26 13:23 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-11-26 13:23 - 2009-07-14 03:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2014-11-26 13:23 - 2009-07-14 03:34 - 00028672 _____ () C:\Windows\system32\config\security.bak
2014-11-26 11:39 - 2009-07-14 03:34 - 00000633 _____ () C:\Windows\win.ini
2014-11-26 02:03 - 2012-07-29 16:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 02:03 - 2012-07-29 16:40 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 02:03 - 2011-08-09 19:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 12:21 - 2014-08-15 11:03 - 00000000 ____D () C:\Program Files\Google
2014-11-25 12:21 - 2010-01-29 14:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-24 14:14 - 2010-01-29 14:33 - 00000000 ____D () C:\Users\Jann\AppData\Local\Google
2014-11-23 18:14 - 2010-05-06 12:54 - 00000000 ____D () C:\Windows\Minidump
2014-11-18 21:04 - 2014-10-21 16:23 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-11-17 16:50 - 2014-08-16 07:44 - 00000000 ____D () C:\Windows\rescache
2014-11-16 17:43 - 2013-04-15 12:58 - 00000000 ____D () C:\Users\Jann\Documents\prjejktarbeit
2014-11-12 23:14 - 2009-07-14 05:45 - 03009992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 19:36 - 2013-08-14 14:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 19:32 - 2009-12-30 17:15 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-09 13:46 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-11-09 13:46 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-11-09 13:46 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-04 14:30 - 2009-12-30 16:18 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-02 18:47 - 2011-11-07 21:46 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-02 18:47 - 2010-09-17 18:20 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-02 18:47 - 2010-09-17 18:20 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

Some content of TEMP:
====================
C:\Users\Jann\AppData\Local\temp\avgnt.exe
C:\Users\Jann\AppData\Local\temp\optprosetup.exe
C:\Users\Jann\AppData\Local\temp\PCSChecker.exe
C:\Users\Jann\AppData\Local\temp\Quarantine.exe
C:\Users\Jann\AppData\Local\temp\Setup0988111.exe
C:\Users\Jann\AppData\Local\temp\SpOrder.dll
C:\Users\Jann\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 14:24

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Hab noch eine Fehlermeldung bekommen die vielleicht zur Lösung beitragen könnte:

www.picload.org/image/copigcr/unbenannt67.png
Den angegebenen Link kann ich natürlich nicht öffnen da mein Browser nicht funktioniert

schrauber 03.12.2014 20:54
Downloade Dir HitmanProhttp://deeprybka.trojaner-board.de/b.../hitmanpro.pngauf Deinen Desktop:

HitmanPro - 32 Bit
HitmanPro - 64 Bit
  • Starte die HitmanPro.exe
  • Klicke unten auf der Button-Leiste auf Einstellungen
  • Belasse die Standardeinstellungen und wähle nur bei "Nach potentiell unerwünschten Programmen suchen" als "Standardaktion" Löschen aus und bestätige mit Ok.
  • Klicke auf Weiter und akzeptiere die Lizenzbedingungen. Klicke auf Weiter.
  • Wähle "Nein, ich möchte nur einen Einmalscan zur Überprüfung dieses Computers ausführen" aus und klicke auf Weiter.
  • Lass am Ende des Suchlaufs alle auftretende Funde löschen und klicke auf Weiter.
  • Wähle unten links auf der Button-Leiste Logdatei speichern und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro.

Poste bitte den Inhalt der HitmanPro_<Datum_Uhrzeit>.txt mit Deiner nächsten Antwort.

Kelethine 04.12.2014 10:30
[CODE]
Code:
HitmanPro 3.7.9.232
www.hitmanpro.com

  Computer name . . . . : NAMELOL
  Windows . . . . . . . : 6.1.1.7601.X64/3
  User name . . . . . . : Namelol\Jann
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Free

  Scan date . . . . . . : 2014-12-04 10:01:50
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 15m 40s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 1
  Traces  . . . . . . . : 27

  Objects scanned . . . : 2.863.702
  Files scanned . . . . : 95.184
  Remnants scanned  . . : 924.720 files / 1.843.798 keys

Malware _____________________________________________________________________

  C:\Users\Jann\AppData\Local\temp\DLG\exe\adsology-optimizer-pro-1.0-de-de\OptimizerPro.exe
      Size . . . . . . . : 6.162.424 bytes
      Age  . . . . . . . : 4.7 days (2014-11-29 17:22:55)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 060C8F55842E425F3912AD1966A0B1636EE56466E2F514CE7D42F376AC01D76E
      Product  . . . . . : Optimizer Pro v3.2
      Publisher  . . . . : PC Utilities Software Limited
      Description  . . . : Fix PC problems and optimize performance
      Version  . . . . . : 3.2.0.2
      Copyright  . . . . : PC Utilities Software Limited
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Bitdefender  . . . : Application.Agent.GN
    > Kaspersky  . . . . : not-a-virus:RiskTool.Win32.OptimizerPro.b
      Fuzzy  . . . . . . : 98.0
      Forensic Cluster
        -62.2s C:\Users\Jann\AppData\Local\temp\DLG7A10.tmp
        -62.2s C:\Users\Jann\AppData\Local\temp\DLG\
        -62.2s C:\Users\Jann\AppData\Local\temp\DLG\requirements\
        -62.2s C:\Users\Jann\AppData\Local\temp\DLG\initWindow\
        -62.2s C:\Users\Jann\AppData\Local\temp\DLG\initWindow\css\
        -62.1s C:\Users\Jann\AppData\Local\temp\DLG\loadingImage\
        -60.1s C:\Users\Jann\AppData\Local\temp\DLG\e0ed048e90a6cd1636f19b7a343cf5600.6847496995950058
        -60.1s C:\Users\Jann\AppData\Local\temp\DLG\cfg.txt
        -59.9s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.3729047556337124
        -59.8s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.686155225399037
        -59.8s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.686155225399037
        -59.6s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.3951819344961953
        -59.5s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.7052602762724824
        -59.4s C:\Users\Jann\AppData\Local\temp\DLG\requirements\PCSCheckerInst.exe
        -59.4s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.4732353498152305
        -59.3s C:\Users\Jann\AppData\Local\temp\PCSChecker.exe
        -59.2s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.44258001846487205
        -59.1s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.2887421432542059
        -59.0s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.6597048687390155
        -58.4s C:\Users\Jann\AppData\Local\temp\DLG\ui\common\
        -58.4s C:\Users\Jann\AppData\Local\temp\DLG\ui\common\base\
        -58.4s C:\Users\Jann\AppData\Local\temp\DLG\ui\
        -58.4s C:\Users\Jann\AppData\Local\temp\DLG\ui\common\progress\
        -58.4s C:\Users\Jann\AppData\Local\temp\DLG\ui\common\last\
        -58.4s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\
        -58.4s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\pro-de\
        -58.4s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\elex-websearches-1.0-de-de\
        -58.4s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\wajam-internet-technologies-wajam-1.0-de-de\
        -58.4s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\adsology-optimizer-pro-1.0-de-de\
        -58.4s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\installium-piccolor-1.0-de-de\
        -58.3s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\wajam-internet-technologies-wajam-1.0-de-de\uifile.zip
        -58.2s C:\Users\Jann\AppData\Local\temp\DLG\ui\common\last\last.zip
        -58.2s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.6384838940637583
        -58.2s C:\Users\Jann\AppData\Local\temp\DLG\ui\common\last\css\
        -58.2s C:\Users\Jann\AppData\Local\temp\DLG\ui\common\last\img\
        -58.2s C:\Users\Jann\AppData\Local\temp\DLG\ui\common\last\js\
        -58.1s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\wajam-internet-technologies-wajam-1.0-de-de\css\
        -58.1s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\wajam-internet-technologies-wajam-1.0-de-de\img\
        -58.1s C:\Users\Jann\AppData\Local\temp\DLG\ui\common\progress\progress.zip
        -58.1s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\wajam-internet-technologies-wajam-1.0-de-de\js\
        -58.1s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\installium-piccolor-1.0-de-de\uifile.zip
        -58.0s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.5460067979105625
        -57.9s C:\Users\Jann\AppData\Local\temp\DLG\ui\common\progress\css\
        -57.9s C:\Users\Jann\AppData\Local\temp\DLG\ui\common\progress\img\
        -57.9s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\installium-piccolor-1.0-de-de\css\
        -57.9s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\installium-piccolor-1.0-de-de\css\
        -57.9s C:\Users\Jann\AppData\Local\temp\DLG\ui\common\base\base.zip
        -57.9s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\installium-piccolor-1.0-de-de\img\
        -57.9s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\installium-piccolor-1.0-de-de\js\
        -57.8s C:\Users\Jann\AppData\Local\temp\DLG\ui\common\base\css\
        -57.8s C:\Users\Jann\AppData\Local\temp\DLG\ui\common\base\js\
        -57.8s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.8462658459963372
        -57.8s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\elex-websearches-1.0-de-de\uifile.zip
        -57.8s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\elex-websearches-1.0-de-de\uifile.zip
        -57.5s C:\Users\Jann\AppData\Local\temp\DLG\ui\common\progress\js\
        -57.5s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\elex-websearches-1.0-de-de\css\
        -57.5s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\adsology-optimizer-pro-1.0-de-de\uifile.zip
        -57.4s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\elex-websearches-1.0-de-de\img\
        -57.4s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\elex-websearches-1.0-de-de\js\
        -57.3s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\adsology-optimizer-pro-1.0-de-de\css\
        -57.3s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\adsology-optimizer-pro-1.0-de-de\img\
        -57.3s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\adsology-optimizer-pro-1.0-de-de\js\
        -57.2s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\pro-de\uifile.zip
        -57.1s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\pro-de\css\
        -57.1s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\pro-de\img\
        -57.1s C:\Users\Jann\AppData\Local\temp\DLG\ui\offers\pro-de\js\
        -55.3s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.6682175259112554
        -55.2s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.8087579701554406
        -55.1s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.9160253363010447
        -54.3s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.8369704858967627
        -53.3s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.7825844598616625
        -53.3s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.7825844598616625
        -53.3s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.7825844598616625
        -53.1s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.7589109587164068
        -53.1s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.7589109587164068
        -52.4s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.16228295644572888
        -52.3s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.7345232754536721
        -51.0s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.3488354881703301
        -50.9s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.6554151504477533
        -49.3s C:\Users\Jann\AppData\Local\temp\DLG\exe\
        -49.3s C:\Users\Jann\AppData\Local\temp\DLG\exe\elex-websearches-1.0-de-de\
        -49.2s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.9632040164086626
        -49.1s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.7546459494692985
        -49.0s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.6613212269896838
        -48.9s C:\Users\Jann\AppData\Local\temp\DLG\exe\elex-websearches-1.0-de-de\cvs_webssearches.exe
        -46.0s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.1096053526692442
        -45.9s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.39754450397116875
        -28.3s C:\Users\Jann\AppData\Local\temp\DLG\exe\wajam-internet-technologies-wajam-1.0-de-de\
        -28.2s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.38552207600311255
        -28.1s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.9357724321793051
        -21.4s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.09390641193494425
        -21.3s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.31828374301387146
        -21.3s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.31828374301387146
        -2.5s C:\$RECYCLE.BIN\S-1-5-21-190608245-4047686273-1255289160-1001\$RQ6VKFK\
        -0.6s C:\Users\Jann\AppData\Local\temp\NVIDIA Corporation\NV_Cache\63547c51a55c7182c5c77fb521826c6c_fce8394c8fd8a83d_f3279b66e87c6f22_0_0.toc
        -0.6s C:\Users\Jann\AppData\Local\temp\NVIDIA Corporation\NV_Cache\63547c51a55c7182c5c77fb521826c6c_fce8394c8fd8a83d_f3279b66e87c6f22_0_0.bin
        -0.3s C:\Users\Jann\AppData\Local\temp\DLG\exe\adsology-optimizer-pro-1.0-de-de\
        -0.3s C:\Users\Jann\AppData\Local\temp\DLG\exe\adsology-optimizer-pro-1.0-de-de\
        -0.2s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.7810326974686841
        -0.1s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.719658074684134
          0.0s C:\Users\Jann\AppData\Local\temp\DLG\exe\adsology-optimizer-pro-1.0-de-de\OptimizerPro.exe
          6.5s C:\Users\Jann\AppData\Local\temp\StructuredQuery.log
        12.3s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.6055593586796391
        12.3s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.6055593586796391
        12.8s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.6705323593931158
        12.8s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.6705323593931158
        12.8s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.6705323593931158
        12.9s C:\Users\Jann\AppData\Local\temp\optprosetup.exe
        15.4s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\
        15.4s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\unins000.dat
        15.4s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\unins000.exe
        15.4s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\OptimizerPro.exe
        15.6s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\sqlite3.dll
        15.6s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\scan.gif
        15.6s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\StartupList.txt
        15.6s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\CookiesException.txt
        15.6s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\OptProStart.exe
        15.7s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\OptProReminder.exe
        15.7s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\OptProReminder.exe
        15.7s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\OptProGuard.exe
        15.7s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\OptProGuard.exe
        15.8s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\OptProLauncher.exe
        15.8s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\OptProUninstaller.exe
        15.8s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\German.ini
        15.8s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\OptimizerPro.chm
        15.8s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\file_id.diz
        15.9s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\HomePage.url
        15.9s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\bg_new3.bmp
        15.9s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\cancel.bmp
        15.9s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\OptProHelper.dll
        16.0s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\itdownload.dll
        16.1s C:\FRST\Quarantine\C\Users\Jann\Desktop\Optimizer Pro.lnk.xBAD
        16.1s C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\
        16.1s C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk
        16.2s C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Hilfe.lnk
        16.3s C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro im Internet.lnk
        16.3s C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro entfernen.lnk
        16.3s C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Nach Updates suchen.lnk
        16.4s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\unins000.msg
        16.9s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll
        16.9s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll
        16.9s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll
        16.9s C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll
        22.6s C:\Users\Jann\AppData\Local\temp\DLG\exe\installium-piccolor-1.0-de-de\
        22.7s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.7511035900421494
        22.8s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.6052292122254792
        22.8s C:\Users\Jann\AppData\Local\temp\DLG\exe\installium-piccolor-1.0-de-de\PicColorWebInst.exe
        23.0s C:\Users\Jann\AppData\Local\temp\Setup0988111.exe
        23.1s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.622178386529121
        23.1s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.622178386529121
        23.2s C:\Users\Jann\AppData\Local\temp\DLG\c4cd8a593dfaff0043655d24e1f007770.38789655377756665
        25.1s C:\FRST\Quarantine\C\ProgramData\RfndNSIS\
        25.9s C:\FRST\Quarantine\C\ProgramData\SafeUpdater\
        26.2s C:\Users\Jann\AppData\Local\temp\RgsBTMedia.ini.log
        26.3s C:\Windows\System32\ColorMedia64.dll
        28.7s C:\Windows\SysWOW64\ColorMedia.dll
        30.0s C:\Users\Jann\AppData\Local\temp\SpOrder.dll
        30.2s C:\Users\Jann\AppData\Local\temp\ColorMedia.log
        30.9s C:\Windows\temp\ColorMedia.log
        31.4s C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default\none


Suspicious files ____________________________________________________________

  C:\Users\Jann\AppData\Local\PunkBuster\BC2\pb\dll\wc002261.dll
      Size . . . . . . . : 951.318 bytes
      Age  . . . . . . . : 1396.8 days (2011-02-06 14:42:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 07F342FC49BF00281C514B364399E7FD98C36888DF680304C7807C827336E939
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Jann\AppData\Local\PunkBuster\BC2\pb\dll\wc002263.dll
      Size . . . . . . . : 944.298 bytes
      Age  . . . . . . . : 1342.6 days (2011-04-01 20:08:32)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E570C42135F4E074FEA64029B4F9923775EBB7BBB3276A02F212621D7660A506
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Jann\AppData\Local\PunkBuster\BC2\pb\dll\wc002305.dll
      Size . . . . . . . : 962.185 bytes
      Age  . . . . . . . : 754.8 days (2012-11-09 13:58:20)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C8E59E65AE451CE761E7C48F8BA802CD17513057DEA65A4D4B4F6001153FD414
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Jann\AppData\Local\PunkBuster\BC2\pb\pbcl.dll
      Size . . . . . . . : 962.185 bytes
      Age  . . . . . . . : 745.8 days (2012-11-18 14:37:18)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C8E59E65AE451CE761E7C48F8BA802CD17513057DEA65A4D4B4F6001153FD414
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Jann\AppData\Local\PunkBuster\BC2\pb\pbclold.dll
      Size . . . . . . . : 962.185 bytes
      Age  . . . . . . . : 1717.0 days (2010-03-23 10:32:06)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C8E59E65AE451CE761E7C48F8BA802CD17513057DEA65A4D4B4F6001153FD414
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Jann\AppData\Local\PunkBuster\BC2\pb\pbcls.dll
      Size . . . . . . . : 960.138 bytes
      Age  . . . . . . . : 1123.5 days (2011-11-06 20:51:58)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 70053EEA7AC3C1427D779B3F258A13CF74B02980DCDDEFBC24B341CFFA1E4AA2
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Jann\AppData\Local\PunkBuster\BC2\pb\PnkBstrK.sys
      Size . . . . . . . : 139.048 bytes
      Age  . . . . . . . : 1717.0 days (2010-03-23 10:32:45)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : A935B2B22381F56ED9F78AF35FE20333F974CB4CB1257763434B7667DE17AD57
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.
        Program is code signed with a valid Authenticode certificate.

  C:\Users\Jann\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
      Size . . . . . . . : 953.886 bytes
      Age  . . . . . . . : 735.6 days (2012-11-28 18:40:26)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Jann\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
      Size . . . . . . . : 953.886 bytes
      Age  . . . . . . . : 735.6 days (2012-11-28 18:40:25)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Jann\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
      Size . . . . . . . : 138.032 bytes
      Age  . . . . . . . : 735.6 days (2012-11-28 18:40:41)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.
        Program is code signed with a valid Authenticode certificate.

  C:\Users\Jann\Downloads\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.117.632 bytes
      Age  . . . . . . . : 7.9 days (2014-11-26 11:49:06)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 0A3AF33164BDB71EDE4BC4EC461207C03FC8E9FFEF291B4538F8BEC99AB804D8
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
        Program has no publisher information but prompts the user for permission elevation.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.

  C:\Users\Jann\Downloads\FRST64.exe
      Size . . . . . . . : 2.117.120 bytes
      Age  . . . . . . . : 3.6 days (2014-11-30 19:01:09)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : A5CC4AE46EA7B1AE603D1118B5C7BB31C2F4216D06465DAF76E3CC7CF26CBF87
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
        Program has no publisher information but prompts the user for permission elevation.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
      References
        HKU\S-1-5-21-190608245-4047686273-1255289160-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Jann\Downloads\FRST64.exe

  C:\Windows\system32\drivers\cmwf.sys
      Size . . . . . . . : 31.904 bytes
      Age  . . . . . . . : 4.7 days (2014-11-29 17:23:31)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 882C2685EDB3DB2042D6046FC95F235D3324B8E11180CDBBC3C0B268B863BD41
      Product  . . . . . : cmwf.sys
      Publisher  . . . . : Say Media Group LTD
      Description  . . . : PassThrough Filter Driver
      Version  . . . . . : 2.3.0.7
      Copyright  . . . . : Copyright ® Say Media Group LTD All rights reserved
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 44.0
        The file is hidden from Windows API. This is typical for malware.
        The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
        Time indicates that the file appeared recently on this computer.
        The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.
      Forensic Cluster
          0.0s C:\Windows\System32\drivers\cmwf.sys
          0.2s C:\Windows\System32\drivers\cmwr.sys

  C:\Windows\system32\drivers\cmwr.sys
      Size . . . . . . . : 45.216 bytes
      Age  . . . . . . . : 4.7 days (2014-11-29 17:23:32)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : DEEE845FF83510FD536F6276AC082FA29D6843727F753E3254EAE5E09871037B
      Product  . . . . . : cmwr.sys
      Publisher  . . . . : Say Media Group LTD
      Description  . . . : Registry Filter System Driver
      Version  . . . . . : 2.3.0.7
      Copyright  . . . . : Copyright ® Say Media Group LTD All rights reserved
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 44.0
        The file is hidden from Windows API. This is typical for malware.
        The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
        Time indicates that the file appeared recently on this computer.
        The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.
      Forensic Cluster
        -0.2s C:\Windows\System32\drivers\cmwf.sys
          0.0s C:\Windows\System32\drivers\cmwr.sys

  C:\Windows\SysWOW64\Vault.dll
      Size . . . . . . . : 34.624 bytes
      Age  . . . . . . . : 111.3 days (2014-08-15 02:24:26)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : A61A13198D0B88AB61463E25B32905E028F08983FBA677ABC4101F95410554DA
      Product  . . . . . : TuneUp Utilities
      Publisher  . . . . : TuneUp Software
      Description  . . . : TuneUp Registry Optimization Boot Application
      Version  . . . . . : 9.0.6030.1
      LanguageID . . . . : 0
      Fuzzy  . . . . . . : 42.0
        The file is hidden from Windows API. This is typical for malware.
        The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
        The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.
        The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.


Potential Unwanted Programs _________________________________________________

  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule\ (PCOptimizerPro)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancerApp_RASAPI32\ (Wajam)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancerApp_RASMANCS\ (Wajam)
  HKLM\SOFTWARE\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
  HKLM\SOFTWARE\Wow6432Node\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}\ (FLV Player)
  HKLM\SOFTWARE\Wow6432Node\{6791A2F3-FC80-475C-A002-C014AF797E9C}\ (FLV Player)
  HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
  HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
  HKU\S-1-5-21-190608245-4047686273-1255289160-1001\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
  HKU\S-1-5-21-190608245-4047686273-1255289160-1001\Software\Optimizer Pro\ (PCOptimizerPro)

schrauber 05.12.2014 09:03
Nochmal Hitman, alle Funde löschen lassen, dann bitte 2 frische FRST logs.

Kelethine 05.12.2014 15:12
Das Programm spinnt rum, erst war es abgestürzt (ohne Rückmeldung) und jetzt stoppt er bei und 11% oder manchmal auch bei 13%:

www.picload.org/image/cowialo/unbenannt44444.png

Hab aber schon beim ersten Durchlauf alle Funde löschen lassen, daher hier die FRST Logs
(nachdem sich FRST auch erst aufgehangen hat):


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Jann (administrator) on NAMELOL on 05-12-2014 15:10:56
Running from C:\Users\Jann\Downloads
Loaded Profile: Jann (Available profiles: Jann & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Spotify Ltd) C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(PortableApps.com) C:\Users\Jann\Desktop\GoogleChromePortable\GoogleChromePortable.exe
(Google Inc.) C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-12-01] (LogMeIn Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\...\Run: [Spotify] => C:\Users\Jann\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-08] (Spotify Ltd)
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\...\Run: [Spotify Web Helper] => C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-08] (Spotify Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * autocheck turegopt

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-190608245-4047686273-1255289160-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50467;https=127.0.0.1:50467
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5A6EC3786809D001
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 16 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 16 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default
FF SelectedSearchEngine: Google
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_34 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @protectdisc.com/NPPDLicenseHelper -> C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: EPUBReader - C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-04]
FF Extension: Techgile - C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default\Extensions\{1e3cbb53-e197-4e2a-92c5-00bc91f79189}.xpi [2014-11-16]
FF Extension: AddonFox - C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default\Extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi [2011-05-27]
FF Extension: Greasemonkey - C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-04-25]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203264 2009-08-18] (AMD) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
S4 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2010-02-13] (DATA BECKER GmbH & Co KG) [File not signed]
S3 fussvc; D:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-11-14] (LogMeIn, Inc.)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
S3 Te.Service; D:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2014-08-15] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-07-09] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [549704 2012-07-09] (PacketVideo)
R2 TwonkyWebDav; C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [271176 2012-07-09] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 acedrv09; C:\Windows\system32\drivers\acedrv09.sys [134880 2010-04-16] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [31904 2014-11-26] () [File not signed]
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2014-11-26] () [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-26] (Disc Soft Ltd)
S3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [25528 2011-08-08] (Turtle Entertainment GmbH)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-12-05] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 21:59 - 2014-12-04 21:59 - 00390774 _____ () C:\Users\Jann\Downloads\Recount-v6.0.3c_release.zip
2014-12-04 10:26 - 2014-12-05 10:24 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-12-04 10:23 - 2014-12-04 10:23 - 00002318 _____ () C:\Windows\system32\.crusader
2014-12-04 10:19 - 2014-12-04 10:19 - 00065000 _____ () C:\Users\Jann\Downloads\HitmanPro_20141204_1019.log
2014-12-04 10:01 - 2014-12-04 10:25 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-04 10:00 - 2014-12-04 10:00 - 11222744 _____ (SurfRight B.V.) C:\Users\Jann\Downloads\HitmanPro_x64.exe
2014-12-03 08:05 - 2014-12-04 21:36 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-12-03 08:05 - 2014-12-03 08:05 - 00001155 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-12-03 08:05 - 2014-12-03 08:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-12-01 21:56 - 2014-12-01 21:56 - 00096206 _____ () C:\Users\Jann\Downloads\OTL.Txt
2014-12-01 21:56 - 2014-12-01 21:56 - 00090678 _____ () C:\Users\Jann\Downloads\Extras.Txt
2014-12-01 21:40 - 2014-12-01 21:40 - 00602112 _____ (OldTimer Tools) C:\Users\Jann\Downloads\OTL.exe
2014-11-30 10:48 - 2014-11-30 10:48 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-30 10:47 - 2014-11-30 10:45 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-11-30 10:37 - 2014-11-30 10:37 - 00002852 _____ () C:\Users\Jann\Desktop\fixlist.txt
2014-11-29 22:43 - 2014-11-29 22:43 - 00852490 _____ () C:\Users\Jann\Downloads\SecurityCheck.exe
2014-11-29 17:27 - 2014-11-29 17:27 - 00000000 ____D () C:\Users\Jann\AppData\Roaming\Avira
2014-11-29 17:26 - 2014-11-30 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-29 17:26 - 2014-11-30 10:48 - 00000000 ____D () C:\ProgramData\Avira
2014-11-29 17:26 - 2014-11-30 10:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-29 17:26 - 2014-11-30 10:45 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-11-29 17:26 - 2014-11-30 10:45 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-11-29 17:26 - 2014-11-29 17:26 - 00002066 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-11-29 17:26 - 2013-12-18 09:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-11-29 17:23 - 2014-11-26 18:53 - 00378280 _____ (Say Media Group LTD) C:\Windows\system32\ColorMedia64.dll
2014-11-29 17:23 - 2014-11-26 18:53 - 00332584 _____ (Say Media Group LTD) C:\Windows\SysWOW64\ColorMedia.dll
2014-11-29 17:23 - 2014-11-26 18:53 - 00045216 _____ () C:\Windows\system32\Drivers\cmwr.sys
2014-11-29 17:23 - 2014-11-26 18:53 - 00031904 _____ () C:\Windows\system32\Drivers\cmwf.sys
2014-11-29 17:21 - 2014-11-29 17:21 - 00687552 _____ () C:\Users\Jann\Downloads\avira-free-antivir.exe
2014-11-28 09:16 - 2014-11-28 09:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-28 09:15 - 2014-11-28 09:16 - 02347384 _____ (ESET) C:\Users\Jann\Downloads\esetsmartinstaller_deu.exe
2014-11-27 11:57 - 2014-11-27 11:57 - 00055046 _____ () C:\Users\Jann\Downloads\DBM-PvP-r39.zip
2014-11-27 11:16 - 2014-11-27 11:16 - 00023265 _____ () C:\Users\Jann\Downloads\InterruptBar_v1.1.6.zip
2014-11-27 11:02 - 2014-11-27 11:02 - 01957481 _____ () C:\Users\Jann\Downloads\DBM-Core-6.0.5.zip
2014-11-27 10:26 - 2014-12-05 15:08 - 00000000 ____D () C:\Users\Jann\Downloads\FRST-OlderVersion
2014-11-27 10:25 - 2014-11-27 10:25 - 00001994 _____ () C:\Users\Jann\Desktop\JRT.txt
2014-11-27 10:22 - 2014-11-27 10:22 - 01707532 _____ (Thisisu) C:\Users\Jann\Downloads\JRT.exe
2014-11-27 10:22 - 2014-11-27 10:22 - 00000000 ____D () C:\Windows\ERUNT
2014-11-27 10:14 - 2014-11-27 10:14 - 02148864 _____ () C:\Users\Jann\Downloads\AdwCleaner_4.102.exe
2014-11-27 10:12 - 2014-11-27 10:12 - 00000162 ____H () C:\Users\Jann\Downloads\~$mbam.txt
2014-11-27 10:11 - 2014-11-27 10:11 - 00024555 _____ () C:\Users\Jann\Downloads\mbam.txt
2014-11-27 09:52 - 2014-11-29 18:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-27 09:52 - 2014-11-27 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-27 09:52 - 2014-11-27 09:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-27 09:52 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-27 09:52 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-27 09:52 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-27 09:51 - 2014-11-27 09:51 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Jann\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-26 13:28 - 2014-11-26 13:28 - 00019649 _____ () C:\ComboFix.txt
2014-11-26 13:11 - 2014-11-26 13:29 - 00000000 ____D () C:\Qoobox
2014-11-26 13:11 - 2014-11-26 13:29 - 00000000 ____D () C:\ComboFix
2014-11-26 13:11 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-26 13:11 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-26 13:11 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-26 13:11 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-26 13:11 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-26 13:11 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-26 13:11 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-26 13:11 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-26 13:08 - 2014-11-26 13:08 - 05599228 ____R (Swearware) C:\Users\Jann\Downloads\ComboFix.exe
2014-11-26 12:58 - 2014-11-26 12:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jann\Downloads\revosetup95.exe
2014-11-26 11:56 - 2014-11-26 11:56 - 00380416 _____ () C:\Users\Jann\Downloads\hhfp4u78.exe
2014-11-26 11:51 - 2014-11-30 19:03 - 00038233 _____ () C:\Users\Jann\Downloads\Addition.txt
2014-11-26 11:50 - 2014-12-05 15:11 - 00015737 _____ () C:\Users\Jann\Downloads\FRST.txt
2014-11-26 11:49 - 2014-12-05 15:10 - 00000000 ____D () C:\FRST
2014-11-26 11:49 - 2014-12-05 15:08 - 02117632 _____ (Farbar) C:\Users\Jann\Downloads\FRST64.exe
2014-11-26 11:48 - 2014-11-26 11:48 - 00000540 _____ () C:\Users\Jann\Downloads\defogger_disable.log
2014-11-26 11:48 - 2014-11-26 11:48 - 00000168 _____ () C:\Users\Jann\defogger_reenable
2014-11-26 11:47 - 2014-11-26 11:47 - 00050477 _____ () C:\Users\Jann\Downloads\Defogger.exe
2014-11-24 14:19 - 2014-11-24 14:19 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Jann\Downloads\tdsskiller.exe
2014-11-24 14:11 - 2014-11-24 14:11 - 00001264 _____ () C:\Users\Jann\Desktop\Revo Uninstaller.lnk
2014-11-24 14:11 - 2014-11-24 14:11 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-24 13:58 - 2014-11-24 13:59 - 01046528 _____ () C:\Users\Jann\Downloads\MicrosoftFixit50848.msi
2014-11-23 16:42 - 2014-11-23 18:13 - 00705513 ____N () C:\Windows\Minidump\112314-21216-01.dmp
2014-11-18 21:12 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 21:12 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 21:12 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 21:12 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-16 20:18 - 2014-11-26 13:06 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-11-16 17:43 - 2014-11-16 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Mouse Auto Clicker
2014-11-16 17:43 - 2014-11-16 17:43 - 00000000 ____D () C:\Program Files (x86)\Free Mouse Auto Clicker
2014-11-15 22:43 - 2014-11-26 11:28 - 00002806 _____ () C:\Users\Jann\Documents\priest2.txt
2014-11-12 13:50 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 13:50 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 13:50 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 13:50 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 13:50 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 13:50 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 13:50 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 13:50 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 13:50 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 13:50 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 13:50 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 13:50 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 13:50 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 13:50 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 13:50 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 13:50 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 13:50 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 13:50 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 13:50 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 13:50 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 13:50 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 13:50 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 13:50 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 13:50 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 13:50 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 13:50 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 13:50 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 13:50 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 13:50 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 13:50 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 13:50 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 13:50 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 13:50 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 13:50 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 13:50 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 13:50 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 13:50 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 13:50 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 13:50 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 13:50 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 13:50 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 13:50 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 13:50 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 13:50 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 13:50 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 13:50 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 13:50 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 13:50 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 13:50 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 13:50 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 13:50 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 13:50 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 13:50 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 13:50 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 13:50 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 13:50 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 13:50 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 13:50 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 13:50 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 13:50 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 13:50 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 13:50 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 13:50 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 13:50 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 13:50 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 13:50 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 13:50 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 13:50 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 13:50 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 13:49 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 13:49 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 13:49 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 13:49 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 13:49 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 13:49 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 13:49 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 13:49 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 13:49 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 13:49 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 13:49 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 13:49 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 13:49 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 13:49 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 13:49 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 13:49 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 13:49 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-05 15:06 - 2013-01-11 18:05 - 00000000 ____D () C:\ProgramData\TwonkyServer
2014-12-05 15:03 - 2012-07-29 16:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-05 11:27 - 2014-10-21 16:23 - 00000000 ____D () C:\Users\Jann\AppData\Local\Battle.net
2014-12-05 11:27 - 2012-10-15 19:29 - 00000000 ____D () C:\Users\Jann\AppData\Roaming\Spotify
2014-12-05 10:23 - 2009-12-30 15:55 - 01707133 _____ () C:\Windows\WindowsUpdate.log
2014-12-05 10:23 - 2009-07-14 05:45 - 00015184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-05 10:23 - 2009-07-14 05:45 - 00015184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-05 10:15 - 2014-08-15 01:34 - 00014540 _____ () C:\Windows\setupact.log
2014-12-05 10:15 - 2009-12-30 17:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-05 10:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-05 03:37 - 2009-12-30 16:12 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AE0088BC-E7E3-4916-9D36-3ABEF7151AB7}
2014-12-04 22:07 - 2014-08-15 10:34 - 00000000 ____D () C:\Users\Jann\AppData\Local\Spotify
2014-12-02 23:22 - 2014-10-21 16:23 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-02 20:44 - 2011-02-27 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-02 20:44 - 2011-02-27 17:19 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-02 20:42 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-30 10:47 - 2014-11-02 16:59 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-30 10:40 - 2014-08-15 02:45 - 00000008 __RSH () C:\Users\Jann\ntuser.pol
2014-11-30 10:40 - 2009-12-30 16:00 - 00000000 ____D () C:\Users\Jann
2014-11-30 10:39 - 2014-08-15 01:34 - 00846204 _____ () C:\Windows\PFRO.log
2014-11-30 10:38 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-29 17:29 - 2014-10-26 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stronghold Crusader 2
2014-11-27 22:56 - 2014-08-15 02:11 - 00000000 ____D () C:\AdwCleaner
2014-11-27 10:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Globalization
2014-11-26 13:29 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-26 13:24 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-26 13:23 - 2014-08-15 01:21 - 00000000 ____D () C:\Windows\erdnt
2014-11-26 13:23 - 2009-07-14 03:34 - 92012544 _____ () C:\Windows\system32\config\software.bak
2014-11-26 13:23 - 2009-07-14 03:34 - 57933824 _____ () C:\Windows\system32\config\components.bak
2014-11-26 13:23 - 2009-07-14 03:34 - 19660800 _____ () C:\Windows\system32\config\system.bak
2014-11-26 13:23 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-11-26 13:23 - 2009-07-14 03:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2014-11-26 13:23 - 2009-07-14 03:34 - 00028672 _____ () C:\Windows\system32\config\security.bak
2014-11-26 11:39 - 2009-07-14 03:34 - 00000633 _____ () C:\Windows\win.ini
2014-11-26 02:03 - 2012-07-29 16:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 02:03 - 2012-07-29 16:40 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 02:03 - 2011-08-09 19:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 12:21 - 2014-08-15 11:03 - 00000000 ____D () C:\Program Files\Google
2014-11-25 12:21 - 2010-01-29 14:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-24 14:14 - 2010-01-29 14:33 - 00000000 ____D () C:\Users\Jann\AppData\Local\Google
2014-11-23 18:14 - 2010-05-06 12:54 - 00000000 ____D () C:\Windows\Minidump
2014-11-17 16:50 - 2014-08-16 07:44 - 00000000 ____D () C:\Windows\rescache
2014-11-16 17:43 - 2013-04-15 12:58 - 00000000 ____D () C:\Users\Jann\Documents\prjejktarbeit
2014-11-12 23:14 - 2009-07-14 05:45 - 03009992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 19:36 - 2013-08-14 14:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 19:32 - 2009-12-30 17:15 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-09 13:46 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-11-09 13:46 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-11-09 13:46 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\Jann\AppData\Local\temp\avgnt.exe
C:\Users\Jann\AppData\Local\temp\optprosetup.exe
C:\Users\Jann\AppData\Local\temp\PCSChecker.exe
C:\Users\Jann\AppData\Local\temp\Setup0988111.exe
C:\Users\Jann\AppData\Local\temp\SpOrder.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 14:24

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by Jann at 2014-12-05 15:11:47
Running from C:\Users\Jann\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Application Verifier x64 External Package (Version: 8.59.29722 - Microsoft) Hidden
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.16 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{40BD15A3-E031-5CF1-6994-550A4C059127}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{905d3ded-fe60-432c-b56e-7cd19f2899ac}) (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version:  - ) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 4.41.0315.0262 - DT Soft Ltd)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.)
DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Plus Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - )
DriverAgent by eSupport.com (HKLM\...\DriverAgent.exe) (Version:  - )
EPU (HKLM-x32\...\{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}) (Version: 1.00.22 - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
FileZilla Client 3.3.2.1 (HKLM-x32\...\FileZilla Client) (Version: 3.3.2.1 - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Mouse Auto Clicker 3.4.3 (HKLM-x32\...\{7D9D583E-EC8B-4390-B3A4-017B8182C8FF}_is1) (Version:  - Advanced Mouse Auto Clicker ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java(TM) 6 Update 34 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216034FF}) (Version: 6.0.340 - Oracle)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.279 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.279 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MediaManager (HKLM-x32\...\MediaManager) (Version: 3.0.3 (60) - PacketVideo)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools DEU (HKLM-x32\...\{E32260E7-0B10-43C7-9B77-AB9F4184676D}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 DEU (HKLM-x32\...\{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft Visual Basic 2008 Express Edition - DEU (HKLM-x32\...\Microsoft Visual Basic 2008 Express Edition - DEU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU) (Version:  - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{53C900F7-0CB1-3EDE-B9F3-76EDE6F0C253}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MinecraftAlpha (HKLM-x32\...\MinecraftAlpha) (Version:  - )
MinGW 5.1.6 (HKLM-x32\...\MinGW) (Version: 5.1.6 - MinGW)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.6.1.1657 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.2.1549 - Native Instruments)
NSS (remove only) (HKLM-x32\...\NSS) (Version: 1.0.38.15 - B-Phreaks Ltd)
NVIDIA 3D Vision Controller-Treiber 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.23 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Mobile Emulator (HKLM-x32\...\{1826D0CA-F479-4430-9EFE-86E8E783505B}_is1) (Version:  - Opera Software ASA)
Package: Samsung Galaxy S3 ToolKit (HKLM-x32\...\SamsungGalaxyS3ToolKit30) (Version: 4.0.0.0 - skipsoft)
Paragon Backup & Recovery™ 10 Kompakt (HKLM\...\{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}) (Version: 90.00.0003 - Paragon Software)
Paragon Drive Backup™ 9 Personal (HKLM\...\{F8013DD1-574B-4921-A473-88A2F7A34D16}) (Version: 1.00.0000 - Paragon Software)
Paragon Partition Manager™ 10.0 Personal (HKLM\...\{986A654F-F1E4-11DD-9FCA-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Protect Disc License Helper 1.0.118 (HKLM-x32\...\Protect Disc License Helper) (Version: 1.0.118 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QIP 2005 8095 (HKU\S-1-5-21-190608245-4047686273-1255289160-1001\...\QIP 2005) (Version: 8095 - )
QuickTime (HKLM-x32\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
RAD Video Tools (HKLM-x32\...\RADVideo) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SDK Debuggers (x32 Version: 8.59.29746 - Microsoft Corporation) Hidden
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Spotify (HKU\S-1-5-21-190608245-4047686273-1255289160-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Stronghold Crusader 2 (HKLM-x32\...\Stronghold Crusader 2_is1) (Version: 1.0 - PLAZA)
System Requirements Lab CYRI (HKLM-x32\...\{1F77C418-2C90-459C-BD33-B56A4182B9FA}) (Version: 4.4.26.0 - Husdawg, LLC)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
TuneUp Utilities (HKLM-x32\...\TuneUp Utilities) (Version: 9.0.6030.1 - TuneUp Software)
TuneUp Utilities (x32 Version: 9.0.6030.1 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 9.0.6030.1 - TuneUp Software) Hidden
Twonky Windows Components (HKLM-x32\...\{7CC673E7-5271-409D-B196-BB76DA60300B}) (Version: 3.0.3 - PacketVideo)
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-190608245-4047686273-1255289160-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
Xpage 5 Professional (HKLM-x32\...\Xpage 5 Professional) (Version: 5.4.2.0 - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-190608245-4047686273-1255289160-1001_Classes\CLSID\{5051f956-b619-44c4-be9f-5c9f8bad52cd}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-190608245-4047686273-1255289160-1001_Classes\CLSID\{bd5470a0-f913-4509-983c-060053e9c7ab}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

04-12-2014 09:19:31 Prüfpunkt von HitmanPro
04-12-2014 09:23:29 Prüfpunkt von HitmanPro
05-12-2014 09:22:50 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-26 13:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {21BBEDB1-A6C5-422D-BF56-ED97EB331B00} - System32\Tasks\{10C391BF-1B46-491C-966A-6ACDDAF2CB50} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {3EB6BEB6-FB1E-426D-9379-1AAE77495D9B} - System32\Tasks\{C27D321E-CDDF-4D10-B918-7E0584329DF7} => Firefox.exe
Task: {3F7BE252-C3B8-4DF1-87A3-05FB1613698A} - System32\Tasks\Automatische Wartung => C:\Program Files (x86)\TuneUp Utilities 2010\OneClickStarter.exe [2011-11-21] (TuneUp Software)
Task: {42D1A3A7-73CE-412C-AE5F-AC768E953FDF} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {447E9D4B-C62C-4AC3-BDC1-E058D2948F88} - System32\Tasks\{671B7551-22C8-4088-A892-4C732CCF1234} => C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe
Task: {49026768-1D19-4B8C-8996-8FE7F166CACC} - System32\Tasks\{BCC47FE1-5FD0-44B8-BEAB-57AE4A2FE078} => C:\Program Files (x86)\Opera\opera.exe [2014-04-26] (Opera Software)
Task: {72709E6B-E6DE-4ECC-B474-7DAD173F472A} - \SystemOperations\Safe Updater 08 No Task File <==== ATTENTION
Task: {733C784C-FD7E-4ABF-B8C9-B57E5AFE634F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {8478BCAC-87D7-4AE8-BC3E-36F326A8E3A3} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU\EPU.exe [2009-06-10] ()
Task: {9AA67C21-7160-47E0-AE94-6866ECC2D315} - \Optimizer Pro Schedule No Task File <==== ATTENTION
Task: {AD9F10CE-2D66-4BA7-B4EA-DFDB6F76205B} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18] (Sun Microsystems, Inc.)
Task: {BF49FFE6-3CF6-40A2-828F-569DAF062ED5} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06] (Adobe Systems Incorporated)
Task: {E6752D1E-E463-4EA1-B996-CCE1D4D7A145} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe [2011-11-21] (TuneUp Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-11-09 17:50 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-07-09 19:51 - 2012-07-09 19:51 - 00545608 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
2012-07-09 19:50 - 2012-07-09 19:50 - 00271176 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
2012-07-09 19:51 - 2012-07-09 19:51 - 01672008 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
2012-07-09 19:51 - 2012-07-09 19:51 - 00176968 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\wmdrmdll.dll
2014-12-05 10:22 - 2014-12-05 10:22 - 00016384 _____ () C:\Users\Jann\AppData\Local\Temp\nss3064.tmp\registry.dll
2010-03-21 19:19 - 2010-03-21 19:19 - 00094208 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-08-15 03:00 - 2014-08-07 04:20 - 00718152 _____ () C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\36.0.1985.143\libglesv2.dll
2014-08-15 03:00 - 2014-08-07 04:20 - 00126280 _____ () C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\36.0.1985.143\libegl.dll
2014-08-15 03:00 - 2014-08-07 04:20 - 08537928 _____ () C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\36.0.1985.143\pdf.dll
2014-08-15 03:00 - 2014-08-07 04:20 - 00353096 _____ () C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-15 03:00 - 2014-08-07 04:20 - 01732936 _____ () C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\36.0.1985.143\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:6152D44C
AlternateDataStreams: C:\ProgramData\TEMP:66B13F37

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeActiveFileMonitor8.0 => 2
MSCONFIG\Services: AntiVirSchedulerService => 2
MSCONFIG\Services: AntiVirService => 2
MSCONFIG\Services: Bonjour Service => 3
MSCONFIG\Services: DBService => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TuneUp.Defrag => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

========================= Accounts: ==========================

Administrator (S-1-5-21-190608245-4047686273-1255289160-500 - Administrator - Disabled)
Gast (S-1-5-21-190608245-4047686273-1255289160-501 - Limited - Enabled)
Jann (S-1-5-21-190608245-4047686273-1255289160-1001 - Administrator - Enabled) => C:\Users\Jann
UpdatusUser (S-1-5-21-190608245-4047686273-1255289160-1006 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/05/2014 03:10:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 3.12.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1754

Startzeit: 01d0109504af6f59

Endzeit: 3

Anwendungspfad: C:\Users\Jann\Downloads\FRST64.exe

Berichts-ID: 730ae8df-7c88-11e4-87fb-90e6ba923ac3

Error: (12/05/2014 10:29:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HitmanPro_x64.exe, Version: 3.7.9.232, Zeitstempel: 0x54513753
Name des fehlerhaften Moduls: HitmanPro_x64.exe, Version: 3.7.9.232, Zeitstempel: 0x54513753
Ausnahmecode: 0x40000015
Fehleroffset: 0x000000000029a1b6
ID des fehlerhaften Prozesses: 0x176c
Startzeit der fehlerhaften Anwendung: 0xHitmanPro_x64.exe0
Pfad der fehlerhaften Anwendung: HitmanPro_x64.exe1
Pfad des fehlerhaften Moduls: HitmanPro_x64.exe2
Berichtskennung: HitmanPro_x64.exe3

Error: (12/05/2014 10:15:37 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1592) WebCacheLocal: Versuch, Datei "C:\Users\Jann\AppData\Local\Microsoft\Windows\WebCache\V01.log" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (12/05/2014 10:15:27 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1592) WebCacheLocal: Versuch, Datei "C:\Users\Jann\AppData\Local\Microsoft\Windows\WebCache\V01.chk" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (12/04/2014 10:05:14 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1560) WebCacheLocal: Versuch, Datei "C:\Users\Jann\AppData\Local\Microsoft\Windows\WebCache\V01.log" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (12/04/2014 10:05:03 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1560) WebCacheLocal: Versuch, Datei "C:\Users\Jann\AppData\Local\Microsoft\Windows\WebCache\V01.chk" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (12/04/2014 11:20:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/04/2014 11:20:08 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (12/04/2014 10:29:05 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/04/2014 10:26:47 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (1632) WebCacheLocal: Versuch, Datei "C:\Users\Jann\AppData\Local\Microsoft\Windows\WebCache\V01.log" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.


System errors:
=============
Error: (12/05/2014 10:22:55 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (12/05/2014 10:22:55 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (12/05/2014 10:22:54 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (12/05/2014 10:22:54 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (12/05/2014 10:22:53 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (12/05/2014 10:22:22 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (12/05/2014 10:22:21 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (12/05/2014 10:22:20 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (12/05/2014 10:22:20 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (12/05/2014 10:21:48 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (12/05/2014 03:10:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe3.12.2014.0175401d0109504af6f593C:\Users\Jann\Downloads\FRST64.exe730ae8df-7c88-11e4-87fb-90e6ba923ac3

Error: (12/05/2014 10:29:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: HitmanPro_x64.exe3.7.9.23254513753HitmanPro_x64.exe3.7.9.2325451375340000015000000000029a1b6176c01d0106d39e6e330C:\Users\Jann\Downloads\HitmanPro_x64.exeC:\Users\Jann\Downloads\HitmanPro_x64.exe3ded158a-7c61-11e4-87fb-90e6ba923ac3

Error: (12/05/2014 10:15:37 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost1592WebCacheLocal: C:\Users\Jann\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Zugriff verweigert

Error: (12/05/2014 10:15:27 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost1592WebCacheLocal: C:\Users\Jann\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Zugriff verweigert

Error: (12/04/2014 10:05:14 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost1560WebCacheLocal: C:\Users\Jann\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Zugriff verweigert

Error: (12/04/2014 10:05:03 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost1560WebCacheLocal: C:\Users\Jann\AppData\Local\Microsoft\Windows\WebCache\V01.chk-1032 (0xfffffbf8)5 (0x00000005)Zugriff verweigert

Error: (12/04/2014 11:20:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (12/04/2014 11:20:08 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (12/04/2014 10:29:05 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Jann\Downloads\esetsmartinstaller_deu.exe

Error: (12/04/2014 10:26:47 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost1632WebCacheLocal: C:\Users\Jann\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)5 (0x00000005)Zugriff verweigert


CodeIntegrity Errors:
===================================
  Date: 2014-11-26 13:22:33.495
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-26 13:22:32.668
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-15 02:32:30.057
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-15 02:32:29.433
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-02-21 12:18:32.044
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Spyware Terminator\fileobjinfo.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-02-21 12:18:32.038
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Spyware Terminator\fileobjinfo.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-02-21 12:18:32.030
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Spyware Terminator\fileobjinfo.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-02-21 12:18:32.020
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Spyware Terminator\fileobjinfo.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-02-21 02:49:07.114
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Spyware Terminator\fileobjinfo.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-02-21 02:49:07.110
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ProgramData\Spyware Terminator\fileobjinfo.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X3 435 Processor
Percentage of memory in use: 29%
Total physical RAM: 6143.18 MB
Available physical RAM: 4305.1 MB
Total Pagefile: 7345.98 MB
Available Pagefile: 4936.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:56.98 GB) (Free:0.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Müll) (Fixed) (Total:122.09 GB) (Free:10.29 GB) NTFS
Drive e: (DECAYED) (Removable) (Total:1.86 GB) (Free:0.01 GB) FAT
Drive n: (Laufwerk) (Fixed) (Total:54.68 GB) (Free:15.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233.8 GB) (Disk ID: C9DFC9DF)
Partition 1: (Active) - (Size=57 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=176.8 GB) - (Type=05)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
--- --- ---

schrauber 06.12.2014 15:45
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50467;https=127.0.0.1:50467
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 16 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 16 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
C:\Windows\SysWOW64\ColorMedia.dll
C:\Windows\system32\ColorMedia64.dll
cmd: netsh winsock reset
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
Task: {72709E6B-E6DE-4ECC-B474-7DAD173F472A} - \SystemOperations\Safe Updater 08 No Task File <==== ATTENTION
Task: {9AA67C21-7160-47E0-AE94-6866ECC2D315} - \Optimizer Pro Schedule No Task File <==== ATTENTION
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



nochmal ein frisches FRST log bitte.

Kelethine 06.12.2014 21:03
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-12-2014 02
Ran by Jann at 2014-12-06 20:56:55 Run:2
Running from C:\Users\Jann\Downloads
Loaded Profile: Jann (Available profiles: Jann & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50467;https=127.0.0.1:50467
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 16 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 16 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
C:\Windows\SysWOW64\ColorMedia.dll
C:\Windows\system32\ColorMedia64.dll
cmd: netsh winsock reset
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
Task: {72709E6B-E6DE-4ECC-B474-7DAD173F472A} - \SystemOperations\Safe Updater 08 No Task File <==== ATTENTION
Task: {9AA67C21-7160-47E0-AE94-6866ECC2D315} - \Optimizer Pro Schedule No Task File <==== ATTENTION
Emptytemp:
*****************

"HKU\S-1-5-21-190608245-4047686273-1255289160-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
Winsock: Catalog entry 000000000001 => Could not be deleted.
Winsock: Catalog entry 000000000002 => Could not be deleted.
Winsock: Catalog entry 000000000003 => Could not be deleted.
Winsock: Catalog entry 000000000004 => Could not be deleted.
Winsock: Catalog entry 000000000016 => Could not be deleted.
Winsock: Catalog entry 000000000001 => Could not be deleted.
Winsock: Catalog entry 000000000002 => Could not be deleted.
Winsock: Catalog entry 000000000003 => Could not be deleted.
Winsock: Catalog entry 000000000004 => Could not be deleted.
Winsock: Catalog entry 000000000016 => Could not be deleted.
Could not move "C:\Windows\SysWOW64\ColorMedia.dll" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\ColorMedia64.dll" => Scheduled to move on reboot.

=========  netsh winsock reset =========

Zugriff verweigert



========= End of CMD: =========

"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72709E6B-E6DE-4ECC-B474-7DAD173F472A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72709E6B-E6DE-4ECC-B474-7DAD173F472A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemOperations\Safe Updater 08" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9AA67C21-7160-47E0-AE94-6866ECC2D315}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AA67C21-7160-47E0-AE94-6866ECC2D315}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule" => Key not found.
EmptyTemp: => Removed 431.5 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-06 21:00:14)<=

"C:\Windows\SysWOW64\ColorMedia.dll" => File could not move.
"C:\Windows\system32\ColorMedia64.dll" => File could not move.

==== End of Fixlog ====

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-12-2014 02
Ran by Jann (administrator) on NAMELOL on 06-12-2014 21:09:09
Running from C:\Users\Jann\Downloads
Loaded Profile: Jann (Available profiles: Jann & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Spotify Ltd) C:\Users\Jann\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
() C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5325\Battle.net.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-12-01] (LogMeIn Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\...\Run: [Spotify] => C:\Users\Jann\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-08] (Spotify Ltd)
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\...\Run: [Spotify Web Helper] => C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-08] (Spotify Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * autocheck turegopt

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5A6EC3786809D001
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 16 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 16 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default
FF SelectedSearchEngine: Google
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_34 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @protectdisc.com/NPPDLicenseHelper -> C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: EPUBReader - C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-04]
FF Extension: Techgile - C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default\Extensions\{1e3cbb53-e197-4e2a-92c5-00bc91f79189}.xpi [2014-11-16]
FF Extension: AddonFox - C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default\Extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi [2011-05-27]
FF Extension: Greasemonkey - C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-04-25]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203264 2009-08-18] (AMD) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
S4 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2010-02-13] (DATA BECKER GmbH & Co KG) [File not signed]
S3 fussvc; D:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-11-14] (LogMeIn, Inc.)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
S3 Te.Service; D:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2014-08-15] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-07-09] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [549704 2012-07-09] (PacketVideo)
R2 TwonkyWebDav; C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [271176 2012-07-09] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 acedrv09; C:\Windows\system32\drivers\acedrv09.sys [134880 2010-04-16] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [31904 2014-11-26] () [File not signed]
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2014-11-26] () [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-26] (Disc Soft Ltd)
S3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [25528 2011-08-08] (Turtle Entertainment GmbH)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-12-05] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 21:59 - 2014-12-04 21:59 - 00390774 _____ () C:\Users\Jann\Downloads\Recount-v6.0.3c_release.zip
2014-12-04 10:26 - 2014-12-05 10:24 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-12-04 10:23 - 2014-12-04 10:23 - 00002318 _____ () C:\Windows\system32\.crusader
2014-12-04 10:19 - 2014-12-04 10:19 - 00065000 _____ () C:\Users\Jann\Downloads\HitmanPro_20141204_1019.log
2014-12-04 10:01 - 2014-12-04 10:25 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-04 10:00 - 2014-12-04 10:00 - 11222744 _____ (SurfRight B.V.) C:\Users\Jann\Downloads\HitmanPro_x64.exe
2014-12-03 08:05 - 2014-12-04 21:36 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-12-03 08:05 - 2014-12-03 08:05 - 00001155 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-12-03 08:05 - 2014-12-03 08:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-12-01 21:56 - 2014-12-01 21:56 - 00096206 _____ () C:\Users\Jann\Downloads\OTL.Txt
2014-12-01 21:56 - 2014-12-01 21:56 - 00090678 _____ () C:\Users\Jann\Downloads\Extras.Txt
2014-12-01 21:40 - 2014-12-01 21:40 - 00602112 _____ (OldTimer Tools) C:\Users\Jann\Downloads\OTL.exe
2014-11-30 10:48 - 2014-11-30 10:48 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-30 10:47 - 2014-11-30 10:45 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-11-30 10:37 - 2014-11-30 10:37 - 00002852 _____ () C:\Users\Jann\Desktop\fixlist.txt
2014-11-29 22:43 - 2014-11-29 22:43 - 00852490 _____ () C:\Users\Jann\Downloads\SecurityCheck.exe
2014-11-29 17:27 - 2014-11-29 17:27 - 00000000 ____D () C:\Users\Jann\AppData\Roaming\Avira
2014-11-29 17:26 - 2014-11-30 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-29 17:26 - 2014-11-30 10:48 - 00000000 ____D () C:\ProgramData\Avira
2014-11-29 17:26 - 2014-11-30 10:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-29 17:26 - 2014-11-30 10:45 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-11-29 17:26 - 2014-11-30 10:45 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-11-29 17:26 - 2014-11-29 17:26 - 00002066 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-11-29 17:26 - 2013-12-18 09:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-11-29 17:23 - 2014-11-26 18:53 - 00378280 _____ (Say Media Group LTD) C:\Windows\system32\ColorMedia64.dll
2014-11-29 17:23 - 2014-11-26 18:53 - 00332584 _____ (Say Media Group LTD) C:\Windows\SysWOW64\ColorMedia.dll
2014-11-29 17:23 - 2014-11-26 18:53 - 00045216 _____ () C:\Windows\system32\Drivers\cmwr.sys
2014-11-29 17:23 - 2014-11-26 18:53 - 00031904 _____ () C:\Windows\system32\Drivers\cmwf.sys
2014-11-29 17:21 - 2014-11-29 17:21 - 00687552 _____ () C:\Users\Jann\Downloads\avira-free-antivir.exe
2014-11-28 09:16 - 2014-11-28 09:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-28 09:15 - 2014-11-28 09:16 - 02347384 _____ (ESET) C:\Users\Jann\Downloads\esetsmartinstaller_deu.exe
2014-11-27 11:57 - 2014-11-27 11:57 - 00055046 _____ () C:\Users\Jann\Downloads\DBM-PvP-r39.zip
2014-11-27 11:16 - 2014-11-27 11:16 - 00023265 _____ () C:\Users\Jann\Downloads\InterruptBar_v1.1.6.zip
2014-11-27 11:02 - 2014-11-27 11:02 - 01957481 _____ () C:\Users\Jann\Downloads\DBM-Core-6.0.5.zip
2014-11-27 10:26 - 2014-12-06 20:56 - 00000000 ____D () C:\Users\Jann\Downloads\FRST-OlderVersion
2014-11-27 10:25 - 2014-11-27 10:25 - 00001994 _____ () C:\Users\Jann\Desktop\JRT.txt
2014-11-27 10:22 - 2014-11-27 10:22 - 01707532 _____ (Thisisu) C:\Users\Jann\Downloads\JRT.exe
2014-11-27 10:22 - 2014-11-27 10:22 - 00000000 ____D () C:\Windows\ERUNT
2014-11-27 10:14 - 2014-11-27 10:14 - 02148864 _____ () C:\Users\Jann\Downloads\AdwCleaner_4.102.exe
2014-11-27 10:12 - 2014-11-27 10:12 - 00000162 ____H () C:\Users\Jann\Downloads\~$mbam.txt
2014-11-27 10:11 - 2014-11-27 10:11 - 00024555 _____ () C:\Users\Jann\Downloads\mbam.txt
2014-11-27 09:52 - 2014-11-29 18:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-27 09:52 - 2014-11-27 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-27 09:52 - 2014-11-27 09:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-27 09:52 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-27 09:52 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-27 09:52 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-27 09:51 - 2014-11-27 09:51 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Jann\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-26 13:28 - 2014-11-26 13:28 - 00019649 _____ () C:\ComboFix.txt
2014-11-26 13:11 - 2014-11-26 13:29 - 00000000 ____D () C:\Qoobox
2014-11-26 13:11 - 2014-11-26 13:29 - 00000000 ____D () C:\ComboFix
2014-11-26 13:11 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-26 13:11 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-26 13:11 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-26 13:11 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-26 13:11 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-26 13:11 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-26 13:11 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-26 13:11 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-26 13:08 - 2014-11-26 13:08 - 05599228 ____R (Swearware) C:\Users\Jann\Downloads\ComboFix.exe
2014-11-26 12:58 - 2014-11-26 12:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jann\Downloads\revosetup95.exe
2014-11-26 11:56 - 2014-11-26 11:56 - 00380416 _____ () C:\Users\Jann\Downloads\hhfp4u78.exe
2014-11-26 11:51 - 2014-12-05 15:12 - 00039934 _____ () C:\Users\Jann\Downloads\Addition.txt
2014-11-26 11:50 - 2014-12-06 21:09 - 00015282 _____ () C:\Users\Jann\Downloads\FRST.txt
2014-11-26 11:49 - 2014-12-06 21:09 - 00000000 ____D () C:\FRST
2014-11-26 11:49 - 2014-12-06 20:56 - 02119168 _____ (Farbar) C:\Users\Jann\Downloads\FRST64.exe
2014-11-26 11:48 - 2014-11-26 11:48 - 00000540 _____ () C:\Users\Jann\Downloads\defogger_disable.log
2014-11-26 11:48 - 2014-11-26 11:48 - 00000168 _____ () C:\Users\Jann\defogger_reenable
2014-11-26 11:47 - 2014-11-26 11:47 - 00050477 _____ () C:\Users\Jann\Downloads\Defogger.exe
2014-11-24 14:19 - 2014-11-24 14:19 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Jann\Downloads\tdsskiller.exe
2014-11-24 14:11 - 2014-11-24 14:11 - 00001264 _____ () C:\Users\Jann\Desktop\Revo Uninstaller.lnk
2014-11-24 14:11 - 2014-11-24 14:11 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-24 13:58 - 2014-11-24 13:59 - 01046528 _____ () C:\Users\Jann\Downloads\MicrosoftFixit50848.msi
2014-11-23 16:42 - 2014-11-23 18:13 - 00705513 ____N () C:\Windows\Minidump\112314-21216-01.dmp
2014-11-18 21:12 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 21:12 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 21:12 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 21:12 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-16 20:18 - 2014-11-26 13:06 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-11-16 17:43 - 2014-11-16 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Mouse Auto Clicker
2014-11-16 17:43 - 2014-11-16 17:43 - 00000000 ____D () C:\Program Files (x86)\Free Mouse Auto Clicker
2014-11-15 22:43 - 2014-11-26 11:28 - 00002806 _____ () C:\Users\Jann\Documents\priest2.txt
2014-11-12 13:50 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 13:50 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 13:50 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 13:50 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 13:50 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 13:50 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 13:50 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 13:50 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 13:50 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 13:50 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 13:50 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 13:50 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 13:50 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 13:50 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 13:50 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 13:50 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 13:50 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 13:50 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 13:50 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 13:50 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 13:50 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 13:50 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 13:50 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 13:50 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 13:50 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 13:50 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 13:50 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 13:50 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 13:50 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 13:50 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 13:50 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 13:50 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 13:50 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 13:50 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 13:50 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 13:50 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 13:50 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 13:50 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 13:50 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 13:50 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 13:50 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 13:50 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 13:50 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 13:50 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 13:50 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 13:50 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 13:50 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 13:50 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 13:50 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 13:50 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 13:50 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 13:50 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 13:50 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 13:50 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 13:50 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 13:50 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 13:50 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 13:50 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 13:50 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 13:50 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 13:50 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 13:50 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 13:50 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 13:50 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 13:50 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 13:50 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 13:50 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 13:50 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 13:50 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 13:49 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 13:49 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 13:49 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 13:49 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 13:49 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 13:49 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 13:49 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 13:49 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 13:49 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 13:49 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 13:49 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 13:49 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 13:49 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 13:49 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 13:49 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 13:49 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 13:49 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-06 21:09 - 2014-10-21 16:23 - 00000000 ____D () C:\Users\Jann\AppData\Local\Battle.net
2014-12-06 21:09 - 2009-12-30 16:12 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AE0088BC-E7E3-4916-9D36-3ABEF7151AB7}
2014-12-06 21:08 - 2009-07-14 05:45 - 00015184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-06 21:08 - 2009-07-14 05:45 - 00015184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-06 21:03 - 2012-07-29 16:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-06 21:01 - 2012-10-15 19:29 - 00000000 ____D () C:\Users\Jann\AppData\Roaming\Spotify
2014-12-06 21:00 - 2013-01-11 18:05 - 00000000 ____D () C:\ProgramData\TwonkyServer
2014-12-06 20:58 - 2014-08-15 01:34 - 00847144 _____ () C:\Windows\PFRO.log
2014-12-06 20:58 - 2014-08-15 01:34 - 00014652 _____ () C:\Windows\setupact.log
2014-12-06 20:58 - 2009-12-30 17:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-06 20:58 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-06 20:57 - 2009-12-30 15:55 - 01740666 _____ () C:\Windows\WindowsUpdate.log
2014-12-04 22:07 - 2014-08-15 10:34 - 00000000 ____D () C:\Users\Jann\AppData\Local\Spotify
2014-12-02 23:22 - 2014-10-21 16:23 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-02 20:44 - 2011-02-27 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-02 20:44 - 2011-02-27 17:19 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-02 20:42 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-30 10:47 - 2014-11-02 16:59 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-30 10:40 - 2014-08-15 02:45 - 00000008 __RSH () C:\Users\Jann\ntuser.pol
2014-11-30 10:40 - 2009-12-30 16:00 - 00000000 ____D () C:\Users\Jann
2014-11-30 10:38 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-29 17:29 - 2014-10-26 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stronghold Crusader 2
2014-11-27 22:56 - 2014-08-15 02:11 - 00000000 ____D () C:\AdwCleaner
2014-11-27 10:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Globalization
2014-11-26 13:29 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-26 13:24 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-26 13:23 - 2014-08-15 01:21 - 00000000 ____D () C:\Windows\erdnt
2014-11-26 13:23 - 2009-07-14 03:34 - 92012544 _____ () C:\Windows\system32\config\software.bak
2014-11-26 13:23 - 2009-07-14 03:34 - 57933824 _____ () C:\Windows\system32\config\components.bak
2014-11-26 13:23 - 2009-07-14 03:34 - 19660800 _____ () C:\Windows\system32\config\system.bak
2014-11-26 13:23 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-11-26 13:23 - 2009-07-14 03:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2014-11-26 13:23 - 2009-07-14 03:34 - 00028672 _____ () C:\Windows\system32\config\security.bak
2014-11-26 11:39 - 2009-07-14 03:34 - 00000633 _____ () C:\Windows\win.ini
2014-11-26 02:03 - 2012-07-29 16:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 02:03 - 2012-07-29 16:40 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 02:03 - 2011-08-09 19:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 12:21 - 2014-08-15 11:03 - 00000000 ____D () C:\Program Files\Google
2014-11-25 12:21 - 2010-01-29 14:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-24 14:14 - 2010-01-29 14:33 - 00000000 ____D () C:\Users\Jann\AppData\Local\Google
2014-11-23 18:14 - 2010-05-06 12:54 - 00000000 ____D () C:\Windows\Minidump
2014-11-17 16:50 - 2014-08-16 07:44 - 00000000 ____D () C:\Windows\rescache
2014-11-16 17:43 - 2013-04-15 12:58 - 00000000 ____D () C:\Users\Jann\Documents\prjejktarbeit
2014-11-12 23:14 - 2009-07-14 05:45 - 03009992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 19:36 - 2013-08-14 14:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 19:32 - 2009-12-30 17:15 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-09 13:46 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-11-09 13:46 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-11-09 13:46 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\Jann\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 14:24

==================== End Of Log ============================
--- --- ---

schrauber 07.12.2014 20:52
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Kelethine 08.12.2014 10:20
OTL Logfile:
Code:
OTL logfile created on: 08.12.2014 10:01:05 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Jann\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,98 Gb Available Physical Memory | 66,33% Memory free
7,57 Gb Paging File | 5,22 Gb Available in Paging File | 68,91% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 56,98 Gb Total Space | 1,50 Gb Free Space | 2,64% Space Free | Partition Type: NTFS
Drive D: | 122,09 Gb Total Space | 10,28 Gb Free Space | 8,42% Space Free | Partition Type: NTFS
Drive E: | 1,86 Gb Total Space | 0,01 Gb Free Space | 0,28% Space Free | Partition Type: FAT
Drive N: | 54,68 Gb Total Space | 15,07 Gb Free Space | 27,56% Space Free | Partition Type: NTFS
 
Computer Name: NAMELOL | User Name: Jann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Jann\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Jann\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
PRC - C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyHelper.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.)
PRC - C:\Users\Jann\Desktop\GoogleChromePortable\GoogleChromePortable.exe (PortableApps.com)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe ()
PRC - C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe ()
PRC - C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe ()
PRC - C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe (PacketVideo)
PRC - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Jann\AppData\Local\Temp\nswEDBA.tmp\registry.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\446bc9f0c3b5824fab519cb5fec5af1b\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\92a3b88ac6300af062edd6503bc5903c\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\38d6578b4fe29bede85ffff08e3697b6\PresentationFramework-SystemXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\4df6733efc348c009a4a6e0adccc42a6\PresentationFramework-SystemData.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\5d2c01ae1ca8c40ed74cdfd7b7b7dcb1\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\902843918d037f5f3511d679bf1e2216\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\5e84979fadb7eb63caedea9f4acefcc9\System.Data.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll ()
MOD - C:\Users\Jann\AppData\Roaming\Spotify\Data\libcef.dll ()
MOD - C:\Users\Jann\AppData\Roaming\Spotify\Data\libglesv2.dll ()
MOD - C:\Users\Jann\AppData\Roaming\Spotify\Data\ffmpegsumo.dll ()
MOD - C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyHelper.exe ()
MOD - C:\Users\Jann\AppData\Roaming\Spotify\Data\libegl.dll ()
MOD - C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\36.0.1985.143\pdf.dll ()
MOD - C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\36.0.1985.143\libglesv2.dll ()
MOD - C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\36.0.1985.143\libegl.dll ()
MOD - C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\36.0.1985.143\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Avira.OE.ServiceHost) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG)
SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Te.Service) -- D:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation)
SRV - (fussvc) -- D:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe (Microsoft Corporation)
SRV - (TwonkyProxy) -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyWebDav) -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe ()
SRV - (TwonkyServer) -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe (PacketVideo)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (hitmanpro37) -- C:\Windows\SysNative\drivers\hitmanpro37.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (cmwr) -- C:\Windows\SysNative\Drivers\cmwr.sys ()
DRV:64bit: - (cmwf) -- C:\Windows\SysNative\Drivers\cmwf.sys ()
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (Disc Soft Ltd)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (acedrv09) -- C:\Windows\SysNative\drivers\acedrv09.sys ()
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 6E C3 78 68 09 D0 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.4
FF - prefs.js..extensions.enabledAddons: %7Bad48108d-92a6-4eb9-87e4-978aca1dbae4%7D:1.2.1
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014.07.30 12:51:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.07.30 12:51:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014.07.30 12:51:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.07.30 12:51:26 | 000,000,000 | ---D | M]
 
[2014.11.27 10:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jann\AppData\Roaming\mozilla\Extensions
[2014.11.27 10:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jann\AppData\Roaming\mozilla\Firefox\Profiles\8u9j4gdg.default\extensions
[2013.12.04 13:40:38 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Jann\AppData\Roaming\mozilla\Firefox\Profiles\8u9j4gdg.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2014.11.16 16:28:12 | 000,009,204 | ---- | M] () (No name found) -- C:\Users\Jann\AppData\Roaming\mozilla\firefox\profiles\8u9j4gdg.default\extensions\{1e3cbb53-e197-4e2a-92c5-00bc91f79189}.xpi
[2012.01.11 14:48:32 | 000,292,116 | R--- | M] () (No name found) -- C:\Users\Jann\AppData\Roaming\mozilla\firefox\profiles\8u9j4gdg.default\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi
[2014.07.29 13:12:03 | 000,297,630 | R--- | M] () (No name found) -- C:\Users\Jann\AppData\Roaming\mozilla\firefox\profiles\8u9j4gdg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014.08.15 02:14:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2014.07.30 12:51:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.07.30 12:51:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008.02.22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2014.11.26 13:24:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\Jann\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Jann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\ColorMedia64.dll (Say Media Group LTD)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\ColorMedia64.dll (Say Media Group LTD)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\ColorMedia64.dll (Say Media Group LTD)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\ColorMedia64.dll (Say Media Group LTD)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\ColorMedia64.dll (Say Media Group LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\ColorMedia.dll (Say Media Group LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\ColorMedia.dll (Say Media Group LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\ColorMedia.dll (Say Media Group LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\ColorMedia.dll (Say Media Group LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWow64\ColorMedia.dll (Say Media Group LTD)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFBAEF21-AE63-4626-98CB-5837763ACCC5}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *autocheck turegopt)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.12.04 10:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014.12.03 08:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
[2014.12.03 08:05:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hearthstone
[2014.11.30 10:47:06 | 000,043,064 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2014.11.29 17:27:39 | 000,000,000 | ---D | C] -- C:\Users\Jann\AppData\Roaming\Avira
[2014.11.29 17:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2014.11.29 17:26:10 | 000,131,608 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014.11.29 17:26:10 | 000,119,272 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014.11.29 17:26:10 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2014.11.29 17:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2014.11.29 17:26:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2014.11.29 17:23:24 | 000,332,584 | ---- | C] (Say Media Group LTD) -- C:\Windows\SysWow64\ColorMedia.dll
[2014.11.29 17:23:22 | 000,378,280 | ---- | C] (Say Media Group LTD) -- C:\Windows\SysNative\ColorMedia64.dll
[2014.11.28 09:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014.11.27 10:22:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.11.27 09:52:31 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.11.27 09:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014.11.27 09:52:22 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.11.27 09:52:22 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.11.27 09:52:22 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.11.27 09:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014.11.26 13:29:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014.11.26 13:24:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014.11.26 13:11:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014.11.26 13:11:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014.11.26 13:11:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014.11.26 13:11:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2014.11.26 13:11:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014.11.26 11:49:54 | 000,000,000 | ---D | C] -- C:\FRST
[2014.11.24 14:11:30 | 000,000,000 | ---D | C] -- C:\Users\Jann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014.11.24 14:11:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014.11.16 17:43:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Mouse Auto Clicker
[2014.11.16 17:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Mouse Auto Clicker
[2014.11.12 13:50:40 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014.11.12 13:50:40 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2014.11.12 13:50:40 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2014.11.12 13:50:39 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2014.11.12 13:50:39 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2014.11.12 13:50:26 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.11.12 13:50:26 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.11.12 13:50:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.11.12 13:50:25 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.11.12 13:50:25 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.11.12 13:50:25 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.11.12 13:50:25 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.11.12 13:50:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.11.12 13:50:25 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.11.12 13:50:24 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.11.12 13:50:24 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.11.12 13:50:24 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.11.12 13:50:23 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.11.12 13:50:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.11.12 13:50:22 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.11.12 13:50:22 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.11.12 13:50:22 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.11.12 13:50:21 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.11.12 13:50:21 | 000,799,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.11.12 13:50:21 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.11.12 13:50:21 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.11.12 13:50:20 | 002,124,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.11.12 13:50:19 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.11.12 13:50:19 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.11.12 13:50:19 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.11.12 13:50:19 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014.11.12 13:50:18 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.11.12 13:50:18 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.11.12 13:50:18 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.11.12 13:50:17 | 006,040,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.11.12 13:50:17 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.11.12 13:50:17 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.11.12 13:50:17 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.11.12 13:50:16 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.11.12 13:50:16 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014.11.12 13:50:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014.11.12 13:50:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014.11.12 13:49:59 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2014.11.12 13:49:59 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2014.11.12 13:49:54 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014.11.12 13:49:54 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014.11.12 13:49:53 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014.11.12 13:49:53 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014.11.12 13:49:53 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014.11.12 13:49:51 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014.11.12 13:49:44 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014.11.12 13:49:44 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014.11.12 13:49:42 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014.11.12 13:49:39 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.12.08 10:05:56 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.12.08 10:05:56 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.12.08 10:03:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.12.08 09:56:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.12.07 17:07:10 | 000,118,280 | ---- | M] () -- C:\Users\Jann\Desktop\NikeStore.pdf
[2014.12.07 16:56:40 | 000,120,830 | ---- | M] () -- C:\Users\Jann\Desktop\Order Confirmation.pdf
[2014.12.05 10:24:19 | 000,043,664 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014.12.04 10:23:45 | 000,002,318 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014.12.03 08:05:08 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[2014.11.30 10:48:13 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2014.11.30 10:45:23 | 000,131,608 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2014.11.30 10:45:23 | 000,119,272 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2014.11.30 10:45:23 | 000,043,064 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2014.11.30 10:40:07 | 000,000,008 | RHS- | M] () -- C:\Users\Jann\ntuser.pol
[2014.11.29 18:27:59 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.11.29 17:26:25 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2014.11.26 18:53:26 | 000,045,216 | ---- | M] () -- C:\Windows\SysNative\drivers\cmwr.sys
[2014.11.26 18:53:24 | 000,031,904 | ---- | M] () -- C:\Windows\SysNative\drivers\cmwf.sys
[2014.11.26 18:53:06 | 000,378,280 | ---- | M] (Say Media Group LTD) -- C:\Windows\SysNative\ColorMedia64.dll
[2014.11.26 18:53:04 | 000,332,584 | ---- | M] (Say Media Group LTD) -- C:\Windows\SysWow64\ColorMedia.dll
[2014.11.26 13:24:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014.11.26 13:06:47 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014.11.26 11:48:21 | 000,000,168 | ---- | M] () -- C:\Users\Jann\defogger_reenable
[2014.11.26 02:03:04 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.11.26 02:03:04 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.11.24 14:11:30 | 000,001,264 | ---- | M] () -- C:\Users\Jann\Desktop\Revo Uninstaller.lnk
[2014.11.12 23:14:47 | 003,009,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.11.09 13:46:31 | 001,620,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.11.09 13:46:31 | 000,699,416 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.11.09 13:46:31 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.11.09 13:46:31 | 000,149,556 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.11.09 13:46:31 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.12.07 17:07:10 | 000,118,280 | ---- | C] () -- C:\Users\Jann\Desktop\NikeStore.pdf
[2014.12.07 16:56:40 | 000,120,830 | ---- | C] () -- C:\Users\Jann\Desktop\Order Confirmation.pdf
[2014.12.04 10:26:26 | 000,043,664 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014.12.04 10:23:45 | 000,002,318 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014.12.03 08:05:08 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[2014.11.30 10:48:13 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk
[2014.11.29 17:26:25 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2014.11.29 17:23:32 | 000,045,216 | ---- | C] () -- C:\Windows\SysNative\drivers\cmwr.sys
[2014.11.29 17:23:31 | 000,031,904 | ---- | C] () -- C:\Windows\SysNative\drivers\cmwf.sys
[2014.11.26 13:11:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014.11.26 13:11:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014.11.26 13:11:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014.11.26 13:11:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014.11.26 13:11:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014.11.26 11:48:21 | 000,000,168 | ---- | C] () -- C:\Users\Jann\defogger_reenable
[2014.11.24 14:11:30 | 000,001,264 | ---- | C] () -- C:\Users\Jann\Desktop\Revo Uninstaller.lnk
[2014.11.16 20:18:56 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014.09.01 09:18:44 | 000,002,086 | ---- | C] () -- C:\Users\Jann\AppData\Roaming\SESSEC
[2014.09.01 09:18:44 | 000,001,248 | ---- | C] () -- C:\Users\Jann\AppData\Roaming\OYVXKZPY
[2014.08.15 02:45:51 | 000,000,008 | RHS- | C] () -- C:\Users\Jann\ntuser.pol
[2013.01.11 18:05:25 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv7
[2012.03.17 17:24:06 | 000,008,641 | R--- | C] () -- C:\Users\Jann\config.cfg
[2012.03.17 17:24:06 | 000,000,364 | R--- | C] () -- C:\Users\Jann\autoexec.cfg
[2012.03.17 17:24:06 | 000,000,017 | R--- | C] () -- C:\Users\Jann\userconfig.cfg
[2011.09.26 18:40:15 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2010.03.07 12:19:36 | 000,008,192 | R--- | C] () -- C:\Users\Jann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.30 17:50:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66B13F37
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6152D44C

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 08.12.2014 10:01:05 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Jann\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,98 Gb Available Physical Memory | 66,33% Memory free
7,57 Gb Paging File | 5,22 Gb Available in Paging File | 68,91% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 56,98 Gb Total Space | 1,50 Gb Free Space | 2,64% Space Free | Partition Type: NTFS
Drive D: | 122,09 Gb Total Space | 10,28 Gb Free Space | 8,42% Space Free | Partition Type: NTFS
Drive E: | 1,86 Gb Total Space | 0,01 Gb Free Space | 0,28% Space Free | Partition Type: FAT
Drive N: | 54,68 Gb Total Space | 15,07 Gb Free Space | 27,56% Space Free | Partition Type: NTFS
 
Computer Name: NAMELOL | User Name: Jann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.TRSHGOSHWLELZYQQBMMP6EJTJ4] -- C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FEC280F-8563-447E-B38A-03207375B364}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1236B095-4CC4-4236-9196-733A100795DE}" = lport=445 | protocol=6 | dir=in | app=system |
"{151E3B76-CFAD-4342-AD50-8084EC1FA73C}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{195A58AF-7717-47F0-950B-B4DEC704A7E5}" = rport=139 | protocol=6 | dir=out | app=system |
"{19849F65-6F5B-41FE-B552-34E13E5ED775}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{234DD6D4-4DF3-44A8-A6DE-FA5356A06BD7}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{405E164E-7BF8-454C-8471-CE3A1A039334}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{416903F0-3FFE-4814-8253-BB76D3B893C3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{417B29AB-1451-4DAF-AEB9-D25003AB3EC1}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4E066E29-9B00-4BA4-82BA-221A115AB211}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{532B899D-4BD3-4EF6-82AC-5DBB73C2D4AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F1C3332-EDAA-4800-9377-1006F9CB8B19}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6665C563-8323-4E5C-88BD-56A459FCA1C4}" = rport=137 | protocol=17 | dir=out | app=system |
"{6CC2B5D1-E1A5-48B0-8EAA-B272B20C510A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7B67B39F-7ED3-46AC-BD1F-C83F7A85BF85}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9E075E96-24F4-4D25-8CFF-EBE7D18ECB55}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9EFB08BE-2FF3-46AE-A83D-A1C2FD0FC889}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{A3C08041-3B0B-4BDD-9874-C281032D1E6D}" = lport=138 | protocol=17 | dir=in | app=system |
"{A416ADE4-82B5-4F45-9BCD-75BA5235F5B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A43207A8-0C4C-4B2B-ABDB-365C35064AFE}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF2B368E-A658-4163-8379-4A3E94C45EC3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF2681E3-24C4-4C64-B30F-4C9E8F751618}" = lport=137 | protocol=17 | dir=in | app=system |
"{C48249BE-0282-41BB-9D51-071807CBE466}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CCACD1D9-F2A3-42A1-BF38-0EAD06939FCC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D99AE38C-9979-4CD1-AF0E-D4E3C9A27511}" = rport=2869 | protocol=6 | dir=out | app=system |
"{E6EFE527-05D0-452F-AF2A-DFA334C3B25F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EEAF4AB8-0B56-4E57-A292-F4B5EE3D9BBB}" = rport=445 | protocol=6 | dir=out | app=system |
"{F06A0F9F-CC5C-4333-835D-97DDA2A9956E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F2CB689B-FD91-4CC9-8301-19A0DC05479E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F8C52802-E779-446E-892B-B3C2B3B5ACBA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) |
"{FC76D512-F2BA-4ECE-A583-7EFEF4341E78}" = rport=138 | protocol=17 | dir=out | app=system |
"{FF00F55A-66D6-4187-94B1-656F832F4410}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01716663-216D-4BB4-91B1-9A9415900DB6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3507\agent.exe |
"{0A5F2D76-926C-4CF4-8D8B-1C2FFE992921}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\evolve\bin64_steamretail\staticlauncher64.exe |
"{0DF636C5-0ABD-40D9-84EB-DD3C04E15C75}" = protocol=17 | dir=in | app=d:\steam\steamapps\nettworld10@web.de\counter-strike\hl.exe |
"{15259528-60A8-446D-B891-FB9AA68EB50A}" = protocol=6 | dir=in | app=d:\steam\steamapps\nettworld10@web.de\counter-strike\hl.exe |
"{1A0765AB-092C-4AD7-8563-F0F70BACAAE8}" = protocol=6 | dir=in | app=d:\steam\bin\steamwebhelper.exe |
"{1B680181-2C89-4904-B122-B5FAC6D98AE9}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\counter-strike source\hl2.exe |
"{1E675A9C-0260-4EBE-B8F7-0C2D908D1FBC}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1E8E3C56-FCD7-422E-AD26-D89BAB473E17}" = protocol=17 | dir=in | app=d:\guild wars 2\gw2.exe |
"{23AD3846-8AC2-4C15-8B8E-3134B43BE814}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) |
"{23CB5892-FEF0-4E49-A050-D69754CD9EB6}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe |
"{25E64628-ECA5-4C91-931C-151A77E4ECB5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{2E8BCBD9-F34C-4A88-BA62-8EB4B1D37802}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{31D22C4D-FD3B-406A-BDBE-3CE9440FC32D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{327516DD-9EF1-461B-A0CF-469DF03A277C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{340BBECA-3B43-41CF-85C6-30F9D49F5428}" = protocol=6 | dir=in | app=d:\guild wars 2\gw2.exe |
"{34177021-AB8D-4649-984E-4302FBBC8B39}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{35D42D21-0862-4CFA-B68C-25FEF098C818}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3B4EEAC1-2AB9-497F-9C6A-F58A7D9BD90F}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{3EBF69DE-7187-4511-B525-A897EA3470C1}" = protocol=6 | dir=in | app=d:\steam\steamapps\jann100\counter-strike\hl.exe |
"{407FF7B1-F7B9-4D23-ADB0-890B78883F7B}" = protocol=17 | dir=in | app=d:\steam\steamerrorreporter.exe |
"{52D24E22-B24A-4765-B771-0E59B60F8777}" = dir=in | name=gw2 |
"{5451DB63-48FD-472A-AD56-1FAAECACB1C1}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{5AA4D270-4D0A-4529-8230-7E9671747805}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{5D7BF86C-465B-4B19-93FE-72899A03E6DB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\counter-strike source\hl2.exe |
"{63929869-CFE7-4842-BB13-0F3F1B58C411}" = protocol=6 | dir=in | app=d:\steam\steamerrorreporter.exe |
"{67622686-2CC9-48AF-A6C3-CD2B333ABDD7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{67E9D2B4-19E2-4F2D-9CEF-20D02315EE24}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6BE87861-5C0E-4E40-A510-303CAF00CE4D}" = protocol=17 | dir=in | app=d:\steam\bin\steamwebhelper.exe |
"{6C6ED568-16F3-4697-BBCB-73498B367405}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6D69163C-DEB9-42C1-B38B-666F04CB39F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{706BAB9C-E94F-49C2-8884-FD64E36B9973}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) |
"{70E48D04-7B67-4EBE-9196-57F6E4189F5E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3507\agent.exe |
"{79092660-04F8-4F59-8A19-55F0567BCB9B}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe |
"{7E8F2179-4DDA-4CFA-B2C3-78E7902BB525}" = protocol=6 | dir=in | app=c:\users\jann\downloads\esetsmartinstaller_deu.exe |
"{895FB582-A89C-4A99-B81C-C3679B3B697F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3526\agent.exe |
"{8BCCF150-EE20-47BA-81AA-17F097EF9575}" = protocol=6 | dir=in | app=n:\starcraft ii\starcraft ii.exe |
"{91BCA0B5-C7F8-4F52-943A-26698252C333}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3526\agent.exe |
"{929A14EA-B1BD-4781-BC38-E0991FA6B208}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) |
"{9ADADF01-8BBB-4588-8DB2-9DBBCF820C0F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{A207A34D-5D54-43F1-8346-08930825500F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A4F2148B-DC33-45C2-9854-1E3159C4BA35}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{AD86664F-4C95-42F9-BBA7-838482EC49F9}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\evolve\bin64_steamretail\staticlauncher64.exe |
"{AEED5786-1871-4D70-94B0-1D5CE6843C5A}" = protocol=17 | dir=in | app=d:\steam\steamapps\jann100\counter-strike\hl.exe |
"{AEFAF675-E607-4B7C-8ABC-3FEF8388E73F}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe |
"{B8FD451B-7E67-4371-B506-CE06CCAE3321}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{BA8CEFD1-90F7-4052-8A24-3D22E95B5E8A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{C916F0F6-5C5E-40C8-9F45-3BBE32590D87}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\counter-strike source\hl2.exe |
"{CAFE0716-B03A-41C7-A0B6-CC1BFE8A9EA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB75975B-DF2E-4A22-804B-8666792FF7FE}" = protocol=17 | dir=in | app=c:\users\jann\downloads\esetsmartinstaller_deu.exe |
"{CBD32A8B-0AA4-4F2F-927E-B50BD77AB63A}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe |
"{D57F31A5-B82A-45BE-946D-488AC1DC10A5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\counter-strike source\hl2.exe |
"{D87FBE1E-A05B-413D-B7B0-C42068F29458}" = protocol=17 | dir=in | app=n:\starcraft ii\starcraft ii.exe |
"{DC4751DD-C818-43D5-B667-43DB09490035}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E00A0CF5-58ED-4279-ABD2-22EDEC29EFF2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{E3A282AC-A543-46CE-8904-0D44BBAF8392}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{E82C9F93-5DFE-43CE-BEB6-057F12EC6E91}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{EC33E88E-31FA-470F-A51B-7D3C8124C361}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{F3461F23-1B53-4EF3-95DE-0F640AB738CB}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{F67AF03B-C377-49D5-8677-15B1ED2068D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F90B9271-28CE-4F06-A1ED-F84F32DA2279}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) |
"{FB7818BF-F07F-40C3-A978-DBEABC2F8535}" = protocol=17 | dir=in | app=d:\steam\steamapps\nettworld10@web.de\counter-strike\hl.exe |
"{FC5BD4D8-CC4D-40B7-B1C1-7508153E5251}" = protocol=6 | dir=in | app=d:\steam\steamapps\nettworld10@web.de\counter-strike\hl.exe |
"{FDF6EC4D-074F-4EA6-9DA5-32D190C3D935}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"TCP Query User{0852ED52-CA77-49FD-8446-3662548C27B9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{1C473A83-757E-49E4-A35B-00258F608827}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{1FFDE0E5-C274-4D49-9E4E-0B2A0A6850AC}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{2ED0D66B-A539-4AAD-A94C-284B9E3048F2}C:\users\jann\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\jann\appdata\roaming\spotify\spotify.exe |
"TCP Query User{4022D587-7798-4243-90D6-EE341619F440}D:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\guild wars 2\gw2.exe |
"TCP Query User{4361E805-9E69-4FC5-8902-ACB5324A782A}D:\steam\steamapps\jann100\counter-strike\hl.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\jann100\counter-strike\hl.exe |
"TCP Query User{471CA995-B369-4054-8222-A7295AE692E9}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{4F6D70B1-EBF1-49ED-932E-B4F3339FE69B}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{52DCE9F5-AB68-4001-AB95-6348DEB8D3A6}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{632A6ABE-6159-45F0-9866-E966F500F741}C:\program files (x86)\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip\qip.exe |
"TCP Query User{6AC20CF8-9A1C-4C38-8506-3108DF193DE8}C:\program files (x86)\xpage 5 professional\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xpage 5 professional\jre\bin\javaw.exe |
"TCP Query User{6EC60B54-5491-4396-9451-EE606A84296D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{92310BD2-234F-42BF-81FB-C7D6B0EF2B45}C:\users\jann\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\jann\appdata\roaming\spotify\spotify.exe |
"TCP Query User{F2229822-ECE7-4CD1-B2E0-8C896164C676}C:\program files (x86)\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip\qip.exe |
"UDP Query User{02132E13-3E66-47B4-9F24-5919FFF65915}C:\program files (x86)\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip\qip.exe |
"UDP Query User{03D7BE53-16D4-4E6D-A37A-B8BC6D870E0A}C:\program files (x86)\xpage 5 professional\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xpage 5 professional\jre\bin\javaw.exe |
"UDP Query User{068C3EFC-0D6F-49EC-9629-F37C94D81505}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{0E0E5409-D43D-4CC1-857B-D5311FF7998B}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{29213D35-7F74-4C74-828C-FF5D7F051DC0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{3F974051-3BA9-49CA-9435-F9CC29E02C36}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{4F153C8B-5C84-41D9-9C4B-6E4EBBF92B4D}D:\steam\steamapps\jann100\counter-strike\hl.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\jann100\counter-strike\hl.exe |
"UDP Query User{7FE82E67-67E4-4365-979F-80089FFB3AB8}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{8185D793-781A-4800-ADE7-4367E4164AD5}C:\program files (x86)\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip\qip.exe |
"UDP Query User{A8926CE7-2E19-4AA2-ADED-FE844DE4DDDC}C:\users\jann\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\jann\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C2ABE1E1-411D-44D6-9BED-C748B71E4999}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{C5BDDBA9-1262-4D14-97EE-1F4E20DC8F93}D:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\guild wars 2\gw2.exe |
"UDP Query User{E912E268-509C-4DFF-87BA-67FA61F5BD9C}C:\users\jann\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\jann\appdata\roaming\spotify\spotify.exe |
"UDP Query User{E9B126AA-2A46-40DE-935B-8E131255E31E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components
"{40BD15A3-E031-5CF1-6994-550A4C059127}" = ATI Catalyst Install Manager
"{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}" = Paragon Backup & Recovery™ 10 Kompakt
"{48EC4E57-1D04-4831-90A7-151DA2269495}" = Ableton Live 9 Suite
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{53C900F7-0CB1-3EDE-B9F3-76EDE6F0C253}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7346C35D-942D-3CCE-94CB-7008BA8D63CB}" = Application Verifier x64 External Package
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{986A654F-F1E4-11DD-9FCA-005056C00008}" = Paragon Partition Manager™ 10.0 Personal
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 10.4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F75FFCEC-4807-319D-A186-5117EDFE8115}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"{F8013DD1-574B-4921-A473-88A2F7A34D16}" = Paragon Drive Backup™ 9 Personal
"DriverAgent.exe" = DriverAgent by eSupport.com
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1826D0CA-F479-4430-9EFE-86E8E783505B}_is1" = Opera Mobile Emulator
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 34
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{363a2c1e-637f-45ce-933b-5a5463efd945}" = Windows Software Development Kit
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A979044-2415-417E-83A6-BAD69D5DBBF5}" = Avira
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE57014-05C4-4864-A13D-86517A7E1BA4}" = Microsoft .NET Framework 4.5 SDK
"{512957F0-B211-C50A-C1FC-6867FC3348A1}" = Windows Software Development Kit Redistributables
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{56403FFF-145E-35C5-A090-96598BE57FB8}" = Microsoft Visual Basic 2008 Express Edition - DEU
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC673E7-5271-409D-B196-BB76DA60300B}" = Twonky Windows Components
"{7D9D583E-EC8B-4390-B3A4-017B8182C8FF}_is1" = Free Mouse Auto Clicker 3.4.3
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{905d3ded-fe60-432c-b56e-7cd19f2899ac}" = Avira
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{986EABFC-92F6-CECD-9E5A-B13CAC40BB1D}" = WPTx64
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A5D42D71-4036-5F88-5085-657C9DF9F1DD}" = WPT Redistributables
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BD2C175F-89BE-45E9-938E-0CF622EFF52A}" = LogMeIn Hamachi
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D4F102C5-EEA1-CAE1-8E67-1A7FCE27F673}" = Windows Software Development Kit EULA
"{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}" = Kits Configuration Installer
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E63A3353-003C-E4C2-230B-F155212D1479}" = SDK Debuggers
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battle.net" = Battle.net
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Pro" = DAEMON Tools Pro
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.3.2.1
"Fraps" = Fraps (remove only)
"Hearthstone" = Hearthstone
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.3.1025
"MediaManager" = MediaManager
"Microsoft Visual Basic 2008 Express Edition - DEU" = Microsoft Visual Basic 2008 Express Edition - DEU
"MinecraftAlpha" = MinecraftAlpha
"MinGW" = MinGW 5.1.6
"Mozilla Firefox 31.0 (x86 de)" = Mozilla Firefox 31.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Service Center" = Native Instruments Service Center
"NSS" = NSS (remove only)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.17.1863" = Opera 12.17
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RADVideo" = RAD Video Tools
"Revo Uninstaller" = Revo Uninstaller 1.95
"SamsungGalaxyS3ToolKit30" = Package: Samsung Galaxy S3 ToolKit
"Steam App 10" = Counter-Strike
"Steam App 211" = Source SDK
"Steam App 240" = Counter-Strike: Source
"Steam App 273350" = Evolve
"Steam App 570" = Dota 2
"Stronghold Crusader 2_is1" = Stronghold Crusader 2
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TuneUp Utilities" = TuneUp Utilities
"Winamp" = Winamp
"World of Warcraft" = World of Warcraft
"Xpage 5 Professional" = Xpage 5 Professional
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8095
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.12.2014 05:05:21 | Computer Name = Namelol | Source = ESENT | ID = 490
Description = taskhost (1580) WebCacheLocal: Versuch, Datei "C:\Users\Jann\AppData\Local\Microsoft\Windows\WebCache\V01.chk"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff
 verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 08.12.2014 05:05:31 | Computer Name = Namelol | Source = ESENT | ID = 490
Description = taskhost (1580) WebCacheLocal: Versuch, Datei "C:\Users\Jann\AppData\Local\Microsoft\Windows\WebCache\V01.log"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff
 verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 08.12.2014 05:05:41 | Computer Name = Namelol | Source = ESENT | ID = 490
Description = taskhost (1580) WebCacheLocal: Versuch, Datei "C:\Users\Jann\AppData\Local\Microsoft\Windows\WebCache\V01.chk"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff
 verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 08.12.2014 05:05:51 | Computer Name = Namelol | Source = ESENT | ID = 490
Description = taskhost (1580) WebCacheLocal: Versuch, Datei "C:\Users\Jann\AppData\Local\Microsoft\Windows\WebCache\V01.log"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff
 verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 08.12.2014 05:07:24 | Computer Name = Namelol | Source = ESENT | ID = 490
Description = taskhost (1580) WebCacheLocal: Versuch, Datei "C:\Users\Jann\AppData\Local\Microsoft\Windows\WebCache\V01.chk"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff
 verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 08.12.2014 05:07:34 | Computer Name = Namelol | Source = ESENT | ID = 490
Description = taskhost (1580) WebCacheLocal: Versuch, Datei "C:\Users\Jann\AppData\Local\Microsoft\Windows\WebCache\V01.log"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff
 verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 08.12.2014 05:07:44 | Computer Name = Namelol | Source = ESENT | ID = 490
Description = taskhost (1580) WebCacheLocal: Versuch, Datei "C:\Users\Jann\AppData\Local\Microsoft\Windows\WebCache\V01.chk"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff
 verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 08.12.2014 05:07:54 | Computer Name = Namelol | Source = ESENT | ID = 490
Description = taskhost (1580) WebCacheLocal: Versuch, Datei "C:\Users\Jann\AppData\Local\Microsoft\Windows\WebCache\V01.log"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff
 verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 08.12.2014 05:08:04 | Computer Name = Namelol | Source = ESENT | ID = 490
Description = taskhost (1580) WebCacheLocal: Versuch, Datei "C:\Users\Jann\AppData\Local\Microsoft\Windows\WebCache\V01.chk"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff
 verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 08.12.2014 05:08:14 | Computer Name = Namelol | Source = ESENT | ID = 490
Description = taskhost (1580) WebCacheLocal: Versuch, Datei "C:\Users\Jann\AppData\Local\Microsoft\Windows\WebCache\V01.log"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 5 (0x00000005): "Zugriff
 verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
[ System Events ]
Error - 07.12.2014 09:10:57 | Computer Name = Namelol | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 07.12.2014 09:10:57 | Computer Name = Namelol | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 07.12.2014 09:11:51 | Computer Name = Namelol | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 07.12.2014 09:11:52 | Computer Name = Namelol | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 07.12.2014 09:11:52 | Computer Name = Namelol | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 07.12.2014 09:11:53 | Computer Name = Namelol | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 07.12.2014 09:11:53 | Computer Name = Namelol | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 08.12.2014 04:59:55 | Computer Name = Namelol | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
 
Error - 08.12.2014 04:59:55 | Computer Name = Namelol | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 08.12.2014 04:59:55 | Computer Name = Namelol | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1069
 
 
< End of report >
--- --- ---

schrauber 09.12.2014 01:51
Nach diesem Fix wird deine Internetverbindung nicht mehr gehen, also gleich die komplette Anleitung ausdrucken oder abspeichern und alle Fixes vorbereiten.


Bitte downloade dir LSPFix
  • Starte die LSPFix.exe.
    Windows Vista oder höher mit Rechtsklick -> Als Administrator ausführen
  • Markiere die Box "I know what I'm doing"
  • In der Keep Box solltest du eine oder mehrer dieser ColorMedia.dll/ColorMedia64.dll Dateien finden.
  • Wähle jede einzelne vorhandene ColorMedia.dll/ColorMedia64.dll und verschiebe diese in die Remove Box indem du den >> Button drückst.
  • Wenn alle Dateien verschoben wurden klicke Finish>>.





Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:
BleepingComputer.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
File::
ColorMedia64.dll
ColorMedia.dll
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50467;https=127.0.0.1:50467
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 16 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 16 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
cmd: netsh winsock reset

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Kelethine 09.12.2014 11:56
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-12-2014
Ran by Jann at 2014-12-09 11:51:52 Run:3
Running from C:\Users\Jann\Downloads
Loaded Profile: Jann (Available profiles: Jann & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50467;https=127.0.0.1:50467
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 16 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 16 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
cmd: netsh winsock reset
       
*****************

"HKU\S-1-5-21-190608245-4047686273-1255289160-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
Winsock: Catalog entry 000000000001 => Could not be deleted.
Winsock: Catalog entry 000000000002 => Could not be deleted.
Winsock: Catalog entry 000000000003 => Could not be deleted.
Winsock: Catalog entry 000000000004 => Could not be deleted.
Winsock: Catalog entry 000000000016 => Could not be deleted.
Winsock: Catalog entry 000000000001 => Could not be deleted.
Winsock: Catalog entry 000000000002 => Could not be deleted.
Winsock: Catalog entry 000000000003 => Could not be deleted.
Winsock: Catalog entry 000000000004 => Could not be deleted.
Winsock: Catalog entry 000000000016 => Could not be deleted.

=========  netsh winsock reset =========

Zugriff verweigert



========= End of CMD: =========


==== End of Fixlog ====
Hab den Kompletten Computer durchsuchen lassen aber die ComboFix.txt ist nicht mehr auffindbar...
Eine Datei hab ich mit dem LSPFix gefunden und löschen lassen, danach hab ich mir das neue Combofix runtergeladen und wie erklärt mit dem CFScript.txt durchlaufen lassen.
Das hat dann ein wenig gedauert und als es fertig war konnte ich erstmal gar kein Programm mehr starten aufgrund dieser Fehlermeldung:
"Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen..."
Diese Fehlermeldung habe ich dann im Handy eingegeben und daraufhin meinen Computer neugestartet.
Jetzt kann ich zwar wieder alles wie gewohnt starten aber die ComboFix.txt scheint weg zu sein.

schrauber 09.12.2014 16:55
POste bitte ein frisches FRST log.

Kelethine 10.12.2014 14:08

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2014
Ran by Jann (administrator) on NAMELOL on 10-12-2014 14:04:02
Running from C:\Users\Jann\Downloads
Loaded Profile: Jann (Available profiles: Jann & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Spotify Ltd) C:\Users\Jann\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Jann\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Jann\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Jann\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Jann\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Jann\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-12-01] (LogMeIn Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\...\Run: [Spotify Web Helper] => C:\Users\Jann\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1937464 2014-12-10] (Spotify Ltd)
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\...\Run: [Spotify] => C:\Users\Jann\AppData\Roaming\Spotify\Spotify.exe [6351416 2014-12-10] (Spotify Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * autocheck turegopt

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50467;https=127.0.0.1:50467
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-190608245-4047686273-1255289160-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9 16 C:\Windows\SysWOW64\ColorMedia.dll [332584] (Say Media Group LTD)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Winsock: Catalog9-x64 16 C:\Windows\system32\ColorMedia64.dll [378280] (Say Media Group LTD)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default
FF SelectedSearchEngine: Google
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_34 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @protectdisc.com/NPPDLicenseHelper -> C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: EPUBReader - C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-04]
FF Extension: Techgile - C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default\Extensions\{1e3cbb53-e197-4e2a-92c5-00bc91f79189}.xpi [2014-11-16]
FF Extension: AddonFox - C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default\Extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi [2011-05-27]
FF Extension: Greasemonkey - C:\Users\Jann\AppData\Roaming\Mozilla\Firefox\Profiles\8u9j4gdg.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-04-25]

Chrome:
=======
CHR Profile: C:\Users\Jann\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-09]
CHR Extension: (Google Drive) - C:\Users\Jann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-09]
CHR Extension: (YouTube) - C:\Users\Jann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-09]
CHR Extension: (Google-Suche) - C:\Users\Jann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-09]
CHR Extension: (Google Wallet) - C:\Users\Jann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
CHR Extension: (Google Mail) - C:\Users\Jann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203264 2009-08-18] (AMD) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
S4 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2010-02-13] (DATA BECKER GmbH & Co KG) [File not signed]
S3 fussvc; D:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-11-14] (LogMeIn, Inc.)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
S3 Te.Service; D:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2014-08-15] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-11-21] (TuneUp Software)
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [545608 2012-07-09] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [549704 2012-07-09] (PacketVideo)
R2 TwonkyWebDav; C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [271176 2012-07-09] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 acedrv09; C:\Windows\system32\drivers\acedrv09.sys [134880 2010-04-16] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [31904 2014-11-26] () [File not signed]
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2014-11-26] () [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-26] (Disc Soft Ltd)
S3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [25528 2011-08-08] (Turtle Entertainment GmbH)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-12-05] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-24] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-10 14:03 - 2014-12-10 14:03 - 03540144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-09 11:55 - 2014-12-09 11:55 - 00000000 ___SD () C:\ComboFix
2014-12-09 11:05 - 2014-12-09 11:05 - 00186880 _____ (CEXX.ORG) C:\Users\Jann\Desktop\LSPFix.exe
2014-12-09 11:03 - 2014-12-09 11:03 - 05601243 ____R (Swearware) C:\Users\Jann\Desktop\ComboFix.exe
2014-12-04 21:59 - 2014-12-04 21:59 - 00390774 _____ () C:\Users\Jann\Downloads\Recount-v6.0.3c_release.zip
2014-12-04 10:26 - 2014-12-05 10:24 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-12-04 10:23 - 2014-12-04 10:23 - 00002318 _____ () C:\Windows\system32\.crusader
2014-12-04 10:19 - 2014-12-04 10:19 - 00065000 _____ () C:\Users\Jann\Downloads\HitmanPro_20141204_1019.log
2014-12-04 10:01 - 2014-12-04 10:25 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-04 10:00 - 2014-12-04 10:00 - 11222744 _____ (SurfRight B.V.) C:\Users\Jann\Downloads\HitmanPro_x64.exe
2014-12-03 08:05 - 2014-12-04 21:36 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-12-03 08:05 - 2014-12-03 08:05 - 00001155 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-12-03 08:05 - 2014-12-03 08:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-12-01 21:56 - 2014-12-08 10:20 - 00088468 _____ () C:\Users\Jann\Downloads\Extras.Txt
2014-12-01 21:56 - 2014-12-08 10:19 - 00089894 _____ () C:\Users\Jann\Downloads\OTL.Txt
2014-12-01 21:40 - 2014-12-01 21:40 - 00602112 _____ (OldTimer Tools) C:\Users\Jann\Downloads\OTL.exe
2014-11-30 10:48 - 2014-11-30 10:48 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-30 10:47 - 2014-11-30 10:45 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-11-30 10:37 - 2014-11-30 10:37 - 00002852 _____ () C:\Users\Jann\Desktop\fixlist.txt
2014-11-29 22:43 - 2014-11-29 22:43 - 00852490 _____ () C:\Users\Jann\Downloads\SecurityCheck.exe
2014-11-29 17:27 - 2014-11-29 17:27 - 00000000 ____D () C:\Users\Jann\AppData\Roaming\Avira
2014-11-29 17:26 - 2014-11-30 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-29 17:26 - 2014-11-30 10:48 - 00000000 ____D () C:\ProgramData\Avira
2014-11-29 17:26 - 2014-11-30 10:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-29 17:26 - 2014-11-30 10:45 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-11-29 17:26 - 2014-11-30 10:45 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-11-29 17:26 - 2014-11-29 17:26 - 00002066 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-11-29 17:26 - 2013-12-18 09:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-11-29 17:23 - 2014-11-26 18:53 - 00378280 _____ (Say Media Group LTD) C:\Windows\system32\ColorMedia64.dll
2014-11-29 17:23 - 2014-11-26 18:53 - 00332584 _____ (Say Media Group LTD) C:\Windows\SysWOW64\ColorMedia.dll
2014-11-29 17:23 - 2014-11-26 18:53 - 00045216 _____ () C:\Windows\system32\Drivers\cmwr.sys
2014-11-29 17:23 - 2014-11-26 18:53 - 00031904 _____ () C:\Windows\system32\Drivers\cmwf.sys
2014-11-29 17:21 - 2014-11-29 17:21 - 00687552 _____ () C:\Users\Jann\Downloads\avira-free-antivir.exe
2014-11-28 09:16 - 2014-11-28 09:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-28 09:15 - 2014-11-28 09:16 - 02347384 _____ (ESET) C:\Users\Jann\Downloads\esetsmartinstaller_deu.exe
2014-11-27 11:57 - 2014-11-27 11:57 - 00055046 _____ () C:\Users\Jann\Downloads\DBM-PvP-r39.zip
2014-11-27 11:16 - 2014-11-27 11:16 - 00023265 _____ () C:\Users\Jann\Downloads\InterruptBar_v1.1.6.zip
2014-11-27 11:02 - 2014-11-27 11:02 - 01957481 _____ () C:\Users\Jann\Downloads\DBM-Core-6.0.5.zip
2014-11-27 10:26 - 2014-12-09 11:50 - 00000000 ____D () C:\Users\Jann\Downloads\FRST-OlderVersion
2014-11-27 10:25 - 2014-11-27 10:25 - 00001994 _____ () C:\Users\Jann\Desktop\JRT.txt
2014-11-27 10:22 - 2014-11-27 10:22 - 01707532 _____ (Thisisu) C:\Users\Jann\Downloads\JRT.exe
2014-11-27 10:22 - 2014-11-27 10:22 - 00000000 ____D () C:\Windows\ERUNT
2014-11-27 10:14 - 2014-11-27 10:14 - 02148864 _____ () C:\Users\Jann\Downloads\AdwCleaner_4.102.exe
2014-11-27 10:12 - 2014-11-27 10:12 - 00000162 ____H () C:\Users\Jann\Downloads\~$mbam.txt
2014-11-27 10:11 - 2014-11-27 10:11 - 00024555 _____ () C:\Users\Jann\Downloads\mbam.txt
2014-11-27 09:52 - 2014-11-29 18:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-27 09:52 - 2014-11-27 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-27 09:52 - 2014-11-27 09:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-27 09:52 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-27 09:52 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-27 09:52 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-27 09:51 - 2014-11-27 09:51 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Jann\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-26 13:11 - 2014-12-09 11:13 - 00000000 ____D () C:\Qoobox
2014-11-26 13:11 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-26 13:11 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-26 13:11 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-26 13:11 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-26 13:11 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-26 13:11 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-26 13:11 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-26 13:11 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-26 12:58 - 2014-11-26 12:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jann\Downloads\revosetup95.exe
2014-11-26 11:56 - 2014-11-26 11:56 - 00380416 _____ () C:\Users\Jann\Downloads\hhfp4u78.exe
2014-11-26 11:51 - 2014-12-05 15:12 - 00039934 _____ () C:\Users\Jann\Downloads\Addition.txt
2014-11-26 11:50 - 2014-12-10 14:04 - 00016741 _____ () C:\Users\Jann\Downloads\FRST.txt
2014-11-26 11:49 - 2014-12-10 14:04 - 00000000 ____D () C:\FRST
2014-11-26 11:49 - 2014-12-09 11:50 - 02119680 _____ (Farbar) C:\Users\Jann\Downloads\FRST64.exe
2014-11-26 11:48 - 2014-11-26 11:48 - 00000540 _____ () C:\Users\Jann\Downloads\defogger_disable.log
2014-11-26 11:48 - 2014-11-26 11:48 - 00000168 _____ () C:\Users\Jann\defogger_reenable
2014-11-26 11:47 - 2014-11-26 11:47 - 00050477 _____ () C:\Users\Jann\Downloads\Defogger.exe
2014-11-24 14:19 - 2014-11-24 14:19 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Jann\Downloads\tdsskiller.exe
2014-11-24 14:11 - 2014-11-24 14:11 - 00001264 _____ () C:\Users\Jann\Desktop\Revo Uninstaller.lnk
2014-11-24 14:11 - 2014-11-24 14:11 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-24 13:58 - 2014-11-24 13:59 - 01046528 _____ () C:\Users\Jann\Downloads\MicrosoftFixit50848.msi
2014-11-23 16:42 - 2014-11-23 18:13 - 00705513 ____N () C:\Windows\Minidump\112314-21216-01.dmp
2014-11-18 21:12 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 21:12 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 21:12 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 21:12 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-16 17:43 - 2014-11-16 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Mouse Auto Clicker
2014-11-16 17:43 - 2014-11-16 17:43 - 00000000 ____D () C:\Program Files (x86)\Free Mouse Auto Clicker
2014-11-15 22:43 - 2014-11-26 11:28 - 00002806 _____ () C:\Users\Jann\Documents\priest2.txt
2014-11-12 13:50 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 13:50 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 13:50 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 13:50 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 13:50 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 13:50 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 13:50 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 13:50 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 13:50 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 13:50 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 13:50 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 13:50 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 13:50 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 13:50 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 13:50 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 13:50 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 13:50 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 13:50 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 13:50 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 13:50 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 13:50 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 13:50 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 13:50 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 13:50 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 13:50 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 13:50 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 13:50 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 13:50 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 13:50 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 13:50 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 13:50 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 13:50 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 13:50 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 13:50 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 13:50 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 13:50 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 13:50 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 13:50 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 13:50 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 13:50 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 13:50 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 13:50 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 13:50 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 13:50 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 13:50 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 13:50 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 13:50 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 13:50 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 13:50 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 13:50 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 13:50 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 13:50 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 13:50 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 13:50 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 13:50 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 13:50 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 13:50 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 13:50 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 13:50 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 13:50 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 13:50 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 13:50 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 13:50 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 13:50 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 13:50 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 13:50 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 13:50 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 13:50 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 13:50 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 13:49 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 13:49 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 13:49 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 13:49 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 13:49 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 13:49 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 13:49 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 13:49 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 13:49 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 13:49 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 13:49 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 13:49 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 13:49 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 13:49 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 13:49 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 13:49 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 13:49 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 13:49 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 13:49 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-10 14:05 - 2009-12-30 16:12 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AE0088BC-E7E3-4916-9D36-3ABEF7151AB7}
2014-12-10 14:03 - 2012-07-29 16:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 14:03 - 2012-07-29 16:40 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 14:03 - 2012-07-29 16:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-10 14:03 - 2011-08-09 19:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 13:56 - 2009-07-14 05:45 - 00015184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-10 13:56 - 2009-07-14 05:45 - 00015184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-10 13:52 - 2013-01-11 18:05 - 00000000 ____D () C:\ProgramData\TwonkyServer
2014-12-10 13:49 - 2014-08-15 10:34 - 00000000 ____D () C:\Users\Jann\AppData\Local\Spotify
2014-12-10 13:49 - 2012-10-15 19:29 - 00000000 ____D () C:\Users\Jann\AppData\Roaming\Spotify
2014-12-10 13:47 - 2014-08-15 01:34 - 00014988 _____ () C:\Windows\setupact.log
2014-12-10 13:47 - 2009-12-30 17:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-10 13:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-09 23:54 - 2009-12-30 15:55 - 01932719 _____ () C:\Windows\WindowsUpdate.log
2014-12-09 23:51 - 2014-10-21 16:23 - 00000000 ____D () C:\Users\Jann\AppData\Local\Battle.net
2014-12-09 11:47 - 2010-01-29 14:33 - 00000000 ____D () C:\Users\Jann\AppData\Local\Google
2014-12-09 11:26 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-09 11:25 - 2014-08-15 01:34 - 00847696 _____ () C:\Windows\PFRO.log
2014-12-02 23:22 - 2014-10-21 16:23 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-02 20:44 - 2011-02-27 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-02 20:44 - 2011-02-27 17:19 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-02 20:42 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-30 10:47 - 2014-11-02 16:59 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-30 10:40 - 2014-08-15 02:45 - 00000008 __RSH () C:\Users\Jann\ntuser.pol
2014-11-30 10:40 - 2009-12-30 16:00 - 00000000 ____D () C:\Users\Jann
2014-11-30 10:38 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-29 17:29 - 2014-10-26 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stronghold Crusader 2
2014-11-27 22:56 - 2014-08-15 02:11 - 00000000 ____D () C:\AdwCleaner
2014-11-27 10:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Globalization
2014-11-26 13:29 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-26 13:23 - 2014-08-15 01:21 - 00000000 ____D () C:\Windows\erdnt
2014-11-26 13:23 - 2009-07-14 03:34 - 92012544 _____ () C:\Windows\system32\config\software.bak
2014-11-26 13:23 - 2009-07-14 03:34 - 57933824 _____ () C:\Windows\system32\config\components.bak
2014-11-26 13:23 - 2009-07-14 03:34 - 19660800 _____ () C:\Windows\system32\config\system.bak
2014-11-26 13:23 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-11-26 13:23 - 2009-07-14 03:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2014-11-26 13:23 - 2009-07-14 03:34 - 00028672 _____ () C:\Windows\system32\config\security.bak
2014-11-26 11:39 - 2009-07-14 03:34 - 00000633 _____ () C:\Windows\win.ini
2014-11-25 12:21 - 2014-08-15 11:03 - 00000000 ____D () C:\Program Files\Google
2014-11-25 12:21 - 2010-01-29 14:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-23 18:14 - 2010-05-06 12:54 - 00000000 ____D () C:\Windows\Minidump
2014-11-17 16:50 - 2014-08-16 07:44 - 00000000 ____D () C:\Windows\rescache
2014-11-16 17:43 - 2013-04-15 12:58 - 00000000 ____D () C:\Users\Jann\Documents\prjejktarbeit
2014-11-12 23:14 - 2009-07-14 05:45 - 03009992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 19:36 - 2013-08-14 14:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 19:32 - 2009-12-30 17:15 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Jann\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-08 11:38

==================== End Of Log ============================
--- --- ---

schrauber 11.12.2014 09:25
Bitte den kompletten Fix mit LSPFix, Combofix und FRST nochmal.
Nach Combofix den Rechner einmal neu starten.


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:05 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131