Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Chrome.exe infiziert (https://www.trojaner-board.de/138921-chrome-exe-infiziert.html)

Jahannes 28.07.2013 15:40
Chrome.exe infiziert
 
Hallo,

Eset Nod32 sagt mir seit heute:

Code:
Arbeitsspeicher = C:\Users\Jaizzy\AppData\Local\Google\Chrome\Application\chrome.exe - Variante von Win32/Injector.LBP Trojaner - Säubern nicht möglich
NOD32 kann es nicht säubern. MBAM findet nicht mal etwas.

Symptome:

Keine InternetVerbindung im Chrome.
Andere Browser funktionieren jedoch.

Wenn ich jedoch die chrome.exe im Taskmanager beende, funktioniert Chrome wieder.


Danke schonmal!

schrauber 28.07.2013 16:14
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Jahannes 28.07.2013 16:44
Hi Schrauber!

Danke dir schonmal fürs Helfen!

hier die Logs:

FRST.txt

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by Jaizzy (administrator) on 28-07-2013 17:31:06
Running from C:\Users\Jaizzy\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
( ) C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(JAM Software) E:\Appz\Ultrasearch\UltraSearch.exe
(Nenad Hrg (SoftwareOK.com)) D:\Q-Dir\Q-Dir.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(Google Inc.) C:\Users\Jaizzy\AppData\Local\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Users\Jaizzy\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [3994960 2011-11-17] (O&O Software GmbH)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [107000 2011-11-12] (Siber Systems)
HKCU\...\Run: [DisplayFusion] - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7283072 2013-04-26] (Binary Fortress Software)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [liblibwow64] - C:\Program Files (x86)\installsyslang\inisxs.exe [93184 2013-07-28] (SANDBOXIE L.T.D)
HKLM-x32\...\Run: [AdobeCEPServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk
ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe ( )
Startup: C:\Users\Jaizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BootExecute: autocheck autochk * OODBS

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO-x32: No Name - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Jaizzy\AppData\Roaming\Mozilla\Firefox\Profiles\50auy3y1.default
FF Homepage: about:home
FF NetworkProxy: "gopher", "222.108.198.53"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "www-proxy.t-online.de"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jaizzy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jaizzy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Jaizzy\AppData\Roaming\Mozilla\Firefox\Profiles\50auy3y1.default\searchplugins\geizhalsat-deutschland.xml
FF SearchPlugin: C:\Users\Jaizzy\AppData\Roaming\Mozilla\Firefox\Profiles\50auy3y1.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Jaizzy\AppData\Roaming\Mozilla\Firefox\Profiles\50auy3y1.default\searchplugins\sceneforce.xml
FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\Jaizzy\AppData\Roaming\Mozilla\Firefox\Profiles\50auy3y1.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: Roboform Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF StartMenuInternet: FIREFOX.EXE - E:\FirefoxPortable\App\Firefox\firefox.exe

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1498000 2013-04-26] (Binary Fortress Software)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [678416 2012-12-17] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3273552 2011-11-17] (O&O Software GmbH)
S3 OpenVPNService; E:\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D)
R2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w [x]

==================== Drivers (Whitelisted) ====================

S3 arusb_lhx; C:\Windows\System32\DRIVERS\arusb_lhx.sys [539136 2008-07-24] (Atheros Communications, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2012-02-29] (Astrill)
R3 AXMount; C:\Windows\System32\DRIVERS\AXMount.sys [82200 2013-07-14] (Windows (R) Win 7 DDK provider)
R0 AXTrack; C:\Windows\System32\DRIVERS\AXTrack.sys [59040 2013-07-14] (Windows (R) Win 7 DDK provider)
R1 BTOWSFF; C:\Windows\System32\Drivers\BTOWSFF.sys [33024 2013-07-19] (Toolwiz.com)
R1 BTOWSFF; C:\Windows\System32\Drivers\BTOWSFF.sys [33024 2013-07-19] (Toolwiz.com)
R0 BTOWSVF; C:\Windows\System32\Drivers\BTOWSVF.sys [59648 2013-07-19] (Toolwiz.com)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-06] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET)
S3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [25528 2011-04-14] (Turtle Entertainment GmbH)
R2 ESLWireAC; C:\Windows\system32\drivers\ESLWireACD.sys [160784 2012-12-17] (<Turtle Entertainment>)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2010-06-10] (CACE Technologies)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [82928 2011-10-27] (Cyberlink Corp.)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [82928 2011-10-27] (Cyberlink Corp.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D)
R3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [15360 2011-06-02] (Datacolor)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [122448 2011-07-08] (High Criteria inc.)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [122448 2011-07-08] (High Criteria inc.)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [146928 2012-01-11] (CyberLink Corp.)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [146928 2012-01-11] (CyberLink Corp.)
S1 ArcSec; system32\drivers\ArcSec.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz135; \??\E:\Temp\cpuz135\cpuz135_x64.sys [x]
S1 SASDIFSV; \??\E:\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
S1 SASKUTIL; \??\E:\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-28 17:31 - 2013-07-28 17:31 - 00000003 _____ E:\Temp\others
2013-07-28 17:31 - 2013-07-28 17:31 - 00000000 _____ E:\Temp\log3
2013-07-28 17:31 - 2013-07-28 17:31 - 00000000 _____ E:\Temp\log1
2013-07-28 17:31 - 2013-07-28 17:31 - 00000000 _____ E:\Temp\frstlog
2013-07-28 17:30 - 2013-07-28 17:30 - 01780547 _____ (Farbar) C:\Users\Jaizzy\Desktop\FRST64.exe
2013-07-28 17:23 - 2013-07-28 17:23 - 00321922 _____ E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20130728_172328157-Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219-MSP0.txt
2013-07-28 17:23 - 2013-07-28 17:23 - 00228270 _____ E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20130728_172328157-MSI_vc_red.msi.txt
2013-07-28 17:23 - 2013-07-28 17:23 - 00093290 _____ E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20130728_172328157.html
2013-07-28 17:23 - 2013-07-28 17:23 - 00011386 _____ E:\Temp\dd_vcredistUI5343.txt
2013-07-28 17:22 - 2013-07-28 17:22 - 00351376 _____ E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130728_172222244-Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219-MSP0.txt
2013-07-28 17:22 - 2013-07-28 17:22 - 00227406 _____ E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130728_172222244-MSI_vc_red.msi.txt
2013-07-28 17:22 - 2013-07-28 17:22 - 00087660 _____ E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130728_172222244.html
2013-07-28 14:47 - 2013-07-28 14:47 - 00000000 ____D E:\Temp\_avast_
2013-07-28 14:22 - 2013-07-28 14:24 - 00000000 ____D C:\Windows\system32\MRT
2013-07-28 14:12 - 2013-07-28 14:56 - 00000000 ____D E:\Temp\CRX_75DAF8CB7768
2013-07-28 12:38 - 2013-07-28 16:18 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2013-07-28 12:38 - 2013-07-28 12:38 - 00001039 _____ C:\Users\Jaizzy\Desktop\KMPlayer.lnk
2013-07-28 12:38 - 2013-07-28 12:38 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2013-07-19 21:33 - 2013-07-25 21:11 - 00000000 ____D C:\Toolwiz
2013-07-19 21:33 - 2013-07-19 21:33 - 00059648 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSVF.sys
2013-07-19 21:33 - 2013-07-19 21:33 - 00033024 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSFF.sys
2013-07-19 21:33 - 2013-07-19 21:33 - 00001143 _____ C:\Users\UpdatusUser\Desktop\Toolwiz TimeFreeze.lnk
2013-07-19 21:33 - 2013-07-19 21:33 - 00001143 _____ C:\Users\postgres.NZXT\Desktop\Toolwiz TimeFreeze.lnk
2013-07-19 21:33 - 2013-07-19 21:33 - 00001143 _____ C:\Users\Jaizzy\Desktop\Toolwiz TimeFreeze.lnk
2013-07-19 21:33 - 2013-07-19 21:33 - 00000000 ____D C:\Program Files (x86)\Toolwiz TimeFreeze
2013-07-19 17:42 - 2013-07-19 17:42 - 00001012 _____ C:\Users\Jaizzy\Desktop\UltraSearch.lnk
2013-07-14 14:31 - 2013-07-14 14:31 - 00000000 ____D E:\Temp\Skype
2013-07-14 01:16 - 2013-07-14 01:16 - 00000000 ____D C:\Program Files\AXTM
2013-07-14 00:04 - 2013-07-14 00:04 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\CrystalIdea Software
2013-07-13 23:52 - 2013-07-28 14:56 - 00000000 ____D E:\Temp\{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}
2013-07-13 23:25 - 2013-07-13 23:28 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-13 23:25 - 2013-07-13 23:25 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-13 23:19 - 2013-07-13 23:19 - 00000918 _____ C:\Users\Jaizzy\Desktop\Palemoon-Portable.lnk
2013-07-13 23:19 - 2013-07-13 23:19 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Moonchild Productions
2013-07-13 09:47 - 2013-07-28 14:56 - 00000000 ____D E:\Temp\CR_C3F42.tmp
2013-07-12 08:49 - 2013-07-12 08:49 - 00000000 ____D E:\Temp\KB2840628_10.0.30319
2013-07-12 08:47 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 08:47 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 08:47 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 08:47 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 08:47 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 08:47 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 08:47 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 08:47 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 08:47 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 08:47 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 08:47 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 08:47 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 08:47 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 08:47 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 08:47 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 08:46 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 08:46 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 08:46 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 08:46 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 08:46 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 08:46 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 08:46 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 08:46 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 08:46 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 08:46 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 08:46 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 08:46 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 08:46 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 08:46 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 08:46 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 08:46 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 08:44 - 2013-07-12 08:44 - 00000000 ____D E:\Temp\KB2835393_10.0.30319
2013-07-12 07:27 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 07:27 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 07:27 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 07:27 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 07:27 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 07:27 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 07:27 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 18:41 - 2013-07-09 22:19 - 00000000 ____D E:\Temp\plugtmp-2
2013-07-09 18:11 - 2013-07-28 14:56 - 00000000 ____D E:\Temp\nsu8172.tmp
2013-07-07 15:26 - 2013-07-07 15:26 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\kompozer.net
2013-07-04 15:34 - 2013-07-04 15:34 - 08365097 _____ C:\Users\Jaizzy\Downloads\E6532_P8P67_PRO_REV_3_1.zip
2013-07-02 17:34 - 2013-07-02 17:34 - 00000000 ____D E:\Temp\Canon_Inc_IC
2013-07-02 17:34 - 2013-07-02 17:34 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Canon_Inc_IC
2013-06-28 23:24 - 2013-06-28 23:24 - 00001135 _____ C:\Users\Jaizzy\Documents\bw4komptest.log
2013-06-28 21:44 - 2013-07-28 14:56 - 00000000 ____D E:\Temp\nsc45DC.tmp
178

==================== One Month Modified Files and Folders =======

2013-07-28 17:31 - 2013-07-28 17:31 - 00019786 _____ E:\Temp\log3
2013-07-28 17:31 - 2013-07-28 17:31 - 00013162 _____ E:\Temp\log1
2013-07-28 17:31 - 2013-07-28 17:31 - 00000188 _____ E:\Temp\users00
2013-07-28 17:31 - 2013-07-28 17:31 - 00000003 _____ E:\Temp\others
2013-07-28 17:30 - 2013-07-28 17:30 - 01780547 _____ (Farbar) C:\Users\Jaizzy\Desktop\FRST64.exe
2013-07-28 17:28 - 2013-07-28 17:28 - 00139400 ___HT E:\Temp\etilqs_w4fhKcGcx0saOBI
2013-07-28 17:28 - 2013-07-28 17:28 - 00004100 ___HT E:\Temp\etilqs_vfhuHS3ElHAQeXv
2013-07-28 17:27 - 2013-07-28 17:27 - 00016400 ___HT E:\Temp\etilqs_LZcArNaWWA2ep9W
2013-07-28 17:27 - 2013-07-28 17:27 - 00002052 ___HT E:\Temp\etilqs_WbDghKdFlYhqoja
2013-07-28 17:24 - 2013-06-17 00:15 - 00002180 _____ C:\Windows\Sandboxie.ini
2013-07-28 17:23 - 2013-07-28 17:23 - 00371500 _____ E:\Temp\dd_vcredistMSI5343.txt
2013-07-28 17:23 - 2013-07-28 17:23 - 00321922 _____ E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20130728_172328157-Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219-MSP0.txt
2013-07-28 17:23 - 2013-07-28 17:23 - 00228270 _____ E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20130728_172328157-MSI_vc_red.msi.txt
2013-07-28 17:23 - 2013-07-28 17:23 - 00093290 _____ E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20130728_172328157.html
2013-07-28 17:23 - 2013-07-28 17:23 - 00011386 _____ E:\Temp\dd_vcredistUI5343.txt
2013-07-28 17:22 - 2013-07-28 17:22 - 00351376 _____ E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130728_172222244-Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219-MSP0.txt
2013-07-28 17:22 - 2013-07-28 17:22 - 00227406 _____ E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130728_172222244-MSI_vc_red.msi.txt
2013-07-28 17:22 - 2013-07-28 17:22 - 00087660 _____ E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130728_172222244.html
2013-07-28 17:22 - 2013-07-28 17:22 - 00001522 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2013-07-28 17:22 - 2009-07-14 06:45 - 00033872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-28 17:22 - 2009-07-14 06:45 - 00033872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-28 17:20 - 2010-11-21 08:22 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-07-28 17:20 - 2010-11-21 08:22 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-07-28 17:20 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-28 17:18 - 2011-05-22 08:20 - 01643318 _____ C:\Windows\WindowsUpdate.log
2013-07-28 17:15 - 2013-07-28 17:15 - 00000000 ____D E:\Temp\WPDNSE
2013-07-28 17:15 - 2013-07-28 15:09 - 00002109 _____ E:\Temp\AdobeARM.log
2013-07-28 17:15 - 2012-12-20 12:33 - 00000000 _____ E:\Temp\Spyder3Utility
2013-07-28 17:15 - 2012-01-18 12:04 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\DisplayFusion
2013-07-28 17:14 - 2013-03-31 09:56 - 00014067 _____ C:\Windows\setupact.log
2013-07-28 17:14 - 2012-02-05 09:37 - 00769428 _____ C:\Windows\system32\oodbs.lor
2013-07-28 17:14 - 2011-05-22 08:36 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-28 17:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-28 16:18 - 2013-07-28 12:38 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2013-07-28 16:02 - 2013-03-31 10:42 - 00000000 ____D E:\Temp\acro_rd_dir
2013-07-28 16:00 - 2011-10-22 19:14 - 00000000 ____D C:\Users\Jaizzy\AppData\Local\Apps\2.0
2013-07-28 14:56 - 2013-07-28 14:12 - 00000000 ____D E:\Temp\CRX_75DAF8CB7768
2013-07-28 14:56 - 2013-07-13 23:52 - 00000000 ____D E:\Temp\{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}
2013-07-28 14:56 - 2013-07-13 09:47 - 00000000 ____D E:\Temp\CR_C3F42.tmp
2013-07-28 14:56 - 2013-07-09 18:11 - 00000000 ____D E:\Temp\nsu8172.tmp
2013-07-28 14:56 - 2013-06-28 21:44 - 00000000 ____D E:\Temp\nsc45DC.tmp
2013-07-28 14:56 - 2013-06-27 21:36 - 00000000 ____D E:\Temp\~nsu.tmp
2013-07-28 14:56 - 2013-06-19 23:06 - 00000000 ____D E:\Temp\nsvF089.tmp
2013-07-28 14:56 - 2013-06-19 22:57 - 00000000 ____D E:\Temp\nsmCCF2.tmp
2013-07-28 14:56 - 2013-06-19 22:51 - 00000000 ____D E:\Temp\nspB49.tmp
2013-07-28 14:56 - 2013-06-19 22:50 - 00000000 ____D E:\Temp\nsk9B0A.tmp
2013-07-28 14:56 - 2013-06-19 22:48 - 00000000 ____D E:\Temp\nseD626.tmp
2013-07-28 14:56 - 2013-06-14 15:07 - 00000000 ____D E:\Temp\nss492A.tmp
2013-07-28 14:56 - 2013-05-08 12:04 - 00000000 ____D E:\Temp\MozillaMailnews
2013-07-28 14:56 - 2013-05-06 11:05 - 00000000 ____D E:\Temp\enhtmlclip
2013-07-28 14:56 - 2013-05-04 22:00 - 00000000 ____D E:\Temp\nsy214.tmp
2013-07-28 14:56 - 2013-05-03 20:15 - 00000000 ____D E:\Temp\nse72C6.tmp
2013-07-28 14:56 - 2013-04-24 00:34 - 00000000 ____D E:\Temp\nseE680.tmp
2013-07-28 14:56 - 2013-04-20 14:08 - 00000000 ____D E:\Temp\PGLog
2013-07-28 14:56 - 2013-04-10 22:18 - 00000000 ____D E:\Temp\nsvFA47.tmp
2013-07-28 14:56 - 2013-04-05 16:45 - 00000000 ____D E:\Temp\lu
2013-07-28 14:56 - 2013-03-31 02:36 - 00000000 ____D E:\Temp\D6A33FE0-77EC-471E-960D-C8A642FD5B6C
2013-07-28 14:51 - 2013-07-28 14:51 - 05095176 ____R (Swearware) C:\Users\Jaizzy\Desktop\ComboFix.exe
2013-07-28 14:47 - 2013-07-28 14:47 - 00000000 ____D E:\Temp\_avast_
2013-07-28 14:44 - 2013-06-06 10:09 - 00000000 ____D E:\Temp\msdtadmin
2013-07-28 14:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-28 14:34 - 2012-03-04 18:59 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-28 14:34 - 2012-03-04 11:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-28 12:38 - 2013-07-28 12:38 - 00001039 _____ C:\Users\Jaizzy\Desktop\KMPlayer.lnk
2013-07-28 12:38 - 2013-07-28 12:38 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2013-07-28 12:38 - 2013-07-28 12:38 - 00000000 ____D C:\Program Files (x86)\installsyslang
2013-07-28 11:14 - 2013-07-28 11:14 - 00000000 ____D E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_10.0.40219
2013-07-28 11:14 - 2013-07-28 11:14 - 00000000 ____D E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_10.0.40219
2013-07-28 11:13 - 2011-06-01 08:03 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Orbit
2013-07-27 09:47 - 2013-07-13 09:42 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1796272902-1527921214-4022389393-1000Core1ce7f9c856d0764.job
2013-07-25 21:11 - 2013-07-19 21:33 - 00000000 ____D C:\Toolwiz
2013-07-25 19:05 - 2013-07-25 19:05 - 00000000 ____D E:\Temp\bye1499.tmp
2013-07-25 19:05 - 2013-07-25 19:05 - 00000000 ____D C:\Program Files (x86)\Duden
2013-07-25 19:05 - 2011-05-22 08:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-24 14:08 - 2013-05-04 22:03 - 00001112 _____ C:\Users\Jaizzy\.swfinfo
2013-07-19 23:12 - 2011-05-22 18:32 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Dropbox
2013-07-19 23:08 - 2013-07-19 23:08 - 00000000 ____D E:\Temp\scoped_dir12152_7185
2013-07-19 21:44 - 2011-06-11 19:07 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Canon
2013-07-19 21:43 - 2012-06-16 13:46 - 00000000 ____D C:\ProgramData\Canon_Inc_IC
2013-07-19 21:43 - 2011-05-25 11:04 - 00000000 ____D C:\Program Files (x86)\Canon
2013-07-19 21:33 - 2013-07-19 21:33 - 00059648 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSVF.sys
2013-07-19 21:33 - 2013-07-19 21:33 - 00033024 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSFF.sys
2013-07-19 21:33 - 2013-07-19 21:33 - 00001143 _____ C:\Users\UpdatusUser\Desktop\Toolwiz TimeFreeze.lnk
2013-07-19 21:33 - 2013-07-19 21:33 - 00001143 _____ C:\Users\postgres.NZXT\Desktop\Toolwiz TimeFreeze.lnk
2013-07-19 21:33 - 2013-07-19 21:33 - 00001143 _____ C:\Users\Jaizzy\Desktop\Toolwiz TimeFreeze.lnk
2013-07-19 21:33 - 2013-07-19 21:33 - 00000000 ____D C:\Program Files (x86)\Toolwiz TimeFreeze
2013-07-19 17:42 - 2013-07-19 17:42 - 00001012 _____ C:\Users\Jaizzy\Desktop\UltraSearch.lnk
2013-07-17 22:42 - 2011-05-22 18:32 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-07-14 19:51 - 2012-01-18 10:21 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Skype
2013-07-14 14:31 - 2013-07-14 14:31 - 00000000 ____D E:\Temp\Skype
2013-07-14 14:31 - 2013-03-27 16:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-14 14:31 - 2012-01-18 10:21 - 00000000 ____D C:\ProgramData\Skype
2013-07-14 01:52 - 2013-07-14 01:52 - 00082200 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\AXMount.sys
2013-07-14 01:52 - 2013-07-14 01:16 - 00059040 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\AXTrack.sys
2013-07-14 01:52 - 2013-07-14 01:16 - 00000733 _____ C:\Users\Jaizzy\Desktop\Time Machine.lnk
2013-07-13 23:57 - 2011-05-29 09:57 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-13 23:55 - 2011-05-22 21:34 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\WindSolutions
2013-07-13 23:28 - 2013-07-13 23:25 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-13 23:25 - 2013-07-13 23:25 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-13 23:19 - 2013-07-13 23:19 - 00000918 _____ C:\Users\Jaizzy\Desktop\Palemoon-Portable.lnk
2013-07-13 23:19 - 2013-07-13 23:19 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Moonchild Productions
2013-07-13 15:22 - 2011-05-22 09:38 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-13 10:05 - 2012-03-30 15:49 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-13 09:42 - 2013-07-13 09:42 - 00004094 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1796272902-1527921214-4022389393-1000UA1ce7f9c858bda77
2013-07-13 09:42 - 2013-07-13 09:42 - 00003698 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1796272902-1527921214-4022389393-1000Core1ce7f9c856d0764
2013-07-13 09:13 - 2012-03-30 15:49 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-13 09:13 - 2011-05-22 09:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-13 00:34 - 2013-07-13 00:34 - 00000000 ____D E:\Temp\SaveForWeb
2013-07-13 00:32 - 2013-07-13 00:23 - 00000132 _____ C:\Users\Jaizzy\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-07-12 13:21 - 2013-03-13 02:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 13:21 - 2013-03-13 02:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 13:19 - 2010-11-21 08:28 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 13:19 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 13:19 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 09:32 - 2011-06-12 11:31 - 00000000 ____D C:\Users\Jaizzy\AppData\Ember Media Manager
2013-07-12 08:51 - 2013-04-10 22:09 - 00000000 ____D E:\Temp\MPTelemetrySubmit
2013-07-12 08:49 - 2013-07-12 08:49 - 00000000 ____D E:\Temp\KB2840628_10.0.30319
2013-07-12 08:46 - 2011-07-06 22:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 08:44 - 2013-07-12 08:44 - 00000000 ____D E:\Temp\KB2835393_10.0.30319
2013-07-09 22:44 - 2013-06-27 21:36 - 00001722 _____ C:\Users\Public\Desktop\Update NOD32 license.lnk
2013-07-09 22:19 - 2013-07-09 18:41 - 00000000 ____D E:\Temp\plugtmp-2
2013-07-04 15:34 - 2013-07-04 15:34 - 08365097 _____ C:\Users\Jaizzy\Downloads\E6532_P8P67_PRO_REV_3_1.zip
2013-07-03 17:40 - 2012-10-13 09:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-02 17:48 - 2011-05-25 11:10 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\ZoomBrowser EX
2013-07-02 17:34 - 2013-07-02 17:34 - 00000000 ____D E:\Temp\Canon_Inc_IC
2013-07-02 17:34 - 2013-07-02 17:34 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Canon_Inc_IC
2013-07-02 15:16 - 2013-03-29 20:14 - 00000000 ____D C:\Users\postgres.NZXT
2013-06-28 23:24 - 2013-06-28 23:24 - 00001135 _____ C:\Users\Jaizzy\Documents\bw4komptest.log
2013-06-28 21:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


LastRegBack: 2013-07-24 19:34

==================== End Of Log ============================
--- --- ---

--- --- ---


addition.txt

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-07-2013
Ran by Jaizzy at 2013-07-28 17:31:33
Running from C:\Users\Jaizzy\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 

Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Community Help (x32 Version: 3.5.23)
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.42.34)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Photoshop Lightroom 4.4 64-bit (Version: 4.4.1)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.0.626)
AI Suite II (x32 Version: 1.01.20)
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9)
Canon Inkjet Printer Driver Add-On Module
Canon MOV Decoder (x32 Version: 1.9.0.8)
Canon MOV Encoder (x32 Version: 1.8.0.1)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.9.0.6)
Canon MP Navigator 3.0 (x32)
Canon MP160
Canon My Printer (x32)
Canon Utilities CameraWindow (x32 Version: 7.4.0.7)
Canon Utilities CameraWindow DC 8 (x32 Version: 8.2.0.4)
Canon Utilities Digital Photo Professional (x32 Version: 3.13.0.1)
Canon Utilities EOS Utility (x32 Version: 2.10.2.0)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (x32 Version: 1.0.0.10)
Canon Utilities Movie Uploader for YouTube (x32 Version: 1.0.0.11)
Canon Utilities MyCamera (x32 Version: 7.3.0.5)
Canon Utilities ZoomBrowser EX (x32 Version: 6.9.0.1)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.6.0.15)
CCleaner (Version: 3.21)
devolo dLAN Cockpit (x32 Version: 3.0.0.0)
DisplayFusion 5.0.1 (x32 Version: 5.0.1.0)
dLAN Cockpit (x32 Version: 3 (23.12.2010))
dLAN Cockpit (x32 Version: 3.23.12)
Dropbox (HKCU Version: 2.0.22)
ESET NOD32 Antivirus (Version: 6.0.316.1)
ESET Online Scanner v3 (x32)
Garmin ANT Agent (Version: 2.3.4)
Garmin Communicator Plugin (x32 Version: 4.0.4)
Garmin Communicator Plugin x64 (Version: 4.0.3)
Garmin Communicator Plugin x64 (Version: 4.0.4)
Garmin Training Center (x32 Version: 3.6.5)
Garmin USB Drivers (x32 Version: 2.3.1.0)
Google Chrome (HKCU Version: 28.0.1500.72)
Holdem Manager (x32)
Intel(R) Network Connections 15.6.25.0 (Version: 15.6.25.0)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.0.1008)
Intel® Watchdog Timer Driver (Intel® WDT) (x32)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Display Control Panel (Version: 6.14.12.5922)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.10.0224)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
O&O Defrag Professional (Version: 15.0.107)
Picasa 3 (x32 Version: 3.9)
PokerStars (x32)
PostgreSQL 8.4 (x32 Version: 8.4)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6235)
RoboForm 7-6-3 (All Users) (x32 Version: 7-6-3)
Sandboxie 3.76 (64-bit) (Version: 3.76)
Setup (x32 Version: 11.0)
Skype™ 6.6 (x32 Version: 6.6.106)
Spyder4Pro (x32)
The KMPlayer (remove only) (x32 Version: 3.6.0.87)
Toolwiz TimeFreeze (x32 Version: 2.1.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
VLC media player 2.0.7 (x32 Version: 2.0.7)

==================== Restore Points  =========================

24-07-2013 09:56:30 Windows Update
27-07-2013 22:49:15 Windows Update
28-07-2013 12:22:46 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-07-28 17:26 - 00568079 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1  localhost
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  csh.actiondesk.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1  cms.ad2click.nl
127.0.0.1  ad2games.com
127.0.0.1  ads.ad2games.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {20DBF934-84D1-44DA-96D2-60C25642F106} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {2857022E-3F75-4DE9-B261-6922078A42DE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-13] (Adobe Systems Incorporated)
Task: {2DC32B6E-884D-4C78-870D-A220586ADA83} - System32\Tasks\{12A38105-08CA-441D-97A0-4FD78B5BD5AB} => C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe [2013-04-02] (Google Inc.)
Task: {5AF417AB-1354-4112-85B6-BD1D90965180} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] ()
Task: {63DF9791-370C-4A67-89C3-1F36627F894F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)
Task: {65620A14-D8D7-47DB-988D-74C83C118674} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1796272902-1527921214-4022389393-1000Core1ce7f9c856d0764 => C:\Users\Jaizzy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22] (Google Inc.)
Task: {78D87608-A044-463E-AF68-0DF1A59A243E} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {92B86EF5-DCF2-4ED1-9E3B-9CD18C13B77B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe No File
Task: {98D7DE8C-08F9-4EBB-90B7-2BB3654F1E90} - System32\Tasks\AdobeAAMUpdater-1.0-NZXT-Jaizzy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {9D661752-1595-4E68-8E86-91ADC1C40636} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AF967FD7-E052-45D0-9F9B-046893BACFB0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {C391A579-F7C1-4A47-AD26-3C231CAA9E1C} - System32\Tasks\ASUS\ASUS DigiVRM Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe [2010-10-12] (ASUSTeK Computer Inc.)
Task: {F9ABA786-C2A2-49C6-A62E-9B827F262FC2} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation)
Task: {FC6298BA-042D-4CA3-B1A7-237E76F85EBD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1796272902-1527921214-4022389393-1000UA1ce7f9c858bda77 => C:\Users\Jaizzy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1796272902-1527921214-4022389393-1000Core1ce7f9c856d0764.job => C:\Users\Jaizzy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1796272902-1527921214-4022389393-1000UA1ce7f9c858bda77.job => C:\Users\Jaizzy\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: archlp
Description: archlp
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ArcSec
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/28/2013 05:16:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 04:29:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 03:07:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 03:04:14 PM) (Source: PostgreSQL) (User: )
Description: could not create inherited socket: error code 10022

Error: (07/28/2013 02:31:32 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/28/2013 02:27:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 02:25:45 PM) (Source: PostgreSQL) (User: )
Description: 2013-07-28 14:25:45 CESTFATAL:  the database system is starting up

Error: (07/28/2013 02:06:17 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/28/2013 02:01:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 00:39:40 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (07/28/2013 05:17:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (07/28/2013 05:17:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/28/2013 05:15:03 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ArcSec
SASDIFSV
SASKUTIL

Error: (07/28/2013 04:29:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (07/28/2013 04:29:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/28/2013 04:27:35 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ArcSec
SASDIFSV
SASKUTIL

Error: (07/28/2013 03:07:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (07/28/2013 03:07:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/28/2013 03:05:28 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ArcSec
SASDIFSV
SASKUTIL

Error: (07/28/2013 03:04:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================
Error: (07/28/2013 05:16:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 04:29:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 03:07:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 03:04:14 PM) (Source: PostgreSQL)(User: )
Description: could not create inherited socket: error code 10022

Error: (07/28/2013 02:31:32 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Downloads\SoftonicDownloader_fuer_kmplayer-portable.exe

Error: (07/28/2013 02:27:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 02:25:45 PM) (Source: PostgreSQL)(User: )
Description: 2013-07-28 14:25:45 CESTFATAL:  the database system is starting up

Error: (07/28/2013 02:06:17 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Downloads\SoftonicDownloader_fuer_kmplayer-portable.exe

Error: (07/28/2013 02:01:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 00:39:40 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestD:\Downloads\SoftonicDownloader_fuer_kmplayer-portable.exe


CodeIntegrity Errors:
===================================
 
  Date: 2011-11-12 16:54:57.745
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-11-12 16:54:57.726
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-11-12 16:54:57.668
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-11-12 16:54:57.593
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 59%
Total physical RAM: 8168.9 MB
Available physical RAM: 3290.3 MB
Total Pagefile: 16335.98 MB
Available Pagefile: 9346.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.24 GB) (Free:41.58 GB) NTFS (Disk=2 Partition=1)
Drive d: () (Fixed) (Total:1863.01 GB) (Free:246.11 GB) NTFS (Disk=1 Partition=1)
Drive e: () (Fixed) (Total:1862.92 GB) (Free:743.52 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 5C89407F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-198731366400) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 5C894072)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 5C894003)
Partition 1: (Not Active) - (Size=119 GB) - (Type=07 NTFS)


==================== End Of Log ============================
Gruß

Jahannes

schrauber 28.07.2013 17:04
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Jahannes 28.07.2013 17:34
combofix.txt
Code:
ComboFix 13-07-27.01 - Jaizzy 28.07.2013  18:06:16.5.8 - x64
Microsoft Windows 7 Enterprise  6.1.7601.1.1252.49.1031.18.8169.6174 [GMT 2:00]
ausgeführt von:: c:\users\Jaizzy\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 256 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jaizzy\AppData\Roaming\NZXT

.
(((((((((((((((((((((((  Dateien erstellt von 2013-06-28 bis 2013-07-28  ))))))))))))))))))))))))))))))
.
.
2013-07-28 18:05 . 2013-07-15 01:34        9460976        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A4BC11B8-E2D2-44E8-A68A-35A0308ACD8A}\mpengine.dll
2013-07-28 18:03 . 2013-07-28 18:03        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-07-28 18:03 . 2013-07-28 18:03        --------        d-----w-        c:\users\test\AppData\Local\temp
2013-07-28 18:03 . 2013-07-28 18:03        --------        d-----w-        c:\users\postgres\AppData\Local\temp
2013-07-28 18:03 . 2013-07-28 18:03        --------        d-----w-        c:\users\postgres.NZXT\AppData\Local\temp
2013-07-28 13:03 . 2013-07-28 18:03        --------        d-----w-        c:\users\Jaizzy\AppData\Local\temp
2013-07-28 13:03 . 2013-07-28 18:03        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-07-28 12:22 . 2013-07-28 12:24        --------        d-----w-        c:\windows\system32\MRT
2013-07-28 10:38 . 2013-07-28 10:38        --------        d-----w-        c:\program files (x86)\installsyslang
2013-07-28 10:38 . 2013-07-28 12:16        --------        d-----w-        c:\program files (x86)\The KMPlayer
2013-07-25 17:05 . 2002-12-05 12:12        692224        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2013-07-25 17:05 . 2002-12-05 12:10        155648        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2013-07-25 17:05 . 2002-12-02 13:22        5632        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2013-07-25 17:05 . 2002-12-02 11:33        57344        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2013-07-25 17:05 . 2002-12-02 11:33        237568        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2013-07-25 17:05 . 2013-07-25 17:05        282756        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2013-07-25 17:05 . 2013-07-25 17:05        163972        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2013-07-19 19:43 . 2013-07-19 19:43        --------        d-----w-        c:\program files (x86)\Common Files\Canon_Inc_IC
2013-07-19 19:33 . 2013-07-25 19:11        --------        d-----w-        C:\Toolwiz
2013-07-19 19:33 . 2013-07-19 19:33        59648        ----a-w-        c:\windows\system32\drivers\BTOWSVF.sys
2013-07-19 19:33 . 2013-07-19 19:33        33024        ----a-w-        c:\windows\system32\drivers\BTOWSFF.sys
2013-07-19 19:33 . 2013-07-19 19:33        --------        d-----w-        c:\program files (x86)\Toolwiz TimeFreeze
2013-07-13 21:25 . 2013-07-13 21:25        --------        d-----w-        c:\program files\HitmanPro
2013-07-13 21:25 . 2013-07-13 21:28        --------        d-----w-        c:\programdata\HitmanPro
2013-07-02 15:34 . 2013-07-02 15:34        --------        d-----w-        c:\users\Jaizzy\AppData\Roaming\Canon_Inc_IC
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-13 07:13 . 2012-03-30 13:49        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-13 07:13 . 2011-05-22 07:04        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-26 20:30 . 2013-06-26 20:30        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-06-26 20:30 . 2013-06-26 20:30        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-06-26 20:30 . 2013-06-26 20:30        226304        ----a-w-        c:\windows\system32\elshyph.dll
2013-06-26 20:30 . 2013-06-26 20:30        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-06-26 20:30 . 2013-06-26 20:30        158720        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-06-26 20:30 . 2013-06-26 20:30        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-06-26 20:30 . 2013-06-26 20:30        138752        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-06-26 20:30 . 2013-06-26 20:30        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-26 20:30 . 2013-06-26 20:30        97280        ----a-w-        c:\windows\system32\mshtmled.dll
2013-06-26 20:30 . 2013-06-26 20:30        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-06-26 20:30 . 2013-06-26 20:30        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-06-26 20:30 . 2013-06-26 20:30        762368        ----a-w-        c:\windows\system32\ieapfltr.dll
2013-06-26 20:30 . 2013-06-26 20:30        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-26 20:30 . 2013-06-26 20:30        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-06-26 20:30 . 2013-06-26 20:30        599552        ----a-w-        c:\windows\system32\vbscript.dll
2013-06-26 20:30 . 2013-06-26 20:30        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-06-26 20:30 . 2013-06-26 20:30        452096        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-06-26 20:30 . 2013-06-26 20:30        441856        ----a-w-        c:\windows\system32\html.iec
2013-06-26 20:30 . 2013-06-26 20:30        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-06-26 20:30 . 2013-06-26 20:30        361984        ----a-w-        c:\windows\SysWow64\html.iec
2013-06-26 20:30 . 2013-06-26 20:30        281600        ----a-w-        c:\windows\system32\dxtrans.dll
2013-06-26 20:30 . 2013-06-26 20:30        27648        ----a-w-        c:\windows\system32\licmgr10.dll
2013-06-26 20:30 . 2013-06-26 20:30        270848        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-06-26 20:30 . 2013-06-26 20:30        247296        ----a-w-        c:\windows\system32\webcheck.dll
2013-06-26 20:30 . 2013-06-26 20:30        235008        ----a-w-        c:\windows\system32\url.dll
2013-06-26 20:30 . 2013-06-26 20:30        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-06-26 20:30 . 2013-06-26 20:30        216064        ----a-w-        c:\windows\system32\msls31.dll
2013-06-26 20:30 . 2013-06-26 20:30        197120        ----a-w-        c:\windows\system32\msrating.dll
2013-06-26 20:30 . 2013-06-26 20:30        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-06-26 20:30 . 2013-06-26 20:30        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-06-26 20:30 . 2013-06-26 20:30        144896        ----a-w-        c:\windows\system32\wextract.exe
2013-06-26 20:30 . 2013-06-26 20:30        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-06-26 20:30 . 2013-06-26 20:30        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-06-26 20:30 . 2013-06-26 20:30        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-06-26 20:30 . 2013-06-26 20:30        12800        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-06-26 20:30 . 2013-06-26 20:30        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-06-26 20:30 . 2013-06-26 20:30        102912        ----a-w-        c:\windows\system32\inseng.dll
2013-06-26 20:30 . 2013-06-26 20:30        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-06-26 20:30 . 2013-06-26 20:30        62976        ----a-w-        c:\windows\system32\pngfilt.dll
2013-06-26 20:30 . 2013-06-26 20:30        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-06-26 20:30 . 2013-06-26 20:30        51200        ----a-w-        c:\windows\system32\imgutil.dll
2013-06-26 20:30 . 2013-06-26 20:30        173568        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-06-26 20:30 . 2013-06-26 20:30        149504        ----a-w-        c:\windows\system32\occache.dll
2013-06-26 20:30 . 2013-06-26 20:30        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-06-26 20:30 . 2013-06-26 20:30        136192        ----a-w-        c:\windows\system32\iepeers.dll
2013-06-26 20:30 . 2013-06-26 20:30        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-06-26 20:30 . 2013-06-26 20:30        12800        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-06-26 20:30 . 2013-06-26 20:30        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-06-26 20:30 . 2013-06-26 20:30        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-06-23 22:57 . 2011-04-08 12:32        78277128        ----a-w-        c:\windows\system32\MRT.exe
2013-06-19 15:10 . 2013-06-19 15:10        0        ----a-w-        c:\windows\SysWow64\REN7627.tmp
2013-06-19 15:10 . 2013-06-19 15:10        0        ----a-w-        c:\windows\SysWow64\REN7626.tmp
2013-06-12 19:48 . 2012-07-15 20:59        867240        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-06-12 19:48 . 2011-05-22 08:54        789416        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-06-12 19:47 . 2013-06-19 15:10        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-11 19:17 . 2012-08-02 19:05        9089416        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-13 05:51 . 2013-06-12 14:35        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 14:35        1464320        ----a-w-        c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 14:35        139776        ----a-w-        c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 14:35        52224        ----a-w-        c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 14:35        1160192        ----a-w-        c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 14:35        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 14:35        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 14:35        1192448        ----a-w-        c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 14:35        903168        ----a-w-        c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 14:35        43008        ----a-w-        c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 14:35        30720        ----a-w-        c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 14:35        24576        ----a-w-        c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 14:35        1910632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-05-02 00:06 . 2010-11-21 03:27        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59        94208        ----a-w-        c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59        69632        ----a-w-        c:\windows\SysWow64\QuickTime.qts
2012-07-03 14:41 . 2011-09-17 04:37        168864        ----a-w-        c:\program files\Common Files\WireHelpSvc.exe
2006-05-03 10:06        163328        --sha-r-        c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47        31232        --sha-r-        c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30        216064        --sha-r-        c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00        107520        --sha-r-        c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Jaizzy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Jaizzy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Jaizzy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Jaizzy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-11-12 107000]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2013-04-26 7283072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-10 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-10 300400]
"AdobeCEPServiceManager"="c:\program files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-03-13 1039248]
"liblibwow64"="c:\program files (x86)\installsyslang\inisxs.exe" [2013-07-28 93184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-11-12 107000]
.
c:\users\Jaizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-5-22 1089888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SpyderUtility.lnk - c:\program files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe [2012-2-8 8241767]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys;c:\windows\SYSNATIVE\drivers\ArcSec.sys [x]
R1 SASDIFSV;SASDIFSV;e:\temp\SAS_SelfExtract\SASDIFSV64.SYS;e:\temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;e:\temp\SAS_SelfExtract\SASKUTIL64.SYS;e:\temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 arusb_lhx;TP-LINK TL-WN821N 11N Wireless device driver;c:\windows\system32\DRIVERS\arusb_lhx.sys;c:\windows\SYSNATIVE\DRIVERS\arusb_lhx.sys [x]
R3 cpuz135;cpuz135;e:\temp\cpuz135\cpuz135_x64.sys;e:\temp\cpuz135\cpuz135_x64.sys [x]
R3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys;c:\windows\SYSNATIVE\DRIVERS\ESLvnic.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AXTrack;AXTrack;c:\windows\system32\DRIVERS\AXTrack.sys;c:\windows\SYSNATIVE\DRIVERS\AXTrack.sys [x]
S0 BTOWSVF;BTOWSVF;c:\windows\System32\Drivers\BTOWSVF.sys;c:\windows\SYSNATIVE\Drivers\BTOWSVF.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 BTOWSFF;BTOWSFF;c:\windows\System32\Drivers\BTOWSFF.sys;c:\windows\SYSNATIVE\Drivers\BTOWSFF.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/04/07 19:28];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
S2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [x]
S2 DisplayFusionService;DisplayFusionService;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys;c:\windows\sysWOW64\drivers\npf_devolo.sys [x]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [x]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe;c:\program files\OO Software\Defrag\oodag.exe [x]
S3 Spyder4;Datacolor Spyder4;c:\windows\system32\DRIVERS\dccmtr.sys;c:\windows\SYSNATIVE\DRIVERS\dccmtr.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:13]
.
2013-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1796272902-1527921214-4022389393-1000Core1ce7f9c856d0764.job
- c:\users\Jaizzy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22 07:39]
.
2013-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1796272902-1527921214-4022389393-1000UA1ce7f9c858bda77.job
- c:\users\Jaizzy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-22 07:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Jaizzy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Jaizzy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Jaizzy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Jaizzy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 6330568]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 3994960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
IE: Neue Notiz - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: URL notieren - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jaizzy\AppData\Roaming\Mozilla\Firefox\Profiles\50auy3y1.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.gopher - 222.108.198.53
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - www-proxy.t-online.de
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{43B74FAB-FB58-447D-8D3A-5F638AF36FD1} - c:\programdata\{87B61FE8-334F-4066-B7AA-68DC81782D4D}\Netzmanager1.071.0301_120720a.exe
AddRemove-{770D3BDC-19D7-49D0-B60B-C5BB77553FBB} - c:\programdata\{3C2CC1BA-EC03-48E5-A0EF-A0B455E1343F}\fusion2_setup.exe
AddRemove-{BA3D5FF2-A405-4654-826E-A09FABB01853} - c:\programdata\{AA5C05EA-7FB9-4519-BBE2-03ADD8EF0E5D}\fusion2_setup_ext.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
  76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{C9A6357B-25CC-4BCF-96C1-78736985D413}"=hex:51,66,7a,6c,4c,1d,38,12,15,36,b5,
  cd,fe,6b,a1,0e,e9,d7,3b,33,6c,db,90,07
"{000123B4-9B42-4900-B3F7-F4B073EFC214}"=hex:51,66,7a,6c,4c,1d,38,12,da,20,12,
  04,70,d5,6e,0c,cc,e1,b7,f0,76,b1,86,00
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
  1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
  76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
  76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
  b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D8961A1E-25DB-33C9-A7C9-3D3E3266B5B8}"=hex:51,66,7a,6c,4c,1d,38,12,70,19,85,
  dc,e9,6b,a7,76,d8,df,7e,7e,37,38,f1,ac
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
  2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b2,9f,67,27,19,c4,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,7b,02,7b,df,36,29,4a,81,99,9c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,7b,02,7b,df,36,29,4a,81,99,9c,\
.
[HKEY_USERS\S-1-5-21-1796272902-1527921214-4022389393-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A22D0537-BD28-292E-F88E-C97044CEF8D3}*]
"jabknfdojbigjkgjdeim"=hex:62,61,6b,6c,00,00
"jabknfdojbigjkgjdeel"=hex:62,61,6b,6c,00,00
"iabpdbbgdkjkdcmnii"=hex:6b,61,6d,6c,6b,6a,67,6e,6b,6b,6f,64,69,6e,69,67,68,69,
  63,6e,68,64,00,00
"halkhlogficeflag"=hex:6b,61,6d,6c,6b,6a,67,6e,6b,6b,6f,64,69,6e,69,67,69,69,
  6f,67,63,6f,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="65C846E64F48507A168EBAD3D14A5DF800918790AEF9807412E07BD1F13519CD91CF9F5FF5B800D02569E6A1D4D9D7BC20F5A32F22CDAC62AF894E787787E1564AA722FB52A179ADF6780011BDD89E4ADC062DB45393863C3114D57C8101242FDFFE6B8430C0296B1A2F48F7A51E50DDA49EAA29C6D903BD7EE5FC37A2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808C038D530D6EB3452A9C6AECB7A5D140778679AF0221E3B3BD49A97D4E860EB960C750F5452A4E204E2331E9663F5B986F32673A0D44E150777D4EF792BD7515F1DED4E1FD48AB139F7046648E1112FBA79A3FD003F874700FA2E9E01117CE86AD90F8E730ECCE6BC9C39486677CF7E08B5798B319848F0644715F88D5A31A502813CC61064D7E506894979EC54C19DB27953348C776436E5E48A97702730FC66F6EBB065246794011BC2F4098CC882743A74D59EDB04C02A0226D83580846749C02BC91A7C8EDE0E4FC3FB1D981CA97910B08F25A522BD4B6F91DB174E9163D18917550700B1B1804C020EBFD4C693E33871C51419905CD8A40C0806610A721B21E4D8BA280A0121D8C4F5BC02A742489335211462F05253BBE685A7EAF79AB4F9DA9EF4CD28C3AB6168BB11C4713E2FA78C0D7F8DBB57B1710841D3013765212BD435ACB16C73CFF4DDB1EFA4A912171D9C3AE50C3D295D28EBEC181EF7DFD7EFC0ED8BF70B8F31482A68C00EAC4F6F401E1C8A331588B3E51EFCB321C01BC326A35F6D268F9969B3E3B79C5329871F03DE6B663C36B887D442AB9B4CE9AE43D193E365A9D71A83B137BB52A62154FB78C0A424C4E8829F428D74F7C59EB32A98BC18394F1599FE6266D265A06CD0D5DBB807A3CD49B3359FCC1A269761463FC65C61E0CDCCA8510AC4208B3FB39BED08CF96F7BD479C75055BA03631078ABDC949630B3AD858E112B98BAE61F8D8767FA29DE8DC269184292DD1ED6436A454B56788988F68408B8342BE6FCA0CB01B66E325F05AFDEB76ECC8BBC2E8EEBD26C1B37F202FFB7BA0116E2A1EA615CE7784D7FEC145B908D55047AD6556FE04CAC73DBA6ADBE7A7E20C620042FE0E631E495840BC141AC5A1F9583E322D0D29CB47A76FF43C59688BEED7389545471F13C351BF7A21B289CA333C45C05091E329612A97F05C4BE247D3198E084DE1BD4EA9C61AC6286BBDB76BCA615884596C56E08E73C4AB9143B47B07803B50D5783E53CA2EA04C004EC233ED72F4748401B92D350209FD5038E749175286696D8E443E0922BB917F2BB9C0241E47AF0862AF56120D0D0901736AC3508A731B4746348B3E5D7FE04EC9DDED7F4EB5A7ACD7050FAB1C50E8F32BB51ACF75C047D6E3587E3B8B080A242265B8A52FD7338FAAFDAE9D7D"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\users\Jaizzy\AppData\Local\Google\Chrome\Application\chrome.exe
c:\program files (x86)\DisplayFusion\DisplayFusionAppHook.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-28  18:34:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-28 18:33
.
Vor Suchlauf: 21 Verzeichnis(se), 45.704.499.200 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 45.427.707.904 Bytes frei
.
- - End Of File - - 8F08F904459A10E0745D370C54070116
D41D8CD98F00B204E9800998ECF8427E
Soll ich weiterhin die chrome.exe nach dem neustart beenden oder laufen lassen?

schrauber 28.07.2013 21:43
Am besten laufen lassen.

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Jahannes 28.07.2013 22:09
Alles erledigt. chrome.exe aber nach dem Neustart immernoch im Taskmanager

hier die logs:

FRST:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by Jaizzy (administrator) on 28-07-2013 22:58:09
Running from C:\Users\Jaizzy\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
( ) C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Google Inc.) C:\Users\Jaizzy\AppData\Local\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [3994960 2011-11-17] (O&O Software GmbH)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [107000 2011-11-12] (Siber Systems)
HKCU\...\Run: [DisplayFusion] - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7283072 2013-04-26] (Binary Fortress Software)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [liblibwow64] - C:\Program Files (x86)\installsyslang\inisxs.exe [93184 2013-07-28] (SANDBOXIE L.T.D)
HKLM-x32\...\Run: [AdobeCEPServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk
ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe ( )
Startup: C:\Users\Jaizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BootExecute: autocheck autochk * OODBS

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO-x32: No Name - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Jaizzy\AppData\Roaming\Mozilla\Firefox\Profiles\50auy3y1.default
FF Homepage: about:home
FF NetworkProxy: "gopher", "222.108.198.53"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "www-proxy.t-online.de"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jaizzy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jaizzy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Jaizzy\AppData\Roaming\Mozilla\Firefox\Profiles\50auy3y1.default\searchplugins\geizhalsat-deutschland.xml
FF SearchPlugin: C:\Users\Jaizzy\AppData\Roaming\Mozilla\Firefox\Profiles\50auy3y1.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Jaizzy\AppData\Roaming\Mozilla\Firefox\Profiles\50auy3y1.default\searchplugins\sceneforce.xml
FF Extension: No Name - C:\Users\Jaizzy\AppData\Roaming\Mozilla\Firefox\Profiles\50auy3y1.default\Extensions\4afc21cebd92dc8d7758f471b360b5f0c2ee52dd11f9852836f04af7f1b0a63d_lp.key
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: Roboform Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF StartMenuInternet: FIREFOX.EXE - E:\FirefoxPortable\App\Firefox\firefox.exe

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1498000 2013-04-26] (Binary Fortress Software)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [678416 2012-12-17] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3273552 2011-11-17] (O&O Software GmbH)
S3 OpenVPNService; E:\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D)
R2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w [x]

==================== Drivers (Whitelisted) ====================

S3 arusb_lhx; C:\Windows\System32\DRIVERS\arusb_lhx.sys [539136 2008-07-24] (Atheros Communications, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2012-02-29] (Astrill)
R3 AXMount; C:\Windows\System32\DRIVERS\AXMount.sys [82200 2013-07-14] (Windows (R) Win 7 DDK provider)
R0 AXTrack; C:\Windows\System32\DRIVERS\AXTrack.sys [59040 2013-07-14] (Windows (R) Win 7 DDK provider)
R1 BTOWSFF; C:\Windows\System32\Drivers\BTOWSFF.sys [33024 2013-07-19] (Toolwiz.com)
R1 BTOWSFF; C:\Windows\System32\Drivers\BTOWSFF.sys [33024 2013-07-19] (Toolwiz.com)
R0 BTOWSVF; C:\Windows\System32\Drivers\BTOWSVF.sys [59648 2013-07-19] (Toolwiz.com)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-06] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET)
S3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [25528 2011-04-14] (Turtle Entertainment GmbH)
R2 ESLWireAC; C:\Windows\system32\drivers\ESLWireACD.sys [160784 2012-12-17] (<Turtle Entertainment>)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2010-06-10] (CACE Technologies)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [82928 2011-10-27] (Cyberlink Corp.)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [82928 2011-10-27] (Cyberlink Corp.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D)
R3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [15360 2011-06-02] (Datacolor)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [122448 2011-07-08] (High Criteria inc.)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [122448 2011-07-08] (High Criteria inc.)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [146928 2012-01-11] (CyberLink Corp.)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [146928 2012-01-11] (CyberLink Corp.)
S1 ArcSec; system32\drivers\ArcSec.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz135; \??\E:\Temp\cpuz135\cpuz135_x64.sys [x]
S1 SASDIFSV; \??\E:\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
S1 SASKUTIL; \??\E:\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-28 22:58 - 2013-07-28 22:58 - 00000003 _____ E:\Temp\others
2013-07-28 22:58 - 2013-07-28 22:58 - 00000000 _____ E:\Temp\log3
2013-07-28 22:58 - 2013-07-28 22:58 - 00000000 _____ E:\Temp\log1
2013-07-28 22:58 - 2013-07-28 22:58 - 00000000 _____ E:\Temp\frstlog
2013-07-28 22:57 - 2013-07-28 22:57 - 00000000 ____D E:\Temp\WPDNSE
2013-07-28 22:55 - 2013-07-28 22:55 - 00230219 _____ E:\Temp\Preferences
2013-07-28 22:54 - 2013-07-28 22:55 - 00002149 _____ C:\AdwCleaner[S1].txt
2013-07-28 22:53 - 2013-07-28 22:53 - 00002087 _____ C:\AdwCleaner[R1].txt
2013-07-28 22:52 - 2013-07-28 22:52 - 00002821 _____ E:\Temp\JRT.txt
2013-07-28 22:52 - 2013-07-28 22:52 - 00002821 _____ C:\Users\Jaizzy\Desktop\JRT.txt
2013-07-28 22:49 - 2013-07-28 22:49 - 00000000 ____D E:\Temp\jrt
2013-07-28 22:49 - 2013-07-28 22:49 - 00000000 ____D C:\Windows\ERUNT
2013-07-28 22:48 - 2013-07-28 22:48 - 00561198 _____ (Oleg N. Scherbakov) C:\Users\Jaizzy\Desktop\JRT.exe
2013-07-28 22:45 - 2013-07-28 22:45 - 00666633 _____ C:\Users\Jaizzy\Desktop\adwcleaner.exe
2013-07-28 22:23 - 2013-07-28 22:23 - 00000000 ____D E:\Temp\lilo.6656
2013-07-28 22:21 - 2013-07-28 22:21 - 00000000 _____ E:\Temp\_C56B.tmp
2013-07-28 21:14 - 2013-07-28 21:15 - 129199200 _____ C:\Users\Jaizzy\Documents\e.txt
2013-07-28 19:55 - 2013-07-28 21:16 - 00001178 _____ E:\Temp\install_6173200_2013_07_28_19_55.log
2013-07-28 19:55 - 2013-07-28 19:55 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-28 18:48 - 2013-07-28 18:48 - 00000000 _____ E:\Temp\lastChanceDst13750300879758746968910438859099.jar
2013-07-28 17:49 - 2013-07-28 18:57 - 00000034 _____ E:\Temp\JavaDeployReg.log
2013-07-28 17:49 - 2013-07-28 17:49 - 00000946 _____ E:\Temp\StructuredQuery.log
2013-07-28 17:32 - 2013-07-28 17:39 - 00041953 _____ C:\Users\Jaizzy\Desktop\FRST2.txt
2013-07-28 17:30 - 2013-07-28 17:30 - 01780547 _____ (Farbar) C:\Users\Jaizzy\Desktop\FRST64.exe
2013-07-28 17:23 - 2013-07-28 17:23 - 00371500 _____ E:\Temp\dd_vcredistMSI5343.txt
2013-07-28 17:23 - 2013-07-28 17:23 - 00321922 _____ E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20130728_172328157-Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219-MSP0.txt
2013-07-28 17:23 - 2013-07-28 17:23 - 00228270 _____ E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20130728_172328157-MSI_vc_red.msi.txt
2013-07-28 17:23 - 2013-07-28 17:23 - 00093290 _____ E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20130728_172328157.html
2013-07-28 17:23 - 2013-07-28 17:23 - 00011386 _____ E:\Temp\dd_vcredistUI5343.txt
2013-07-28 17:22 - 2013-07-28 17:22 - 00351376 _____ E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130728_172222244-Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219-MSP0.txt
2013-07-28 17:22 - 2013-07-28 17:22 - 00227406 _____ E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130728_172222244-MSI_vc_red.msi.txt
2013-07-28 17:22 - 2013-07-28 17:22 - 00087660 _____ E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130728_172222244.html
2013-07-28 17:22 - 2013-07-28 17:22 - 00001522 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2013-07-28 17:10 - 2013-07-28 17:10 - 03513344 _____ (Geek Uninstaller Software) E:\Temp\geekuninstaller_x64.exe
2013-07-28 16:48 - 2013-07-28 16:48 - 00000000 _____ E:\Temp\lastChanceDst13750228958234527699538325433371.jar
2013-07-28 16:21 - 2013-07-28 22:34 - 02243306 _____ E:\Temp\PDApp.log
2013-07-28 16:21 - 2013-07-28 22:23 - 00399188 _____ E:\Temp\oobelib.log
2013-07-28 16:20 - 2013-07-28 22:23 - 00021196 _____ E:\Temp\swtag.log
2013-07-28 16:19 - 2013-07-28 22:34 - 00568046 _____ E:\Temp\amt3.log
2013-07-28 16:18 - 2013-07-28 16:18 - 00000000 _____ E:\Temp\_F1F2.tmp
2013-07-28 15:44 - 2013-07-28 18:35 - 00037567 _____ C:\ComboFix.txt
2013-07-28 15:09 - 2013-07-28 22:56 - 00002814 _____ E:\Temp\AdobeARM.log
2013-07-28 15:09 - 2013-07-28 15:09 - 00000000 _____ E:\Temp\LuUpdater.log
2013-07-28 14:52 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-28 14:52 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-28 14:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-28 14:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-28 14:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-28 14:52 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-28 14:52 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-28 14:52 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-28 14:51 - 2013-07-28 15:44 - 00000000 ____D C:\Qoobox
2013-07-28 14:51 - 2013-07-28 14:51 - 05095176 ____R (Swearware) C:\Users\Jaizzy\Desktop\ComboFix.exe
2013-07-28 14:47 - 2013-07-28 14:47 - 00000000 ____D E:\Temp\_avast_
2013-07-28 14:22 - 2013-07-28 14:24 - 00000000 ____D C:\Windows\system32\MRT
2013-07-28 14:12 - 2013-07-28 14:56 - 00000000 ____D E:\Temp\CRX_75DAF8CB7768
2013-07-28 12:38 - 2013-07-28 22:21 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2013-07-28 12:38 - 2013-07-28 12:38 - 00001039 _____ C:\Users\Jaizzy\Desktop\KMPlayer.lnk
2013-07-28 12:38 - 2013-07-28 12:38 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2013-07-28 12:38 - 2013-07-28 12:38 - 00000000 ____D C:\Program Files (x86)\installsyslang
2013-07-19 21:33 - 2013-07-25 21:11 - 00000000 ____D C:\Toolwiz
2013-07-19 21:33 - 2013-07-19 21:33 - 00059648 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSVF.sys
2013-07-19 21:33 - 2013-07-19 21:33 - 00033024 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSFF.sys
2013-07-19 21:33 - 2013-07-19 21:33 - 00001143 _____ C:\Users\UpdatusUser\Desktop\Toolwiz TimeFreeze.lnk
2013-07-19 21:33 - 2013-07-19 21:33 - 00001143 _____ C:\Users\postgres.NZXT\Desktop\Toolwiz TimeFreeze.lnk
2013-07-19 21:33 - 2013-07-19 21:33 - 00001143 _____ C:\Users\Jaizzy\Desktop\Toolwiz TimeFreeze.lnk
2013-07-19 21:33 - 2013-07-19 21:33 - 00000000 ____D C:\Program Files (x86)\Toolwiz TimeFreeze
2013-07-19 17:42 - 2013-07-19 17:42 - 00001012 _____ C:\Users\Jaizzy\Desktop\UltraSearch.lnk
2013-07-14 14:31 - 2013-07-14 14:31 - 00000000 ____D E:\Temp\Skype
2013-07-14 01:16 - 2013-07-14 01:16 - 00000000 ____D C:\Program Files\AXTM
2013-07-14 00:04 - 2013-07-14 00:04 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\CrystalIdea Software
2013-07-13 23:52 - 2013-07-28 14:56 - 00000000 ____D E:\Temp\{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}
2013-07-13 23:25 - 2013-07-13 23:28 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-13 23:25 - 2013-07-13 23:25 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-13 23:19 - 2013-07-13 23:19 - 00000918 _____ C:\Users\Jaizzy\Desktop\Palemoon-Portable.lnk
2013-07-13 23:19 - 2013-07-13 23:19 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Moonchild Productions
2013-07-13 09:47 - 2013-07-28 14:56 - 00000000 ____D E:\Temp\CR_C3F42.tmp
2013-07-12 08:49 - 2013-07-12 08:49 - 00000000 ____D E:\Temp\KB2840628_10.0.30319
2013-07-12 08:47 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 08:47 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 08:47 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 08:47 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 08:47 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 08:47 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 08:47 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 08:47 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 08:47 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 08:47 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 08:47 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 08:47 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 08:47 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 08:47 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 08:47 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 08:46 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 08:46 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 08:46 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 08:46 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 08:46 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 08:46 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 08:46 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 08:46 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 08:46 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 08:46 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 08:46 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 08:46 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 08:46 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 08:46 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 08:46 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 08:46 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 08:44 - 2013-07-12 08:44 - 00000000 ____D E:\Temp\KB2835393_10.0.30319
2013-07-12 07:27 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 07:27 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 07:27 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 07:27 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 07:27 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 07:27 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 07:27 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 18:41 - 2013-07-09 22:19 - 00000000 ____D E:\Temp\plugtmp-2
2013-07-09 18:11 - 2013-07-28 14:56 - 00000000 ____D E:\Temp\nsu8172.tmp
2013-07-07 15:26 - 2013-07-07 15:26 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\kompozer.net
2013-07-04 15:34 - 2013-07-04 15:34 - 08365097 _____ C:\Users\Jaizzy\Downloads\E6532_P8P67_PRO_REV_3_1.zip
2013-07-02 17:34 - 2013-07-02 17:34 - 00000000 ____D E:\Temp\Canon_Inc_IC
2013-07-02 17:34 - 2013-07-02 17:34 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Canon_Inc_IC
2013-06-28 23:24 - 2013-06-28 23:24 - 00001135 _____ C:\Users\Jaizzy\Documents\bw4komptest.log
2013-06-28 21:44 - 2013-07-28 14:56 - 00000000 ____D E:\Temp\nsc45DC.tmp
178

==================== One Month Modified Files and Folders =======

2013-07-28 22:58 - 2013-07-28 22:58 - 00021035 _____ E:\Temp\log3
2013-07-28 22:58 - 2013-07-28 22:58 - 00014102 _____ E:\Temp\log1
2013-07-28 22:58 - 2013-07-28 22:58 - 00000188 _____ E:\Temp\users00
2013-07-28 22:58 - 2013-07-28 22:58 - 00000003 _____ E:\Temp\others
2013-07-28 22:57 - 2013-07-28 22:57 - 00000000 ____D E:\Temp\WPDNSE
2013-07-28 22:57 - 2012-01-18 12:04 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\DisplayFusion
2013-07-28 22:56 - 2013-07-28 15:09 - 00002814 _____ E:\Temp\AdobeARM.log
2013-07-28 22:56 - 2013-04-06 17:33 - 00008188 _____ C:\Windows\PFRO.log
2013-07-28 22:56 - 2013-03-31 09:56 - 05132216 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-28 22:56 - 2013-03-31 09:56 - 00014123 _____ C:\Windows\setupact.log
2013-07-28 22:56 - 2012-12-20 12:33 - 00000000 _____ E:\Temp\Spyder3Utility
2013-07-28 22:56 - 2012-02-05 09:37 - 00770704 _____ C:\Windows\system32\oodbs.lor
2013-07-28 22:56 - 2011-05-22 08:36 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-28 22:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-28 22:55 - 2013-07-28 22:55 - 00230219 _____ E:\Temp\Preferences
2013-07-28 22:55 - 2013-07-28 22:54 - 00002149 _____ C:\AdwCleaner[S1].txt
2013-07-28 22:55 - 2011-05-22 08:20 - 01704268 _____ C:\Windows\WindowsUpdate.log
2013-07-28 22:53 - 2013-07-28 22:53 - 00002087 _____ C:\AdwCleaner[R1].txt
2013-07-28 22:52 - 2013-07-28 22:52 - 00002821 _____ E:\Temp\JRT.txt
2013-07-28 22:52 - 2013-07-28 22:52 - 00002821 _____ C:\Users\Jaizzy\Desktop\JRT.txt
2013-07-28 22:49 - 2013-07-28 22:49 - 00000000 ____D E:\Temp\jrt
2013-07-28 22:49 - 2013-07-28 22:49 - 00000000 ____D C:\Windows\ERUNT
2013-07-28 22:48 - 2013-07-28 22:48 - 00561198 _____ (Oleg N. Scherbakov) C:\Users\Jaizzy\Desktop\JRT.exe
2013-07-28 22:47 - 2013-07-13 09:42 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1796272902-1527921214-4022389393-1000UA1ce7f9c858bda77.job
2013-07-28 22:45 - 2013-07-28 22:45 - 00666633 _____ C:\Users\Jaizzy\Desktop\adwcleaner.exe
2013-07-28 22:43 - 2013-03-31 10:15 - 00000000 ____D E:\Temp\hsperfdata_Jaizzy
2013-07-28 22:34 - 2013-07-28 16:21 - 02243306 _____ E:\Temp\PDApp.log
2013-07-28 22:34 - 2013-07-28 16:19 - 00568046 _____ E:\Temp\amt3.log
2013-07-28 22:24 - 2013-06-20 08:28 - 00000000 ____D E:\Temp\PhotoshopCrashes
2013-07-28 22:23 - 2013-07-28 22:23 - 00000000 ____D E:\Temp\lilo.6656
2013-07-28 22:23 - 2013-07-28 16:21 - 00399188 _____ E:\Temp\oobelib.log
2013-07-28 22:23 - 2013-07-28 16:20 - 00021196 _____ E:\Temp\swtag.log
2013-07-28 22:21 - 2013-07-28 22:21 - 00000000 _____ E:\Temp\_C56B.tmp
2013-07-28 22:21 - 2013-07-28 12:38 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2013-07-28 21:16 - 2013-07-28 19:55 - 00001178 _____ E:\Temp\install_6173200_2013_07_28_19_55.log
2013-07-28 21:16 - 2011-05-22 08:19 - 00000000 ___RD C:\Users\Jaizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-28 21:15 - 2013-07-28 21:14 - 129199200 _____ C:\Users\Jaizzy\Documents\e.txt
2013-07-28 19:55 - 2013-07-28 19:55 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-28 18:57 - 2013-07-28 17:49 - 00000034 _____ E:\Temp\JavaDeployReg.log
2013-07-28 18:48 - 2013-07-28 18:48 - 00000000 _____ E:\Temp\lastChanceDst13750300879758746968910438859099.jar
2013-07-28 18:47 - 2013-03-31 10:16 - 00000000 ____D E:\Temp\jna-Jaizzy
2013-07-28 18:35 - 2013-07-28 15:44 - 00037567 _____ C:\ComboFix.txt
2013-07-28 17:51 - 2013-05-04 22:01 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\XBMC
2013-07-28 17:49 - 2013-07-28 17:49 - 00000946 _____ E:\Temp\StructuredQuery.log
2013-07-28 17:39 - 2013-07-28 17:32 - 00041953 _____ C:\Users\Jaizzy\Desktop\FRST2.txt
2013-07-28 17:30 - 2013-07-28 17:30 - 01780547 _____ (Farbar) C:\Users\Jaizzy\Desktop\FRST64.exe
2013-07-28 17:26 - 2013-07-28 17:26 - 00003494 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-NZXT-Jaizzy
2013-07-28 17:26 - 2013-07-13 00:20 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-28 17:25 - 2013-07-28 17:25 - 00000775 _____ C:\Users\Jaizzy\Desktop\Adobe Photoshop CC (64 Bit).lnk
2013-07-28 17:25 - 2013-06-19 23:06 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Adobe
2013-07-28 17:25 - 2013-01-14 19:48 - 00000000 ____D C:\ProgramData\Adobe
2013-07-28 17:25 - 2012-06-27 16:48 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-28 17:24 - 2013-06-17 00:15 - 00002180 _____ C:\Windows\Sandboxie.ini
2013-07-28 17:23 - 2013-07-28 17:23 - 00371500 _____ E:\Temp\dd_vcredistMSI5343.txt
2013-07-28 17:23 - 2013-07-28 17:23 - 00321922 _____ E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20130728_172328157-Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219-MSP0.txt
2013-07-28 17:23 - 2013-07-28 17:23 - 00228270 _____ E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20130728_172328157-MSI_vc_red.msi.txt
2013-07-28 17:23 - 2013-07-28 17:23 - 00093290 _____ E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20130728_172328157.html
2013-07-28 17:23 - 2013-07-28 17:23 - 00011386 _____ E:\Temp\dd_vcredistUI5343.txt
2013-07-28 17:22 - 2013-07-28 17:22 - 00351376 _____ E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130728_172222244-Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219-MSP0.txt
2013-07-28 17:22 - 2013-07-28 17:22 - 00227406 _____ E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130728_172222244-MSI_vc_red.msi.txt
2013-07-28 17:22 - 2013-07-28 17:22 - 00087660 _____ E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130728_172222244.html
2013-07-28 17:22 - 2013-07-28 17:22 - 00001522 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2013-07-28 17:22 - 2009-07-14 06:45 - 00033872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-28 17:22 - 2009-07-14 06:45 - 00033872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-28 17:20 - 2010-11-21 08:22 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-07-28 17:20 - 2010-11-21 08:22 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-07-28 17:20 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-28 17:18 - 2011-05-22 08:20 - 01643318 _____ C:\Windows\WindowsUpdate.log
2013-07-28 17:15 - 2013-07-28 17:15 - 00000000 ____D E:\Temp\WPDNSE
2013-07-28 17:15 - 2013-07-28 15:09 - 00002109 _____ E:\Temp\AdobeARM.log
2013-07-28 17:15 - 2012-12-20 12:33 - 00000000 _____ E:\Temp\Spyder3Utility
2013-07-28 17:15 - 2012-01-18 12:04 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\DisplayFusion
2013-07-28 17:14 - 2013-03-31 09:56 - 00014067 _____ C:\Windows\setupact.log
2013-07-28 17:14 - 2012-02-05 09:37 - 00769428 _____ C:\Windows\system32\oodbs.lor
2013-07-28 17:14 - 2011-05-22 08:36 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-28 17:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-28 16:18 - 2013-07-28 12:38 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2013-07-28 16:02 - 2013-03-31 10:42 - 00000000 ____D E:\Temp\acro_rd_dir
2013-07-28 16:00 - 2011-10-22 19:14 - 00000000 ____D C:\Users\Jaizzy\AppData\Local\Apps\2.0
2013-07-28 14:56 - 2013-07-28 14:12 - 00000000 ____D E:\Temp\CRX_75DAF8CB7768
2013-07-28 14:56 - 2013-07-13 23:52 - 00000000 ____D E:\Temp\{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}
2013-07-28 14:56 - 2013-07-13 09:47 - 00000000 ____D E:\Temp\CR_C3F42.tmp
2013-07-28 14:56 - 2013-07-09 18:11 - 00000000 ____D E:\Temp\nsu8172.tmp
2013-07-28 14:56 - 2013-06-28 21:44 - 00000000 ____D E:\Temp\nsc45DC.tmp
2013-07-28 14:56 - 2013-06-27 21:36 - 00000000 ____D E:\Temp\~nsu.tmp
2013-07-28 14:56 - 2013-06-19 23:06 - 00000000 ____D E:\Temp\nsvF089.tmp
2013-07-28 14:56 - 2013-06-19 22:57 - 00000000 ____D E:\Temp\nsmCCF2.tmp
2013-07-28 14:56 - 2013-06-19 22:51 - 00000000 ____D E:\Temp\nspB49.tmp
2013-07-28 14:56 - 2013-06-19 22:50 - 00000000 ____D E:\Temp\nsk9B0A.tmp
2013-07-28 14:56 - 2013-06-19 22:48 - 00000000 ____D E:\Temp\nseD626.tmp
2013-07-28 14:56 - 2013-06-14 15:07 - 00000000 ____D E:\Temp\nss492A.tmp
2013-07-28 14:56 - 2013-05-08 12:04 - 00000000 ____D E:\Temp\MozillaMailnews
2013-07-28 14:56 - 2013-05-06 11:05 - 00000000 ____D E:\Temp\enhtmlclip
2013-07-28 14:56 - 2013-05-04 22:00 - 00000000 ____D E:\Temp\nsy214.tmp
2013-07-28 14:56 - 2013-05-03 20:15 - 00000000 ____D E:\Temp\nse72C6.tmp
2013-07-28 14:56 - 2013-04-24 00:34 - 00000000 ____D E:\Temp\nseE680.tmp
2013-07-28 14:56 - 2013-04-20 14:08 - 00000000 ____D E:\Temp\PGLog
2013-07-28 14:56 - 2013-04-10 22:18 - 00000000 ____D E:\Temp\nsvFA47.tmp
2013-07-28 14:56 - 2013-04-05 16:45 - 00000000 ____D E:\Temp\lu
2013-07-28 14:56 - 2013-03-31 02:36 - 00000000 ____D E:\Temp\D6A33FE0-77EC-471E-960D-C8A642FD5B6C
2013-07-28 14:51 - 2013-07-28 14:51 - 05095176 ____R (Swearware) C:\Users\Jaizzy\Desktop\ComboFix.exe
2013-07-28 14:47 - 2013-07-28 14:47 - 00000000 ____D E:\Temp\_avast_
2013-07-28 14:44 - 2013-06-06 10:09 - 00000000 ____D E:\Temp\msdtadmin
2013-07-28 14:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-28 14:34 - 2012-03-04 18:59 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-28 14:34 - 2012-03-04 11:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-28 12:38 - 2013-07-28 12:38 - 00001039 _____ C:\Users\Jaizzy\Desktop\KMPlayer.lnk
2013-07-28 12:38 - 2013-07-28 12:38 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2013-07-28 12:38 - 2013-07-28 12:38 - 00000000 ____D C:\Program Files (x86)\installsyslang
2013-07-28 11:14 - 2013-07-28 11:14 - 00000000 ____D E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_10.0.40219
2013-07-28 11:14 - 2013-07-28 11:14 - 00000000 ____D E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_10.0.40219
2013-07-28 11:13 - 2011-06-01 08:03 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Orbit
2013-07-27 09:47 - 2013-07-13 09:42 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1796272902-1527921214-4022389393-1000Core1ce7f9c856d0764.job
2013-07-25 21:11 - 2013-07-19 21:33 - 00000000 ____D C:\Toolwiz
2013-07-25 19:05 - 2013-07-25 19:05 - 00000000 ____D E:\Temp\bye1499.tmp
2013-07-25 19:05 - 2013-07-25 19:05 - 00000000 ____D C:\Program Files (x86)\Duden
2013-07-25 19:05 - 2011-05-22 08:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-24 14:08 - 2013-05-04 22:03 - 00001112 _____ C:\Users\Jaizzy\.swfinfo
2013-07-19 23:12 - 2011-05-22 18:32 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Dropbox
2013-07-19 23:08 - 2013-07-19 23:08 - 00000000 ____D E:\Temp\scoped_dir12152_7185
2013-07-19 21:44 - 2011-06-11 19:07 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Canon
2013-07-19 21:43 - 2012-06-16 13:46 - 00000000 ____D C:\ProgramData\Canon_Inc_IC
2013-07-19 21:43 - 2011-05-25 11:04 - 00000000 ____D C:\Program Files (x86)\Canon
2013-07-19 21:33 - 2013-07-19 21:33 - 00059648 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSVF.sys
2013-07-19 21:33 - 2013-07-19 21:33 - 00033024 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSFF.sys
2013-07-19 21:33 - 2013-07-19 21:33 - 00001143 _____ C:\Users\UpdatusUser\Desktop\Toolwiz TimeFreeze.lnk
2013-07-19 21:33 - 2013-07-19 21:33 - 00001143 _____ C:\Users\postgres.NZXT\Desktop\Toolwiz TimeFreeze.lnk
2013-07-19 21:33 - 2013-07-19 21:33 - 00001143 _____ C:\Users\Jaizzy\Desktop\Toolwiz TimeFreeze.lnk
2013-07-19 21:33 - 2013-07-19 21:33 - 00000000 ____D C:\Program Files (x86)\Toolwiz TimeFreeze
2013-07-19 17:42 - 2013-07-19 17:42 - 00001012 _____ C:\Users\Jaizzy\Desktop\UltraSearch.lnk
2013-07-17 22:42 - 2011-05-22 18:32 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-07-14 19:51 - 2012-01-18 10:21 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Skype
2013-07-14 14:31 - 2013-07-14 14:31 - 00000000 ____D E:\Temp\Skype
2013-07-14 14:31 - 2013-03-27 16:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-14 14:31 - 2012-01-18 10:21 - 00000000 ____D C:\ProgramData\Skype
2013-07-14 01:52 - 2013-07-14 01:52 - 00082200 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\AXMount.sys
2013-07-14 01:52 - 2013-07-14 01:16 - 00059040 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\AXTrack.sys
2013-07-14 01:52 - 2013-07-14 01:16 - 00000733 _____ C:\Users\Jaizzy\Desktop\Time Machine.lnk
2013-07-13 23:57 - 2011-05-29 09:57 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-13 23:55 - 2011-05-22 21:34 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\WindSolutions
2013-07-13 23:28 - 2013-07-13 23:25 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-13 23:25 - 2013-07-13 23:25 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-13 23:19 - 2013-07-13 23:19 - 00000918 _____ C:\Users\Jaizzy\Desktop\Palemoon-Portable.lnk
2013-07-13 23:19 - 2013-07-13 23:19 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Moonchild Productions
2013-07-13 15:22 - 2011-05-22 09:38 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-13 10:05 - 2012-03-30 15:49 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-13 09:42 - 2013-07-13 09:42 - 00004094 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1796272902-1527921214-4022389393-1000UA1ce7f9c858bda77
2013-07-13 09:42 - 2013-07-13 09:42 - 00003698 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1796272902-1527921214-4022389393-1000Core1ce7f9c856d0764
2013-07-13 09:13 - 2012-03-30 15:49 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-13 09:13 - 2011-05-22 09:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-13 00:34 - 2013-07-13 00:34 - 00000000 ____D E:\Temp\SaveForWeb
2013-07-13 00:32 - 2013-07-13 00:23 - 00000132 _____ C:\Users\Jaizzy\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-07-12 13:21 - 2013-03-13 02:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 13:21 - 2013-03-13 02:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 13:19 - 2010-11-21 08:28 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 13:19 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 13:19 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 09:32 - 2011-06-12 11:31 - 00000000 ____D C:\Users\Jaizzy\AppData\Ember Media Manager
2013-07-12 08:51 - 2013-04-10 22:09 - 00000000 ____D E:\Temp\MPTelemetrySubmit
2013-07-12 08:49 - 2013-07-12 08:49 - 00000000 ____D E:\Temp\KB2840628_10.0.30319
2013-07-12 08:46 - 2011-07-06 22:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 08:44 - 2013-07-12 08:44 - 00000000 ____D E:\Temp\KB2835393_10.0.30319
2013-07-09 22:44 - 2013-06-27 21:36 - 00001722 _____ C:\Users\Public\Desktop\Update NOD32 license.lnk
2013-07-09 22:19 - 2013-07-09 18:41 - 00000000 ____D E:\Temp\plugtmp-2
2013-07-04 15:34 - 2013-07-04 15:34 - 08365097 _____ C:\Users\Jaizzy\Downloads\E6532_P8P67_PRO_REV_3_1.zip
2013-07-03 17:40 - 2012-10-13 09:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-02 17:48 - 2011-05-25 11:10 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\ZoomBrowser EX
2013-07-02 17:34 - 2013-07-02 17:34 - 00000000 ____D E:\Temp\Canon_Inc_IC
2013-07-02 17:34 - 2013-07-02 17:34 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Canon_Inc_IC
2013-07-02 15:16 - 2013-03-29 20:14 - 00000000 ____D C:\Users\postgres.NZXT
2013-06-28 23:24 - 2013-06-28 23:24 - 00001135 _____ C:\Users\Jaizzy\Documents\bw4komptest.log
2013-06-28 21:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


LastRegBack: 2013-07-24 19:34

==================== End Of Log ============================
--- --- ---

--- --- ---


Adwcleaner:
Code:
# AdwCleaner v2.306 - Datei am 28/07/2013 um 22:54:41 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (64 bits)
# Benutzer : Jaizzy - NZXT
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jaizzy\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Jaizzy\AppData\Local\PackageAware

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Jaizzy\AppData\Roaming\Mozilla\Firefox\Profiles\50auy3y1.default\prefs.js

Gelöscht : user_pref("extensions.mediaplayerconnectivity.activityViewPoint", false);
Gelöscht : user_pref("extensions.mediaplayerconnectivity.enableAutoplayViewPoint", false);
Gelöscht : user_pref("extensions.mediaplayerconnectivity.enableContextMenuViewPoint", true);
Gelöscht : user_pref("extensions.mediaplayerconnectivity.enableEmbedViewPoint", true);
Gelöscht : user_pref("extensions.mediaplayerconnectivity.enableFileViewPoint", true);
Gelöscht : user_pref("extensions.mediaplayerconnectivity.playermp3", "c:\\Program files\\Winamp\\winamp.exe");
Gelöscht : user_pref("extensions.mediaplayerconnectivity.playerparamsviewpoint", "%f");
Gelöscht : user_pref("extensions.mediaplayerconnectivity.playerpls", "c:\\Program files\\Winamp\\winamp.exe");
Gelöscht : user_pref("extensions.mediaplayerconnectivity.playerviewpoint", "");

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Jaizzy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.16.1860.0

Datei : C:\Users\Jaizzy\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2087 octets] - [28/07/2013 22:53:23]
AdwCleaner[S1].txt - [2022 octets] - [28/07/2013 22:54:41]

########## EOF - C:\AdwCleaner[S1].txt - [2082 octets] ##########

JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.5 (07.26.2013:2)
OS: Windows 7 Enterprise x64
Ran by Jaizzy on 28.07.2013 at 22:49:17,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Jaizzy\AppData\Roaming\mozilla\firefox\profiles\50auy3y1.default\jetpack
Successfully deleted: [Folder] C:\Users\Jaizzy\AppData\Roaming\mozilla\firefox\profiles\50auy3y1.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
Successfully deleted: [Folder] C:\Users\Jaizzy\AppData\Roaming\mozilla\firefox\profiles\50auy3y1.default\extensions\jid0-T01UQ5416mmgiAxnF7j8Iwzeffc@jetpack
Successfully deleted the following from C:\Users\Jaizzy\AppData\Roaming\mozilla\firefox\profiles\50auy3y1.default\prefs.js

user_pref("adblock.patterns", "!Filterset.G[hxxp://www.pierceive.com/]=2007-06-02a !Filterset.G-Whitelist-Beta[hxxp://www.pierceive.com/]=wb-2007-03-18a /(adwork\\.net|(bannex
user_pref("extensions.TooManyTabs@visibotech.com.recentlyClosedTabs", "[{\"label\":\"N a i k l a s' B l o g: Best Of Chuck - Music\",\"url\":\"hxxp://naiklas17.blogspot.com/20
user_pref("extensions.jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.install-event-fired", true);
user_pref("extensions.jid0-T01UQ5416mmgiAxnF7j8Iwzeffc@jetpack.install-event-fired", true);
user_pref("fgupdater.patterns", "!Filterset.G[hxxp://www.pierceive.com/]=2008-03-08a-MERGED .adquest.nl .adreporting.com .geldrace.nl .site-id.nl /(\\Wadv|banner|promo)s?(\\.(
Emptied folder: C:\Users\Jaizzy\AppData\Roaming\mozilla\firefox\profiles\50auy3y1.default\minidumps [73 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.07.2013 at 22:52:55,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MBAM:
Code:

Database version: v2013.07.28.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Jaizzy :: NZXT [administrator]

Protection: Disabled

28.07.2013 22:44:58
mbam-log-2013-07-28 (22-44-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 64309
Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
danke dir erstmal!

bin morgen nicht zuhause... werde die nächsten Aufträge erst Dienstag erledigen können, also nicht wundern.

Bis dann

schrauber 29.07.2013 08:27
Deinstalliere Chrome, behalt keine Daten, installier ihn neu und poste bitte ein frisches FRST log.

Jahannes 30.07.2013 07:29
Habs gemacht.

FRST log:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by Jaizzy (administrator) on 30-07-2013 08:20:51
Running from C:\Users\Jaizzy\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
() C:\Program Files\EslWire\service\WireHelperSvc.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
( ) C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionAppHook.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-21] (ESET)
HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [3994960 2011-11-17] (O&O Software GmbH)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [107000 2011-11-12] (Siber Systems)
HKCU\...\Run: [DisplayFusion] - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7283072 2013-04-26] (Binary Fortress Software)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [liblibwow64] - C:\Program Files (x86)\installsyslang\inisxs.exe [93184 2013-07-28] (SANDBOXIE L.T.D)
HKLM-x32\...\Run: [AdobeCEPServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk
ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe ( )
Startup: C:\Users\Jaizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BootExecute: autocheck autochk * OODBS

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO-x32: No Name - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Jaizzy\AppData\Roaming\Mozilla\Firefox\Profiles\50auy3y1.default
FF Homepage: about:home
FF NetworkProxy: "gopher", "222.108.198.53"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "www-proxy.t-online.de"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Jaizzy\AppData\Roaming\Mozilla\Firefox\Profiles\50auy3y1.default\searchplugins\geizhalsat-deutschland.xml
FF SearchPlugin: C:\Users\Jaizzy\AppData\Roaming\Mozilla\Firefox\Profiles\50auy3y1.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Jaizzy\AppData\Roaming\Mozilla\Firefox\Profiles\50auy3y1.default\searchplugins\sceneforce.xml
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: Roboform Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF StartMenuInternet: FIREFOX.EXE - E:\FirefoxPortable\App\Firefox\firefox.exe

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
S3 ASOVPNHelper; C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [434928 2012-05-25] (Astrill)
S3 ASProxy; C:\Program Files (x86)\Astrill\ASProxy.exe [1918888 2013-02-19] (Astrill)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1498000 2013-04-26] (Binary Fortress Software)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [678416 2012-12-17] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3273552 2011-11-17] (O&O Software GmbH)
S3 OpenVPNService; E:\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [123664 2012-12-16] (SANDBOXIE L.T.D)
R2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w [x]

==================== Drivers (Whitelisted) ====================

S3 arusb_lhx; C:\Windows\System32\DRIVERS\arusb_lhx.sys [539136 2008-07-24] (Atheros Communications, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [31744 2012-02-29] (Astrill)
R3 AXMount; C:\Windows\System32\DRIVERS\AXMount.sys [82200 2013-07-14] (Windows (R) Win 7 DDK provider)
R0 AXTrack; C:\Windows\System32\DRIVERS\AXTrack.sys [59040 2013-07-14] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-06] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET)
S3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [25528 2011-04-14] (Turtle Entertainment GmbH)
R2 ESLWireAC; C:\Windows\system32\drivers\ESLWireACD.sys [160784 2012-12-17] (<Turtle Entertainment>)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2010-06-10] (CACE Technologies)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [82928 2011-10-27] (Cyberlink Corp.)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [82928 2011-10-27] (Cyberlink Corp.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-12-16] (SANDBOXIE L.T.D)
R3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [15360 2011-06-02] (Datacolor)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [122448 2011-07-08] (High Criteria inc.)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [122448 2011-07-08] (High Criteria inc.)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [146928 2012-01-11] (CyberLink Corp.)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [146928 2012-01-11] (CyberLink Corp.)
S1 ArcSec; system32\drivers\ArcSec.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz135; \??\E:\Temp\cpuz135\cpuz135_x64.sys [x]
S1 SASDIFSV; \??\E:\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
S1 SASKUTIL; \??\E:\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 08:21 - 2013-07-30 08:21 - 00000000 _____ E:\Temp\log3
2013-07-30 08:21 - 2013-07-30 08:21 - 00000000 _____ E:\Temp\log1
2013-07-30 08:20 - 2013-07-30 08:20 - 01781589 _____ (Farbar) C:\Users\Jaizzy\Desktop\FRST64.exe
2013-07-30 08:20 - 2013-07-30 08:20 - 00000188 _____ E:\Temp\users00
2013-07-30 08:20 - 2013-07-30 08:20 - 00000003 _____ E:\Temp\others
2013-07-30 08:20 - 2013-07-30 08:20 - 00000000 _____ E:\Temp\frstlog
2013-07-30 08:19 - 2013-07-30 08:19 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-30 08:18 - 2013-07-30 08:18 - 00784872 _____ (Google Inc.) C:\Users\Jaizzy\Downloads\ChromeSetup (1).exe
2013-07-30 08:18 - 2013-07-30 08:18 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-30 08:18 - 2013-07-30 08:18 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-30 08:18 - 2013-07-30 08:18 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-30 08:18 - 2013-07-30 08:18 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-30 08:17 - 2013-07-30 07:59 - 01173456 _____ (Google Inc.) E:\Temp\F0E4.tmp
2013-07-30 08:17 - 2013-07-13 09:42 - 00853896 ____T (Google Inc.) E:\Temp\goopdate.dll140bd2
2013-07-30 08:17 - 2011-05-22 09:39 - 00136176 ____T (Google Inc.) E:\Temp\GoogleUpdate.exe140b84
2013-07-30 08:12 - 2013-07-30 08:12 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\NZXT
2013-07-30 08:00 - 2013-07-30 08:00 - 00000000 ____D E:\Temp\Rar$EX72.024
2013-07-30 07:59 - 2013-07-30 08:19 - 00045791 _____ E:\Temp\chrome_installer.log
2013-07-30 07:59 - 2013-07-30 07:59 - 00000000 ____D E:\Temp\{BD815469-FC88-4C2A-B56B-B0005057B62A}
2013-07-30 07:58 - 2013-07-30 07:58 - 00000000 ____D E:\Temp\Rar$EX77.320
2013-07-30 07:55 - 2013-07-30 07:55 - 00000000 ____D E:\Temp\WPDNSE
2013-07-28 23:21 - 2013-07-28 23:21 - 00000000 ____D E:\Temp\CRX_75DAF8CB7768
2013-07-28 23:13 - 2013-07-28 23:13 - 00001300 _____ E:\Temp\JRT.txt
2013-07-28 23:13 - 2013-07-28 23:13 - 00001300 _____ C:\Users\Jaizzy\Desktop\JRT.txt
2013-07-28 22:55 - 2013-07-28 22:55 - 00230219 _____ E:\Temp\Preferences
2013-07-28 22:54 - 2013-07-28 23:07 - 00002155 _____ C:\AdwCleaner[S1].txt
2013-07-28 22:53 - 2013-07-28 22:53 - 00002087 _____ C:\AdwCleaner[R1].txt
2013-07-28 22:49 - 2013-07-28 23:11 - 00000000 ____D E:\Temp\jrt
2013-07-28 22:49 - 2013-07-28 22:49 - 00000000 ____D C:\Windows\ERUNT
2013-07-28 22:48 - 2013-07-28 22:48 - 00561198 _____ (Oleg N. Scherbakov) C:\Users\Jaizzy\Desktop\JRT.exe
2013-07-28 22:45 - 2013-07-28 22:45 - 00666633 _____ C:\Users\Jaizzy\Desktop\adwcleaner.exe
2013-07-28 22:23 - 2013-07-28 22:23 - 00000000 ____D E:\Temp\lilo.6656
2013-07-28 22:21 - 2013-07-28 22:21 - 00000000 _____ E:\Temp\_C56B.tmp
2013-07-28 21:14 - 2013-07-28 21:15 - 129199200 _____ C:\Users\Jaizzy\Documents\e.txt
2013-07-28 19:55 - 2013-07-28 21:16 - 00001178 _____ E:\Temp\install_6173200_2013_07_28_19_55.log
2013-07-28 19:55 - 2013-07-28 19:55 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-28 18:48 - 2013-07-28 18:48 - 00000000 _____ E:\Temp\lastChanceDst13750300879758746968910438859099.jar
2013-07-28 17:49 - 2013-07-30 08:20 - 00000102 _____ E:\Temp\JavaDeployReg.log
2013-07-28 17:49 - 2013-07-30 08:18 - 00001671 _____ E:\Temp\StructuredQuery.log
2013-07-28 17:32 - 2013-07-28 17:39 - 00041953 _____ C:\Users\Jaizzy\Desktop\FRST2.txt
2013-07-28 17:26 - 2013-07-28 17:26 - 00003494 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-NZXT-Jaizzy
2013-07-28 17:25 - 2013-07-28 17:25 - 00000775 _____ C:\Users\Jaizzy\Desktop\Adobe Photoshop CC (64 Bit).lnk
2013-07-28 17:23 - 2013-07-28 17:23 - 00371500 _____ E:\Temp\dd_vcredistMSI5343.txt
2013-07-28 17:23 - 2013-07-28 17:23 - 00321922 _____ E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20130728_172328157-Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219-MSP0.txt
2013-07-28 17:23 - 2013-07-28 17:23 - 00228270 _____ E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20130728_172328157-MSI_vc_red.msi.txt
2013-07-28 17:23 - 2013-07-28 17:23 - 00093290 _____ E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20130728_172328157.html
2013-07-28 17:23 - 2013-07-28 17:23 - 00011386 _____ E:\Temp\dd_vcredistUI5343.txt
2013-07-28 17:22 - 2013-07-28 17:22 - 00351376 _____ E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130728_172222244-Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219-MSP0.txt
2013-07-28 17:22 - 2013-07-28 17:22 - 00227406 _____ E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130728_172222244-MSI_vc_red.msi.txt
2013-07-28 17:22 - 2013-07-28 17:22 - 00087660 _____ E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130728_172222244.html
2013-07-28 17:22 - 2013-07-28 17:22 - 00001522 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2013-07-28 17:10 - 2013-07-28 17:10 - 03513344 _____ (Geek Uninstaller Software) E:\Temp\geekuninstaller_x64.exe
2013-07-28 16:48 - 2013-07-28 16:48 - 00000000 _____ E:\Temp\lastChanceDst13750228958234527699538325433371.jar
2013-07-28 16:21 - 2013-07-30 08:05 - 02251752 _____ E:\Temp\PDApp.log
2013-07-28 16:21 - 2013-07-28 22:23 - 00399188 _____ E:\Temp\oobelib.log
2013-07-28 16:20 - 2013-07-28 22:23 - 00021196 _____ E:\Temp\swtag.log
2013-07-28 16:19 - 2013-07-28 22:34 - 00568046 _____ E:\Temp\amt3.log
2013-07-28 16:18 - 2013-07-28 16:18 - 00000000 _____ E:\Temp\_F1F2.tmp
2013-07-28 15:44 - 2013-07-28 18:35 - 00037567 _____ C:\ComboFix.txt
2013-07-28 15:09 - 2013-07-30 07:55 - 00003519 _____ E:\Temp\AdobeARM.log
2013-07-28 15:09 - 2013-07-28 15:09 - 00000000 _____ E:\Temp\LuUpdater.log
2013-07-28 14:52 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-28 14:52 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-28 14:52 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-28 14:52 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-28 14:52 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-28 14:52 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-28 14:52 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-28 14:52 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-28 14:51 - 2013-07-28 15:44 - 00000000 ____D C:\Qoobox
2013-07-28 14:51 - 2013-07-28 14:51 - 05095176 ____R (Swearware) C:\Users\Jaizzy\Desktop\ComboFix.exe
2013-07-28 14:47 - 2013-07-28 14:47 - 00000000 ____D E:\Temp\_avast_
2013-07-28 14:22 - 2013-07-28 14:24 - 00000000 ____D C:\Windows\system32\MRT
2013-07-28 12:38 - 2013-07-28 22:21 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2013-07-28 12:38 - 2013-07-28 12:38 - 00001039 _____ C:\Users\Jaizzy\Desktop\KMPlayer.lnk
2013-07-28 12:38 - 2013-07-28 12:38 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2013-07-28 12:38 - 2013-07-28 12:38 - 00000000 ____D C:\Program Files (x86)\installsyslang
2013-07-28 11:14 - 2013-07-28 11:14 - 00000000 ____D E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_10.0.40219
2013-07-28 11:14 - 2013-07-28 11:14 - 00000000 ____D E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_10.0.40219
2013-07-28 11:13 - 2013-07-30 07:55 - 00000000 ____D E:\Temp\AdobeDownload
2013-07-27 08:03 - 2013-07-27 08:03 - 00005076 _____ C:\ProgramData\flwjycbm.bab
2013-07-25 21:03 - 2013-07-25 21:05 - 00000000 ____D C:\Users\Jaizzy\.instagiffer
2013-07-25 19:06 - 2013-07-25 19:06 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\tipptrainer3
2013-07-25 19:05 - 2013-07-25 19:05 - 00000000 ____D E:\Temp\bye1499.tmp
2013-07-25 19:05 - 2013-07-25 19:05 - 00000000 ____D C:\Program Files (x86)\Duden
2013-07-21 10:53 - 2013-07-21 10:53 - 00000995 _____ C:\Users\Jaizzy\Desktop\GiffingTool.lnk
2013-07-19 23:08 - 2013-07-19 23:08 - 00000000 ____D E:\Temp\scoped_dir12152_7185
2013-07-19 21:43 - 2013-07-19 21:43 - 00001136 _____ C:\Users\Public\Desktop\Digital Photo Professional.lnk
2013-07-19 17:42 - 2013-07-19 17:42 - 00001012 _____ C:\Users\Jaizzy\Desktop\UltraSearch.lnk
2013-07-14 14:31 - 2013-07-14 14:31 - 00000000 ____D E:\Temp\Skype
2013-07-14 01:52 - 2013-07-14 01:52 - 00082200 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\AXMount.sys
2013-07-14 01:50 - 2013-07-14 01:51 - 00006415 _____ C:\Users\Jaizzy\Documents\AXLogs.zip
2013-07-14 01:21 - 2013-07-14 01:21 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\AXTM
2013-07-14 01:16 - 2013-07-14 01:52 - 00059040 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\AXTrack.sys
2013-07-14 01:16 - 2013-07-14 01:52 - 00000733 _____ C:\Users\Jaizzy\Desktop\Time Machine.lnk
2013-07-14 01:16 - 2013-07-14 01:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_AXMount_01009.Wdf
2013-07-14 01:16 - 2013-07-14 01:16 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AX64 Time Machine
2013-07-14 01:16 - 2013-07-14 01:16 - 00000000 ____D C:\Program Files\AXTM
2013-07-14 00:04 - 2013-07-14 00:04 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\CrystalIdea Software
2013-07-13 23:52 - 2013-07-28 14:56 - 00000000 ____D E:\Temp\{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}
2013-07-13 23:25 - 2013-07-13 23:28 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-13 23:25 - 2013-07-13 23:25 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-13 23:19 - 2013-07-13 23:19 - 00000918 _____ C:\Users\Jaizzy\Desktop\Palemoon-Portable.lnk
2013-07-13 23:19 - 2013-07-13 23:19 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Moonchild Productions
2013-07-13 00:34 - 2013-07-13 00:34 - 00000000 ____D E:\Temp\SaveForWeb
2013-07-13 00:23 - 2013-07-13 00:32 - 00000132 _____ C:\Users\Jaizzy\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-07-13 00:20 - 2013-07-28 17:26 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-12 08:49 - 2013-07-12 08:49 - 00000000 ____D E:\Temp\KB2840628_10.0.30319
2013-07-12 08:47 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 08:47 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 08:47 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 08:47 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 08:47 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 08:47 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 08:47 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 08:47 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 08:47 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 08:47 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 08:47 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 08:47 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 08:47 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 08:47 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 08:47 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 08:46 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 08:46 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 08:46 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 08:46 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 08:46 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 08:46 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 08:46 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 08:46 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 08:46 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 08:46 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 08:46 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 08:46 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 08:46 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 08:46 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 08:46 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 08:46 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 08:44 - 2013-07-12 08:44 - 00000000 ____D E:\Temp\KB2835393_10.0.30319
2013-07-12 07:27 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 07:27 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 07:27 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 07:27 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 07:27 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 07:27 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 07:27 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 18:41 - 2013-07-09 22:19 - 00000000 ____D E:\Temp\plugtmp-2
2013-07-09 18:11 - 2013-07-28 14:56 - 00000000 ____D E:\Temp\nsu8172.tmp
2013-07-07 15:26 - 2013-07-07 15:26 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\kompozer.net
2013-07-04 15:34 - 2013-07-04 15:34 - 08365097 _____ C:\Users\Jaizzy\Downloads\E6532_P8P67_PRO_REV_3_1.zip
2013-07-02 17:34 - 2013-07-02 17:34 - 00000000 ____D E:\Temp\Canon_Inc_IC
2013-07-02 17:34 - 2013-07-02 17:34 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Canon_Inc_IC

==================== One Month Modified Files and Folders =======

2013-07-30 08:21 - 2013-07-30 08:21 - 00014466 _____ E:\Temp\log1
2013-07-30 08:21 - 2013-07-30 08:20 - 00023961 _____ E:\Temp\frstlog
2013-07-30 08:20 - 2013-07-30 08:20 - 01781589 _____ (Farbar) C:\Users\Jaizzy\Desktop\FRST64.exe
2013-07-30 08:20 - 2013-07-30 08:20 - 00000188 _____ E:\Temp\users00
2013-07-30 08:20 - 2013-07-30 08:20 - 00000003 _____ E:\Temp\others
2013-07-30 08:20 - 2013-07-28 17:49 - 00000102 _____ E:\Temp\JavaDeployReg.log
2013-07-30 08:19 - 2013-07-30 08:19 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-30 08:19 - 2013-07-30 07:59 - 00045791 _____ E:\Temp\chrome_installer.log
2013-07-30 08:19 - 2011-06-01 19:12 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-30 08:18 - 2013-07-30 08:18 - 00784872 _____ (Google Inc.) C:\Users\Jaizzy\Downloads\ChromeSetup (1).exe
2013-07-30 08:18 - 2013-07-30 08:18 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-30 08:18 - 2013-07-30 08:18 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-30 08:18 - 2013-07-30 08:18 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-30 08:18 - 2013-07-30 08:18 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-30 08:18 - 2013-07-28 17:49 - 00001671 _____ E:\Temp\StructuredQuery.log
2013-07-30 08:16 - 2012-01-18 12:04 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\DisplayFusion
2013-07-30 08:12 - 2013-07-30 08:12 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\NZXT
2013-07-30 08:05 - 2013-07-28 16:21 - 02254338 _____ E:\Temp\PDApp.log
2013-07-30 08:05 - 2012-03-30 15:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-30 08:02 - 2010-11-21 08:22 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-07-30 08:02 - 2010-11-21 08:22 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-07-30 08:02 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-30 08:02 - 2009-07-14 06:45 - 00033872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 08:02 - 2009-07-14 06:45 - 00033872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 08:00 - 2013-07-30 08:00 - 00000000 ____D E:\Temp\Rar$EX72.024
2013-07-30 07:59 - 2013-07-30 08:17 - 01173456 _____ (Google Inc.) E:\Temp\F0E4.tmp
2013-07-30 07:59 - 2013-07-30 07:59 - 00000000 ____D E:\Temp\{BD815469-FC88-4C2A-B56B-B0005057B62A}
2013-07-30 07:58 - 2013-07-30 07:58 - 00000000 ____D E:\Temp\Rar$EX77.320
2013-07-30 07:58 - 2011-05-22 08:20 - 01864363 _____ C:\Windows\WindowsUpdate.log
2013-07-30 07:55 - 2013-07-30 07:55 - 00000000 ____D E:\Temp\WPDNSE
2013-07-30 07:55 - 2013-07-28 15:09 - 00003519 _____ E:\Temp\AdobeARM.log
2013-07-30 07:55 - 2013-07-28 11:13 - 00000000 ____D E:\Temp\AdobeDownload
2013-07-30 07:55 - 2013-03-31 09:56 - 00014179 _____ C:\Windows\setupact.log
2013-07-30 07:55 - 2012-12-20 12:33 - 00000000 _____ E:\Temp\Spyder3Utility
2013-07-30 07:55 - 2012-02-05 09:37 - 00771980 _____ C:\Windows\system32\oodbs.lor
2013-07-30 07:55 - 2011-05-22 08:36 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-30 07:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-28 23:21 - 2013-07-28 23:21 - 00000000 ____D E:\Temp\CRX_75DAF8CB7768
2013-07-28 23:13 - 2013-07-28 23:13 - 00001300 _____ E:\Temp\JRT.txt
2013-07-28 23:13 - 2013-07-28 23:13 - 00001300 _____ C:\Users\Jaizzy\Desktop\JRT.txt
2013-07-28 23:11 - 2013-07-28 22:49 - 00000000 ____D E:\Temp\jrt
2013-07-28 23:07 - 2013-07-28 22:54 - 00002155 _____ C:\AdwCleaner[S1].txt
2013-07-28 22:56 - 2013-04-06 17:33 - 00008188 _____ C:\Windows\PFRO.log
2013-07-28 22:56 - 2013-03-31 09:56 - 05132216 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-28 22:55 - 2013-07-28 22:55 - 00230219 _____ E:\Temp\Preferences
2013-07-28 22:53 - 2013-07-28 22:53 - 00002087 _____ C:\AdwCleaner[R1].txt
2013-07-28 22:49 - 2013-07-28 22:49 - 00000000 ____D C:\Windows\ERUNT
2013-07-28 22:48 - 2013-07-28 22:48 - 00561198 _____ (Oleg N. Scherbakov) C:\Users\Jaizzy\Desktop\JRT.exe
2013-07-28 22:45 - 2013-07-28 22:45 - 00666633 _____ C:\Users\Jaizzy\Desktop\adwcleaner.exe
2013-07-28 22:43 - 2013-03-31 10:15 - 00000000 ____D E:\Temp\hsperfdata_Jaizzy
2013-07-28 22:34 - 2013-07-28 16:19 - 00568046 _____ E:\Temp\amt3.log
2013-07-28 22:24 - 2013-06-20 08:28 - 00000000 ____D E:\Temp\PhotoshopCrashes
2013-07-28 22:23 - 2013-07-28 22:23 - 00000000 ____D E:\Temp\lilo.6656
2013-07-28 22:23 - 2013-07-28 16:21 - 00399188 _____ E:\Temp\oobelib.log
2013-07-28 22:23 - 2013-07-28 16:20 - 00021196 _____ E:\Temp\swtag.log
2013-07-28 22:21 - 2013-07-28 22:21 - 00000000 _____ E:\Temp\_C56B.tmp
2013-07-28 22:21 - 2013-07-28 12:38 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2013-07-28 21:43 - 2011-05-22 08:51 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\vlc
2013-07-28 21:36 - 2011-05-22 09:46 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\BOM
2013-07-28 21:18 - 2011-05-22 16:29 - 00000000 ____D C:\Program Files (x86)\PokerStars
2013-07-28 21:16 - 2013-07-28 19:55 - 00001178 _____ E:\Temp\install_6173200_2013_07_28_19_55.log
2013-07-28 21:16 - 2011-05-22 08:19 - 00000000 ___RD C:\Users\Jaizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-28 21:15 - 2013-07-28 21:14 - 129199200 _____ C:\Users\Jaizzy\Documents\e.txt
2013-07-28 19:55 - 2013-07-28 19:55 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-28 18:48 - 2013-07-28 18:48 - 00000000 _____ E:\Temp\lastChanceDst13750300879758746968910438859099.jar
2013-07-28 18:47 - 2013-03-31 10:16 - 00000000 ____D E:\Temp\jna-Jaizzy
2013-07-28 18:35 - 2013-07-28 15:44 - 00037567 _____ C:\ComboFix.txt
2013-07-28 17:51 - 2013-05-04 22:01 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\XBMC
2013-07-28 17:39 - 2013-07-28 17:32 - 00041953 _____ C:\Users\Jaizzy\Desktop\FRST2.txt
2013-07-28 17:26 - 2013-07-28 17:26 - 00003494 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-NZXT-Jaizzy
2013-07-28 17:26 - 2013-07-13 00:20 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-07-28 17:25 - 2013-07-28 17:25 - 00000775 _____ C:\Users\Jaizzy\Desktop\Adobe Photoshop CC (64 Bit).lnk
2013-07-28 17:25 - 2013-06-19 23:06 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Adobe
2013-07-28 17:25 - 2013-01-14 19:48 - 00000000 ____D C:\ProgramData\Adobe
2013-07-28 17:25 - 2012-06-27 16:48 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-28 17:24 - 2013-06-17 00:15 - 00002180 _____ C:\Windows\Sandboxie.ini
2013-07-28 17:23 - 2013-07-28 17:23 - 00371500 _____ E:\Temp\dd_vcredistMSI5343.txt
2013-07-28 17:23 - 2013-07-28 17:23 - 00321922 _____ E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20130728_172328157-Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219-MSP0.txt
2013-07-28 17:23 - 2013-07-28 17:23 - 00228270 _____ E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20130728_172328157-MSI_vc_red.msi.txt
2013-07-28 17:23 - 2013-07-28 17:23 - 00093290 _____ E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20130728_172328157.html
2013-07-28 17:23 - 2013-07-28 17:23 - 00011386 _____ E:\Temp\dd_vcredistUI5343.txt
2013-07-28 17:22 - 2013-07-28 17:22 - 00351376 _____ E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130728_172222244-Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219-MSP0.txt
2013-07-28 17:22 - 2013-07-28 17:22 - 00227406 _____ E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130728_172222244-MSI_vc_red.msi.txt
2013-07-28 17:22 - 2013-07-28 17:22 - 00087660 _____ E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20130728_172222244.html
2013-07-28 17:22 - 2013-07-28 17:22 - 00001522 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2013-07-28 17:10 - 2013-07-28 17:10 - 03513344 _____ (Geek Uninstaller Software) E:\Temp\geekuninstaller_x64.exe
2013-07-28 16:48 - 2013-07-28 16:48 - 00000000 _____ E:\Temp\lastChanceDst13750228958234527699538325433371.jar
2013-07-28 16:26 - 2011-05-22 09:00 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Mozilla
2013-07-28 16:18 - 2013-07-28 16:18 - 00000000 _____ E:\Temp\_F1F2.tmp
2013-07-28 16:02 - 2013-03-31 10:42 - 00000000 ____D E:\Temp\acro_rd_dir
2013-07-28 16:00 - 2011-10-22 19:14 - 00000000 ____D C:\Users\Jaizzy\AppData\Local\Apps\2.0
2013-07-28 15:44 - 2013-07-28 14:51 - 00000000 ____D C:\Qoobox
2013-07-28 15:44 - 2013-03-19 16:16 - 00000000 ____D C:\Users\hook
2013-07-28 15:44 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-28 15:09 - 2013-07-28 15:09 - 00000000 _____ E:\Temp\LuUpdater.log
2013-07-28 15:09 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-28 15:04 - 2012-03-05 20:59 - 00000000 ____D C:\Windows\ERDNT
2013-07-28 14:58 - 2011-05-22 08:19 - 00000000 ____D C:\Users\Jaizzy
2013-07-28 14:56 - 2013-07-13 23:52 - 00000000 ____D E:\Temp\{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}
2013-07-28 14:56 - 2013-07-09 18:11 - 00000000 ____D E:\Temp\nsu8172.tmp
2013-07-28 14:56 - 2013-06-28 21:44 - 00000000 ____D E:\Temp\nsc45DC.tmp
2013-07-28 14:56 - 2013-06-27 21:36 - 00000000 ____D E:\Temp\~nsu.tmp
2013-07-28 14:56 - 2013-06-19 23:06 - 00000000 ____D E:\Temp\nsvF089.tmp
2013-07-28 14:56 - 2013-06-19 22:57 - 00000000 ____D E:\Temp\nsmCCF2.tmp
2013-07-28 14:56 - 2013-06-19 22:51 - 00000000 ____D E:\Temp\nspB49.tmp
2013-07-28 14:56 - 2013-06-19 22:50 - 00000000 ____D E:\Temp\nsk9B0A.tmp
2013-07-28 14:56 - 2013-06-19 22:48 - 00000000 ____D E:\Temp\nseD626.tmp
2013-07-28 14:56 - 2013-06-14 15:07 - 00000000 ____D E:\Temp\nss492A.tmp
2013-07-28 14:56 - 2013-05-08 12:04 - 00000000 ____D E:\Temp\MozillaMailnews
2013-07-28 14:56 - 2013-05-06 11:05 - 00000000 ____D E:\Temp\enhtmlclip
2013-07-28 14:56 - 2013-05-04 22:00 - 00000000 ____D E:\Temp\nsy214.tmp
2013-07-28 14:56 - 2013-05-03 20:15 - 00000000 ____D E:\Temp\nse72C6.tmp
2013-07-28 14:56 - 2013-04-24 00:34 - 00000000 ____D E:\Temp\nseE680.tmp
2013-07-28 14:56 - 2013-04-20 14:08 - 00000000 ____D E:\Temp\PGLog
2013-07-28 14:56 - 2013-04-10 22:18 - 00000000 ____D E:\Temp\nsvFA47.tmp
2013-07-28 14:56 - 2013-04-05 16:45 - 00000000 ____D E:\Temp\lu
2013-07-28 14:56 - 2013-03-31 02:36 - 00000000 ____D E:\Temp\D6A33FE0-77EC-471E-960D-C8A642FD5B6C
2013-07-28 14:51 - 2013-07-28 14:51 - 05095176 ____R (Swearware) C:\Users\Jaizzy\Desktop\ComboFix.exe
2013-07-28 14:47 - 2013-07-28 14:47 - 00000000 ____D E:\Temp\_avast_
2013-07-28 14:44 - 2013-06-06 10:09 - 00000000 ____D E:\Temp\msdtadmin
2013-07-28 14:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-28 14:34 - 2012-03-04 18:59 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-28 14:34 - 2012-03-04 11:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-28 14:24 - 2013-07-28 14:22 - 00000000 ____D C:\Windows\system32\MRT
2013-07-28 12:40 - 2012-01-26 23:14 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\uTorrent
2013-07-28 12:38 - 2013-07-28 12:38 - 00001039 _____ C:\Users\Jaizzy\Desktop\KMPlayer.lnk
2013-07-28 12:38 - 2013-07-28 12:38 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2013-07-28 12:38 - 2013-07-28 12:38 - 00000000 ____D C:\Program Files (x86)\installsyslang
2013-07-28 11:22 - 2012-12-25 23:40 - 00050654 _____ C:\Users\Jaizzy\Documents\TPG-LR-Backup.log
2013-07-28 11:21 - 2013-05-01 11:04 - 00000000 ____D E:\Temp\Adobe
2013-07-28 11:14 - 2013-07-28 11:14 - 00000000 ____D E:\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_10.0.40219
2013-07-28 11:14 - 2013-07-28 11:14 - 00000000 ____D E:\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_10.0.40219
2013-07-14 14:31 - 2013-07-14 14:31 - 00000000 ____D E:\Temp\Skype
2013-07-14 14:31 - 2013-03-27 16:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-14 14:31 - 2012-01-18 10:21 - 00000000 ____D C:\ProgramData\Skype
2013-07-14 01:52 - 2013-07-14 01:52 - 00082200 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\AXMount.sys
2013-07-14 01:52 - 2013-07-14 01:16 - 00059040 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\AXTrack.sys
2013-07-14 01:52 - 2013-07-14 01:16 - 00000733 _____ C:\Users\Jaizzy\Desktop\Time Machine.lnk
2013-07-14 01:51 - 2013-07-14 01:50 - 00006415 _____ C:\Users\Jaizzy\Documents\AXLogs.zip
2013-07-14 01:21 - 2013-07-14 01:21 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\AXTM
2013-07-14 01:16 - 2013-07-14 01:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_AXMount_01009.Wdf
2013-07-14 01:16 - 2013-07-14 01:16 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AX64 Time Machine
2013-07-14 01:16 - 2013-07-14 01:16 - 00000000 ____D C:\Program Files\AXTM
2013-07-14 00:04 - 2013-07-14 00:04 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\CrystalIdea Software
2013-07-13 23:57 - 2011-05-29 09:57 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-13 23:55 - 2011-05-22 21:34 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\WindSolutions
2013-07-13 23:28 - 2013-07-13 23:25 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-13 23:25 - 2013-07-13 23:25 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-13 23:19 - 2013-07-13 23:19 - 00000918 _____ C:\Users\Jaizzy\Desktop\Palemoon-Portable.lnk
2013-07-13 23:19 - 2013-07-13 23:19 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Moonchild Productions
2013-07-13 15:22 - 2011-05-22 09:38 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-13 10:05 - 2012-03-30 15:49 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-13 09:42 - 2013-07-30 08:17 - 00853896 ____T (Google Inc.) E:\Temp\goopdate.dll140bd2
2013-07-13 09:13 - 2012-03-30 15:49 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-13 09:13 - 2011-05-22 09:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-13 00:34 - 2013-07-13 00:34 - 00000000 ____D E:\Temp\SaveForWeb
2013-07-13 00:32 - 2013-07-13 00:23 - 00000132 _____ C:\Users\Jaizzy\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-07-12 13:21 - 2013-03-13 02:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 13:21 - 2013-03-13 02:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 13:19 - 2010-11-21 08:28 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 13:19 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 13:19 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 09:32 - 2011-06-12 11:31 - 00000000 ____D C:\Users\Jaizzy\AppData\Ember Media Manager
2013-07-12 08:51 - 2013-04-10 22:09 - 00000000 ____D E:\Temp\MPTelemetrySubmit
2013-07-12 08:49 - 2013-07-12 08:49 - 00000000 ____D E:\Temp\KB2840628_10.0.30319
2013-07-12 08:46 - 2011-07-06 22:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 08:44 - 2013-07-12 08:44 - 00000000 ____D E:\Temp\KB2835393_10.0.30319
2013-07-04 15:34 - 2013-07-04 15:34 - 08365097 _____ C:\Users\Jaizzy\Downloads\E6532_P8P67_PRO_REV_3_1.zip
2013-07-03 17:40 - 2012-10-13 09:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-02 17:48 - 2011-05-25 11:10 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\ZoomBrowser EX
2013-07-02 17:34 - 2013-07-02 17:34 - 00000000 ____D E:\Temp\Canon_Inc_IC
2013-07-02 17:34 - 2013-07-02 17:34 - 00000000 ____D C:\Users\Jaizzy\AppData\Roaming\Canon_Inc_IC
2013-07-02 15:16 - 2013-03-29 20:14 - 00000000 ____D C:\Users\postgres.NZXT

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


LastRegBack: 2013-07-24 19:34

==================== End Of Log ============================
--- --- ---

schrauber 30.07.2013 08:01
Immer noch Probleme?

Jahannes 30.07.2013 08:13
Nach einem erneuten Neustart, dasselbe Problem. chrome.exe ist im Taskmanager, nach ein paar Minuten meldet NOD32
Code:
30.07.2013 09:11:00        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe        Variante von Win32/Injector.LBP Trojaner        Säubern nicht möglich        NZXT\Jaizzy
Nur mit dem Unterschied, dass nach der Neuinstallation, Chrome irgendwie im Programme Ordner und nicht im Benutzer Ordner installiert wurde (kann man nicht aussuchen)

schrauber 30.07.2013 09:10
Jetzt will ich mal was testen :)


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Jahannes 30.07.2013 12:02
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=36cde5b96a466c4f88fbf0f182571d40
# engine=14584
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2013-07-30 10:45:50
# local_time=2013-07-30 12:45:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 17242 126811000 0 0
# compatibility_mode=8217 16776701 100 87 2819748 125194102 0 0
# scanned=309891
# found=0
# cleaned=0
# scan_time=6481
# nod_component=V3 Build:0x30000000

schrauber 30.07.2013 13:56
Lol, deinstalliere mal NOD und installiere es neu.

Jahannes 30.07.2013 14:05
Das gleiche Problem :-(

Dieser Online Scanner scannt glaub ich nur die Festplatten.

Im NOD32 kann ich aber explizit nur Arbeitsspeicher und Bootsektor überprüfen, und da schlägt es nach 2 Sekunden immer an.

Dieser Trojaner startet immer beim Hochfahren, obwohl unter msconfig -> Systemstart kein Eintrag dazu existiert. Und ich glaube nicht das es eine Fehlmeldung von NOD ist, da die Symptome ja existieren :-/


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:18 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131