Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bitcoin Miner in svhost.exe erscheint nach Neustart wieder (https://www.trojaner-board.de/140994-bitcoin-miner-svhost-exe-erscheint-neustart.html)

fuxing 04.09.2013 15:50
Bitcoin Miner in svhost.exe erscheint nach Neustart wieder
 
Hallo!

ich habe anscheinend so einen Bitcoin Miner eingefangen (GPU Auslastung ständig auf 97%)

Windows 7 Professional, Avira Antivir, Malwarebytes (Pro) mit aktiviertem Schutz

Malwarebytes Logfile:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.04.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660

Schutz: Aktiviert

04.09.2013 16:32:44
mbam-log-2013-09-04 (16-32-44).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 31542
Laufzeit: 1 Minute(n), 45 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Hiden\AppData\Roaming\Microsoft\IE10\svhost.exe (PUP.BitCoinMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Nun lösche ich das und nach dem neustart findet er den Miner aber wieder!

Nun nehme ich an, dass da irgendwas läuft, das mir diesen Miner immer wieder neu erstellt. Wie finde ich da den Urprozess?
Und wie kann ich das Ding endgültig los werden?

Vielen DANK schonmal!

cosinus 04.09.2013 15:52
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

fuxing 04.09.2013 15:59
Leider bekam ich die Meldung, dass der Text zu lange ist, also muss ich die Logs als Anhang liefern.

cosinus 04.09.2013 16:02
Was ist mit anderen Logs? Keine weiteren Funde der Virenscanner?
Und die Logs bitte on CODE-Tags, wenn zu groß über zwei Postings verteilt posten

fuxing 05.09.2013 06:31
Addition.txt:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2013 03
Ran by Hiden at 2013-09-04 16:55:49
Running from C:\Users\Hiden\Desktop\share
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 2.0.3 (x32 Version: 2.0.3)
Auto Lyrics (x32)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.7.2.11)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.6.3.9)
Canon MOV Decoder (x32 Version: 1.5.0.7)
Canon MOV Encoder (x32 Version: 1.3.0.3)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.4.0.8)
Canon Utilities CameraWindow (x32 Version: 7.4.0.7)
Canon Utilities CameraWindow DC 8 (x32 Version: 8.1.0.11)
Canon Utilities Movie Uploader for YouTube (x32 Version: 1.0.0.11)
Canon Utilities MyCamera (x32 Version: 7.3.0.5)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (x32 Version: 6.5.0.14)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.3.0.4)
Captcha Brotherhood (x32 Version: 1.1.8)
Cheat Engine 6.3 (x32)
Clownfish for Skype (x32 Version: 6.3.60.105 )
Craften Terminal 3.3.4897.28268 (x32 Version: 3.3.4897.28268)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
diclovit's mod pack 1.7.1 (x32 Version: 1.7.1)
Dokan Library 0.6.0 (x32)
dows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
eBay (x32 Version: 1.0.1)
FilesFrog Update Checker (x32)
Free YouTube Download version 3.2.0.128 (x32 Version: 3.2.0.128)
GameSpy Arcade (x32)
GeForce Experience NvStream Client Components (Version: 0.1.87)
GIANTS Editor 5.0.1 (x32 Version: 5.0.1)
Gizmo Central (x32 Version: v2.7.9)
Glary Utilities 3.9.1 (x32 Version: 3.9.1.138)
Google Chrome (HKCU Version: 29.0.1547.62)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java 7 Update 9 (64-bit) (Version: 7.0.90)
Java Auto Updater (x32 Version: 2.1.9.5)
Java SE Development Kit 7 Update 17 (x32 Version: 1.7.0.170)
JDownloader 0.9 (x32 Version: 0.9)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Landwirtschafts Simulator 2013 (x32 Version: 1.0)
Logitech Gaming Software (Version: 8.45.88)
Logitech Gaming Software 5.10 (Version: 5.10.127)
Logitech Gaming Software 8.46 (Version: 8.46.27)
MagniPic (Version: 1.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
MFC RunTime files (x32 Version: 1.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1)
ModChanger (x32)
MSI Afterburner 2.3.1 (x32 Version: 2.3.1)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Need For Speed™ World (x32 Version: 1.0.0.1398)
Nokia Connectivity Cable Driver (x32 Version: 7.1.45.0)
Notepad++ (x32 Version: 6.2.3)
NVIDIA 3D Vision Controller-Treiber 320.49 (Version: 320.49)
NVIDIA 3D Vision Treiber 320.49 (Version: 320.49)
NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.133.902)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update 8.3.14 (Version: 8.3.14)
NVIDIA Update Components (Version: 8.3.14)
NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5)
PC Connectivity Solution (x32 Version: 11.4.21.0)
PowerISO (x32 Version: 5.7)
REALTEK Wireless LAN Driver and Utility (x32 Version: 1.00.0150)
SafeSaver 1.74 (x32)
SHIELD Streaming (Version: 1.05.28)
Skype™ 6.6 (x32 Version: 6.6.106)
SpeedFan (remove only) (x32)
TeamSpeak 3 Client (HKCU Version: 3.0.11.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
WinZipper (x32 Version: 1.4.8)
World of Tanks (x32)

==================== Restore Points  =========================

01-09-2013 17:00:07 Windows-Sicherung
02-09-2013 06:16:34 Entfernt InstallShield Wiederherstellungspunkt
04-09-2013 06:20:45 Entfernt Stronghold Crusader
04-09-2013 06:24:59 Removed VirtualDJ Home FREE
04-09-2013 09:45:30 04.09.13-Fischer

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started
Task: {0803A813-6437-498D-AC07-613A98EAF9CA} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe [2013-02-16] (Arainia Solutions)
Task: {109F2D68-DE85-4250-8790-F69520AB48B4} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {11BAA340-2FB8-4C1D-8BCA-18D6DE6F577B} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File
Task: {1624DED4-10AA-47DA-A4D6-033B7173C936} - System32\Tasks\GlaryInitialize 3 => C:\Program Files (x86)\Glary Utilities 3\Initialize.exe [2013-09-02] (Glarysoft Ltd)
Task: {1B856DF1-1F14-45D4-B94A-DBE3833BB609} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {2E917A26-4BCC-44C0-88EF-166B1A86B087} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => start osppsvc
Task: {8325AD79-23AD-48EA-AE69-A71AC6576DB3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-21] (Microsoft Corporation)
Task: {91E04826-1A09-441E-963B-A00D738214A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {94A244D4-FC2F-43EC-BEB6-24EAF7245950} - System32\Tasks\Omiga Plus RunAsStdUser => C:\Program Files (x86)\Omiga Plus\omigaplus.exe No File
Task: {95713F1F-4565-4EEB-8590-E3005CB0CB40} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {BF6839E1-AB1E-4DEB-B45F-924C36954FA0} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe No File
Task: {C489CEB2-EF64-4A44-8C59-27C3416772D4} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe No File
Task: {ECFED734-CB47-4E38-820D-446778883CD8} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation)
Task: {F1BD5839-C619-422E-B505-AB7485A6007A} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe No File
Task: {F306AF33-D7C6-44B7-AC70-638C23B38DE0} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 3.job => C:\Program Files (x86)\Glary Utilities 3\Initialize.exe

==================== Loaded Modules (whitelisted) =============

2013-09-04 11:18 - 2013-06-21 14:06 - 15920536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2009-07-14 01:41 - 2009-07-14 03:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\uiautomationcore.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-09-02 11:08 - 2013-09-02 11:08 - 00077088 _____ (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\x64\ContextHandler.dll
2012-12-06 16:58 - 2012-12-06 16:58 - 00367528 _____ () C:\Program Files (x86)\Gizmo\gshell-x64.dll
2013-07-09 17:32 - 2013-07-09 17:32 - 00150184 _____ (337 Technology Limited.) C:\Program Files (x86)\WinZipper\eshellctx64.dll
2013-07-22 04:19 - 2013-07-22 04:19 - 00232984 _____ (Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOSH.DLL
2009-07-14 01:55 - 2009-07-14 03:41 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\shpafact.dll
2013-03-25 19:40 - 2012-06-09 20:20 - 00196096 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\SPPC.DLL
2013-09-04 11:26 - 2013-06-21 12:23 - 04528416 _____ (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvUI.dll
2012-12-06 09:57 - 2013-08-27 23:16 - 04864800 _____ (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll
2012-12-06 09:57 - 2013-08-27 23:16 - 01190688 _____ (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Common\easyDaemonAPIU64.DLL
2012-12-06 09:57 - 2013-08-27 23:16 - 01662240 _____ (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Common\NVUPDTR.DLL
2013-04-24 23:57 - 2013-04-24 23:57 - 03276288 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\Logitech Gaming Software\QtCore4.dll
2013-04-24 23:57 - 2013-04-24 23:57 - 12168192 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\Logitech Gaming Software\QtGui4.dll
2013-04-24 23:57 - 2013-04-24 23:57 - 00539136 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\Logitech Gaming Software\QtXml4.dll
2013-04-24 23:57 - 2013-04-24 23:57 - 01085952 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\Logitech Gaming Software\QtNetwork4.dll
2013-04-24 23:57 - 2013-04-24 23:57 - 01990144 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\Logitech Gaming Software\QtScript4.dll
2013-04-24 23:57 - 2013-04-24 23:57 - 00750080 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\Logitech Gaming Software\QtHelp4.dll
2013-04-24 23:57 - 2013-04-24 23:57 - 00897024 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\Logitech Gaming Software\QtSql4.dll
2013-04-24 23:57 - 2013-04-24 23:57 - 01807360 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\Logitech Gaming Software\QtCLucene4.dll
2013-04-24 23:57 - 2013-04-24 23:57 - 00841728 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\Logitech Gaming Software\QtOpenGL4.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.DLL
2013-04-24 23:57 - 2013-04-24 23:57 - 00173568 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\Program Files\Logitech Gaming Software\imageformats\qjpeg4.dll
2009-07-14 02:20 - 2009-07-14 03:40 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\DINPUT.dll
2009-07-14 01:46 - 2009-07-14 03:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\TaskSchdPS.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 01435648 _____ (Microsoft Corporation) C:\Windows\System32\Speech\Common\sapi.dll
2013-02-16 15:40 - 2013-02-16 15:40 - 01570712 _____ (Arainia Solutions) C:\Program Files (x86)\Gizmo\ggui.dll
2013-02-16 15:40 - 2013-02-16 15:40 - 00166816 _____ () C:\Program Files (x86)\Gizmo\GImage.DLL
2013-02-16 15:40 - 2013-02-16 15:40 - 02228136 _____ (Arainia Solutions) C:\Program Files (x86)\Gizmo\gvillage.DLL
2013-02-16 15:40 - 2013-02-16 15:40 - 00218016 _____ (Arainia Solutions) C:\Program Files (x86)\Gizmo\grender.dll
2013-02-16 15:40 - 2013-02-16 15:40 - 00315800 _____ () C:\Program Files (x86)\Gizmo\gmanager.DLL
2013-02-16 15:40 - 2013-02-16 15:40 - 00034720 _____ (Arainia Solutions) C:\Program Files (x86)\Gizmo\ghook.DLL
2013-02-16 15:40 - 2013-02-16 15:40 - 00404384 _____ () C:\Program Files (x86)\Gizmo\gdatabase.dll
2013-02-16 15:40 - 2013-02-16 15:40 - 00394656 _____ () C:\Program Files (x86)\Gizmo\gdrive.dll
2013-02-16 15:40 - 2013-02-16 15:40 - 00339864 _____ () C:\Program Files (x86)\Gizmo\geditor.dll
2013-02-16 15:40 - 2013-02-16 15:40 - 00372632 _____ () C:\Program Files (x86)\Gizmo\ghash.dll
2013-02-16 15:40 - 2013-02-16 15:40 - 00339864 _____ () C:\Program Files (x86)\Gizmo\gscript.dll
2011-06-11 01:15 - 2011-06-11 01:15 - 05601616 _____ (Microsoft Corporation) C:\Windows\system32\mfc100u.dll
2012-12-06 22:04 - 2013-01-02 18:58 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100.dll
2012-12-06 22:04 - 2013-01-02 18:58 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP100.dll
2011-06-11 01:15 - 2011-06-11 01:15 - 00064336 _____ (Microsoft Corporation) C:\Windows\system32\MFC100DEU.DLL
2013-04-21 21:44 - 2013-04-21 21:44 - 00053648 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01292136 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00923496 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 16303976 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-21 05:24 - 2010-11-21 05:24 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Windows\system32\Thumbs.db:encryptable
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\Users\Hiden\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\Hiden\Desktop\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\Hiden\AppData\Thumbs.db:encryptable


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/04/2013 01:54:31 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011380
ID des fehlerhaften Prozesses: 0x810
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/04/2013 11:50:40 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/04/2013 11:09:18 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011380
ID des fehlerhaften Prozesses: 0x10dc
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/04/2013 07:56:22 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011380
ID des fehlerhaften Prozesses: 0xf10
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/03/2013 08:16:19 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011380
ID des fehlerhaften Prozesses: 0x6f0
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/03/2013 02:15:52 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011380
ID des fehlerhaften Prozesses: 0x8e8
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/03/2013 08:16:19 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011380
ID des fehlerhaften Prozesses: 0xc3c
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/02/2013 08:02:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011380
ID des fehlerhaften Prozesses: 0x13b4
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/02/2013 02:02:58 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00011380
ID des fehlerhaften Prozesses: 0x127c
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/02/2013 08:14:34 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: _is7D69.exe, Version: 12.0.0.58849, Zeitstempel: 0x45b1a378
Name des fehlerhaften Moduls: ISSetup.dll, Version: 12.0.0.58851, Zeitstempel: 0x45e5fb47
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0009522f
ID des fehlerhaften Prozesses: 0x1420
Startzeit der fehlerhaften Anwendung: 0x_is7D69.exe0
Pfad der fehlerhaften Anwendung: _is7D69.exe1
Pfad des fehlerhaften Moduls: _is7D69.exe2
Berichtskennung: _is7D69.exe3


System errors:
=============
Error: (09/04/2013 04:36:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserDefendert" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (09/04/2013 04:35:03 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/04/2013 04:35:03 PM) (Source: DCOM) (User: )
Description: {53362C32-A296-4F2D-A2F8-FD984D08340B}

Error: (09/04/2013 04:35:00 PM) (Source: DCOM) (User: )
Description: {60A90A2F-858D-42AF-8929-82BE9D99E8A1}

Error: (09/04/2013 03:08:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserDefendert" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (09/04/2013 03:06:11 PM) (Source: DCOM) (User: )
Description: {53362C32-A296-4F2D-A2F8-FD984D08340B}

Error: (09/04/2013 01:42:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserDefendert" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (09/04/2013 01:30:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserDefendert" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (09/04/2013 01:30:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.

Error: (09/04/2013 01:26:56 PM) (Source: DCOM) (User: )
Description: {60A90A2F-858D-42AF-8929-82BE9D99E8A1}


Microsoft Office Sessions:
=========================
Error: (09/04/2013 01:54:31 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c00000050001138081001cea9657e8a04aaC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exec1915377-1558-11e3-8fb1-001999ea7c11

Error: (09/04/2013 11:50:40 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\$Recycle.Bin\S-1-5-21-1013355498-1814289779-388905639-1000\$R9C37VW.exe

Error: (09/04/2013 11:09:18 AM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c00000050001138010dc01cea94e671a1711C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exead41a7d1-1541-11e3-90da-001999ea7c11

Error: (09/04/2013 07:56:22 AM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500011380f1001cea9333916aa24C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeb954b757-1526-11e3-99e4-99e8b13b3adc

Error: (09/03/2013 08:16:19 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c0000005000113806f001cea8d19d034015C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeedce8b0a-14c4-11e3-8833-c96e60126bdd

Error: (09/03/2013 02:15:52 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c0000005000113808e801cea89f4d160e74C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe92cfa14a-1492-11e3-8833-c96e60126bdd

Error: (09/03/2013 08:16:19 AM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500011380c3c01cea86d02e0f4e3C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe5895479f-1460-11e3-9fb7-874de5df03df

Error: (09/02/2013 08:02:37 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c00000050001138013b401cea80696e882bfC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exed9211f14-13f9-11e3-9b91-df3e0cc41dde

Error: (09/02/2013 02:02:58 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500011380127c01cea7d44c157796C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe9b628162-13c7-11e3-9b91-df3e0cc41dde

Error: (09/02/2013 08:14:34 AM) (Source: Application Error)(User: )
Description: _is7D69.exe12.0.0.5884945b1a378ISSetup.dll12.0.0.5885145e5fb47c00000050009522f142001cea7a3ae6f7347C:\Users\Hiden\AppData\Local\Temp\_is7D69.exeC:\Users\Hiden\AppData\Local\Temp\{B771FFE1-98DB-41C6-8C9B-3B141E230B70}\ISSetup.dllefa7a86f-1396-11e3-aa13-b83fe90891dc


==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 4045.9 MB
Available physical RAM: 2630.33 MB
Total Pagefile: 8089.99 MB
Available Pagefile: 6294.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:248.91 GB) (Free:132.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Daten) (Fixed) (Total:201.17 GB) (Free:159.51 GB) NTFS
Drive e: (LS2013) (CDROM) (Total:1.36 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 71765B60)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=464 GB) - (Type=OF Extended)

==================== End Of Log ============================

fuxing 05.09.2013 06:44
FRST.txt


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 03
Ran by Hiden (administrator) on HIDEN-PC on 04-09-2013 16:55:06
Running from C:\Users\Hiden\Desktop\share
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gizmo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Clownfish] - C:\Program Files (x86)\Clownfish\Clownfish.exe [1276152 2013-07-02] (Bogdan Sharkov)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [GizmoDriveDelegate] - C:\Program Files (x86)\Gizmo\gizmo.exe [223640 2013-02-16] (Arainia Solutions)
MountPoints2: G - G:\cdstart.exe
MountPoints2: I - I:\cdstart.exe
MountPoints2: {7051758a-b309-11e2-9e44-fbb951157bc6} - F:\OriginInstaller.exe
MountPoints2: {b4993d4d-3f3e-11e2-8214-806e6f6e6963} - E:\cdstart.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gizmo.lnk
ShortcutTarget: Gizmo.lnk -> C:\Program Files (x86)\Gizmo\gizmo.exe (Arainia Solutions)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
URLSearchHook: (No Name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914
SearchScopes: HKLM - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzy0E0AyB0CtCtCtBtD0E0FtN0D0Tzu0CtAyDzytN1L2XzutBtFtBtFtCtFyEtDyB&cr=1614796548
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914
SearchScopes: HKLM-x32 - {43127BD9-3ACA-4259-9A77-D5C69F5CB9BA} URL = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q={searchTerms}
SearchScopes: HKLM-x32 - {96932D4E-8C01-43DD-98CC-011CA708A907} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.good-results.info/?l=1&q={searchTerms}&pid=724&r=2013/02/16&hid=1021253944&lg=EN&cc=AT
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119816&babsrc=SP_ss_bad2g&mntrId=0016000C4343BD02
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119816&babsrc=SP_ss_bad2g&mntrId=0016000C4343BD02
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {62E3F633-EDFB-44CC-9142-718C84A5CD02} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119292&babsrc=SP_ss&mntrId=001620ef000000000000000c4343bd02
SearchScopes: HKCU - {B5918D46-D596-40AB-B9B9-4235D17141A0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10263&src=kw&q={searchTerms}&locale=de_AT&apn_ptnrs=^AGU&apn_dtid=^YYYYYY^YY^AT&apn_uid=3DB68FCC-ADA4-4017-8C38-58DE2CDFAFE8&apn_sauid=22187DFA-8181-45F6-B34D-BA650EECB054
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.good-results.info/?l=1&q={searchTerms}&pid=724&r=2013/02/16&hid=1021253944&lg=EN&cc=AT
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb205/?search={searchTerms}&loc=IB_DS&a=6PQRV9rixw&i=26
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default
FF user.js: detected! => C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\user.js
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\babylon1.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Funmoods.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Searchab.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\winload-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF Extension: Browse2save - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\511fe088829a4@511fe088829dd.com
FF Extension: incredibar.com - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\ffxtlbr@incredibar.com
FF Extension: Spartipps von SparPilot.com - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\sparpilot@sparpilot.com
FF Extension: No Name - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\staged
FF Extension: Winload  - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
FF Extension: WhiteSmoke US New  - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}
FF Extension: ftdownloader - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\ftdownloader@ftdownloader.com.xpi
FF Extension: torntv - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\torntv@torntv.com.xpi
FF Extension: No Name - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\WTB_GLOBAL.sqlite
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [511fe088829a4@511fe088829dd.com] C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com
FF Extension: Browse2save - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF HKCU\...\Firefox\Extensions: [autolyrics@man-soft.net] C:\Program Files (x86)\AutoLyrics\FF\
FF Extension: No Name - C:\Program Files (x86)\AutoLyrics\FF\

Chrome:
=======
CHR HomePage: hxxp://www.google.at/
CHR RestoreOnStartup: "https://www.google.at/"
CHR DefaultSearchURL: (Babylon Search) - hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0016944452EDFDAF&affID=123895&tsp=4985
CHR DefaultSuggestURL: (Babylon Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Hiden\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Google Update) - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (Lightning Newtab) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.4.9_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (Auto Lyrics) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf\1.114_0
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Hiden\AppData\Local\funmoods.crx
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Hiden\AppData\Local\funmoods-speeddial_sf.crx
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Hiden\AppData\Roaming\BabSolution\CR\BabylonChrome1.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [gkjoindjjcmbdpbfppabdgflnkgbbcli] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn11.crx
CHR HKLM-x32\...\Chrome\Extension: [pkcdkfohdadbjmlfejhncigcbfkiaamf] - C:\Program Files (x86)\AutoLyrics\Chrome.crx

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2013-02-16] (Arainia Solutions)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-07-09] (Taiwan Shui Mu Chih Ching Technology Limited.)
S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [x]

==================== Drivers (Whitelisted) ====================

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-25] (Avira Operations GmbH & Co. KG)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-02] (DT Soft Ltd)
S3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-08] (Duplex Secure Ltd.)
U3 acpfkkt3; C:\Windows\System32\Drivers\acpfkkt3.sys [0 ] (Advanced Micro Devices)
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-04 16:39 - 2013-09-04 16:54 - 00000000 ____D C:\Users\Hiden\Desktop\share
2013-09-04 16:25 - 2013-09-04 16:25 - 02134420 _____ C:\Users\Hiden\Downloads\RogueKiller_8.6.9.zip
2013-09-04 14:26 - 2013-09-04 14:28 - 114436733 _____ C:\Users\Hiden\Desktop\Christina Perri - A Thousand Years [Official Music Video].mp4
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-04 13:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-04 12:36 - 2013-09-04 12:36 - 00262144 _____ C:\Windows\system32\config\default.gu
2013-09-04 12:36 - 2013-09-04 12:36 - 00028672 _____ C:\Windows\system32\config\software.gu
2013-09-04 12:35 - 2013-09-02 11:09 - 00024352 _____ C:\Windows\system32\RegBootDefrag.exe
2013-09-04 12:23 - 2013-09-04 16:31 - 00000000 ____D C:\_tools
2013-09-04 11:48 - 2013-09-04 11:48 - 00000000 ____D C:\ProgramData\GlarySoft
2013-09-04 11:42 - 2013-09-04 16:37 - 00000334 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-09-04 11:42 - 2013-09-04 12:38 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-09-04 11:42 - 2013-09-04 11:42 - 00002630 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-09-04 11:42 - 2013-09-04 11:42 - 00001086 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-09-04 11:42 - 2013-09-04 11:42 - 00000075 _____ C:\DiskDefrag.log
2013-09-04 11:42 - 2013-09-04 11:42 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\GlarySoft
2013-09-04 11:42 - 2013-09-02 11:09 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-09-04 11:41 - 2013-09-04 11:41 - 16243768 _____ C:\Users\Hiden\Downloads\gu3setup.exe
2013-09-04 11:39 - 2013-09-04 11:39 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\IObit
2013-09-04 11:27 - 2013-09-04 11:27 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-04 11:26 - 2013-06-21 12:23 - 06496544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 03514656 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 02555680 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 00884512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-09-04 11:26 - 2013-06-21 12:23 - 00237856 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-09-04 11:26 - 2013-06-20 06:17 - 03253909 _____ C:\Windows\system32\nvcoproc.bin
2013-09-04 11:18 - 2013-06-21 14:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 15920536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 15144928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 13411896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 12427240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 11235104 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-04 11:18 - 2013-06-21 14:06 - 09239344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02953504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432049.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432049.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 01059560 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00925648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00572704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00570656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00266448 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00218592 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00214448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00181488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00021578 _____ C:\Windows\system32\nvinfo.pb
2013-09-04 11:18 - 2013-02-25 07:27 - 00194848 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-09-04 11:18 - 2013-02-25 07:27 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-09-04 11:18 - 2013-01-29 10:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 02936208 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 02597856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-04 11:16 - 2013-09-04 11:16 - 02453054 _____ C:\Users\Hiden\Downloads\hw64_422.zip
2013-09-04 11:10 - 2013-08-20 15:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-09-04 11:10 - 2013-08-20 15:32 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-09-04 11:10 - 2013-08-20 15:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-09-04 08:52 - 2013-09-04 08:53 - 00718115 ____N C:\Windows\Minidump\090413-26676-01.dmp
2013-09-04 07:54 - 2013-09-04 07:54 - 95812354 _____ C:\Windows\SysWOW64\ທ쇓ᵌ'
2013-09-03 13:30 - 2013-09-03 13:36 - 19740030 _____ C:\Users\Hiden\Downloads\Fendt_312TMS_Red_BTS_V2.zip
2013-09-03 08:15 - 2013-09-03 08:15 - 95452537 _____ C:\Windows\SysWOW64\峌雠ᵌH
2013-09-02 17:35 - 2013-09-02 17:35 - 00018465 _____ C:\Users\Hiden\Downloads\ZZZ_fastForward.zip
2013-09-02 15:24 - 2013-09-02 15:24 - 12770646 _____ C:\Users\Hiden\Downloads\xvm-4.1.1.zip
2013-09-02 08:02 - 2013-09-02 08:02 - 95199985 _____ C:\Windows\SysWOW64\誤軍ᵌ’
2013-09-01 08:38 - 2013-09-01 08:38 - 95128664 _____ C:\Windows\SysWOW64\豹冮ᵌ—
2013-09-01 08:34 - 2013-09-04 10:59 - 00000000 ____D C:\Windows\Minidump
2013-08-31 18:47 - 2013-08-31 18:47 - 00706105 ____N C:\Windows\Minidump\090113-28423-01.dmp
2013-08-31 10:38 - 2013-08-31 16:38 - 95115989 _____ C:\Windows\SysWOW64\塛ᵌ…
2013-08-30 20:21 - 2013-08-30 20:21 - 01358962 _____ C:\Users\Hiden\Downloads\Bierkarre.zip
2013-08-30 20:20 - 2013-08-30 20:21 - 11326313 _____ C:\Users\Hiden\Downloads\LizardBully275HP.zip
2013-08-30 20:19 - 2013-08-30 20:24 - 174242488 _____ C:\Users\Hiden\Downloads\DonsMapV1.zip
2013-08-30 19:38 - 2013-08-30 19:38 - 94985858 _____ C:\Windows\SysWOW64\쟁䡾ᵌ–
2013-08-30 19:12 - 2013-08-30 19:13 - 17423012 _____ C:\Users\Hiden\Downloads\UniversalBaleTrailer_v3_OPEN_ME.rar
2013-08-30 14:24 - 2013-08-30 14:24 - 03808017 _____ C:\Users\Hiden\Downloads\WelgerAP.zip
2013-08-30 14:06 - 2013-08-30 14:07 - 03760642 _____ C:\Users\Hiden\Downloads\SipmaZ224.zip
2013-08-30 14:02 - 2013-08-30 14:03 - 30501886 _____ C:\Users\Hiden\Downloads\Ballengitterwagen_Pack_entpacken.rar
2013-08-30 13:57 - 2013-08-30 14:04 - 221791348 _____ C:\Users\Hiden\Downloads\entpack mich.rar
2013-08-30 13:39 - 2013-08-30 13:39 - 94829123 _____ C:\Windows\SysWOW64\합ﬠᵌ™
2013-08-29 20:41 - 2013-08-29 20:41 - 94663095 _____ C:\Windows\SysWOW64\ꩠ䥦ᵌ
2013-08-29 19:08 - 2013-08-29 19:12 - 69599016 _____ C:\Users\Hiden\Downloads\GIANTSContest2013_Belgique_Profonde_2_LuxFarm_Ls.zip
2013-08-29 19:06 - 2013-08-29 19:14 - 163566314 _____ C:\Users\Hiden\Downloads\Ahlen_Map.zip
2013-08-29 18:34 - 2013-08-29 18:37 - 94159810 _____ C:\Users\Hiden\Downloads\hackselLandV1.zip
2013-08-29 14:41 - 2013-08-29 14:41 - 94605346 _____ C:\Windows\SysWOW64\浇榏ᵌD
2013-08-29 13:14 - 2013-08-29 13:14 - 00010992 _____ C:\Users\Hiden\Downloads\aaaf56b5caa5132724beb5aa9aa22998.dlc
2013-08-29 10:38 - 2013-08-29 10:39 - 03503441 _____ C:\Users\Hiden\Downloads\Piper Bergwacht Download.zip
2013-08-29 08:41 - 2013-08-29 08:41 - 101142192 _____ C:\Windows\SysWOW64\㚣㦶ᵌ¨
2013-08-28 17:38 - 2013-08-28 17:38 - 00111602 _____ C:\Users\Hiden\Downloads\SrsMoney.zip
2013-08-28 15:03 - 2013-09-04 11:28 - 00000000 ____D C:\hw64_422
2013-08-28 15:01 - 2013-08-28 15:01 - 00000000 ____D C:\cpu-z-166
2013-08-28 15:00 - 2013-08-28 15:01 - 01981816 _____ C:\Users\Hiden\Downloads\cpu-z-166.zip
2013-08-28 13:13 - 2013-08-28 13:13 - 00000000 ____D C:\ProgramData\SummerSoft
2013-08-28 13:11 - 2013-08-28 13:11 - 00002119 _____ C:\Users\Hiden\Downloads\[isoHunt] SKI REGION SIMULATOR 2012-FIGHTCLUB CRACK 2012.rar.torrent
2013-08-28 13:01 - 2013-02-09 09:00 - 00000193 _____ C:\Users\Hiden\Downloads\share-online.biz.URL
2013-08-28 13:01 - 2013-02-09 08:59 - 00000123 _____ C:\Users\Hiden\Downloads\uploaded.to.URL
2013-08-28 13:01 - 2013-01-22 06:41 - 00000000 _____ C:\Users\Hiden\Downloads\Upped_by_Erdbeerschaum.txt
2013-08-28 13:01 - 2013-01-05 15:13 - 00000410 _____ C:\Users\Hiden\Downloads\Wichtige Information!.txt
2013-08-28 13:01 - 2012-03-08 12:00 - 00000000 ____D C:\Users\Hiden\Downloads\deski
2013-08-28 12:05 - 2013-08-28 12:05 - 06701308 _____ C:\Users\Hiden\Downloads\PrinothSchneefraese600.zip
2013-08-28 12:03 - 2013-08-28 12:03 - 06026202 _____ C:\Users\Hiden\Downloads\MB1520_for_SRS2012.zip
2013-08-28 11:53 - 2013-08-28 11:53 - 00321822 _____ C:\Users\Hiden\Downloads\Jd_Tow_Frame.zip
2013-08-28 11:52 - 2013-08-28 11:52 - 11830262 _____ C:\Users\Hiden\Downloads\Schneekanonenpack_Installer.exe
2013-08-28 11:49 - 2013-08-28 11:50 - 15865848 _____ C:\Users\Hiden\Downloads\Entpacken.zip
2013-08-28 11:48 - 2013-08-28 11:48 - 10216483 _____ C:\Users\Hiden\Downloads\Fendt_209_S.zip
2013-08-28 11:45 - 2013-08-28 11:45 - 19309119 _____ C:\Users\Hiden\Downloads\Xerion_Pack.rar
2013-08-28 11:44 - 2013-08-28 11:44 - 02972305 _____ C:\Users\Hiden\Downloads\Alfamodding_Ski_Addon.zip
2013-08-28 10:57 - 2013-08-28 10:57 - 00002948 _____ C:\Users\Hiden\Downloads\50e3b8d8af67beb9b30cb3272123eac5.dlc
2013-08-28 10:44 - 2013-08-28 10:44 - 10667567 _____ C:\Users\Hiden\Downloads\Fendt_209_S.exe
2013-08-28 10:44 - 2013-08-28 10:44 - 02350778 _____ C:\Users\Hiden\Downloads\PrinothBeast.exe
2013-08-28 08:39 - 2013-08-28 08:45 - 107605806 _____ C:\Users\Hiden\Downloads\AlitaFarm.zip
2013-08-28 08:39 - 2013-08-28 08:41 - 20931134 _____ C:\Users\Hiden\Downloads\NewHolland_T7_210.zip
2013-08-28 08:38 - 2013-08-28 08:47 - 184153897 _____ C:\Users\Hiden\Downloads\Drensteinfurt.zip
2013-08-28 08:38 - 2013-08-28 08:39 - 15667129 _____ C:\Users\Hiden\Downloads\FortunaFTM200_6_0.zip
2013-08-28 08:37 - 2013-08-28 08:38 - 27038761 _____ C:\Users\Hiden\Downloads\Zunhammer18500PU.zip
2013-08-28 08:37 - 2013-08-28 08:38 - 15066930 _____ C:\Users\Hiden\Downloads\JohnDeere6RPack.zip
2013-08-28 08:37 - 2013-08-28 08:37 - 00482516 _____ C:\Users\Hiden\Downloads\DustWheels.zip
2013-08-28 08:37 - 2013-08-28 08:37 - 00055856 _____ C:\Users\Hiden\Downloads\RealLights_v098.zip
2013-08-28 08:37 - 2013-08-28 08:37 - 00036427 _____ C:\Users\Hiden\Downloads\ESLimiter.zip
2013-08-28 08:36 - 2013-08-28 08:37 - 14569964 _____ C:\Users\Hiden\Downloads\JD6150RSN.zip
2013-08-28 08:36 - 2013-08-28 08:37 - 07024980 _____ C:\Users\Hiden\Downloads\KotteZubringer.zip
2013-08-28 08:36 - 2013-08-28 08:37 - 03345223 _____ C:\Users\Hiden\Downloads\KotteContainer.zip
2013-08-28 08:36 - 2013-08-28 08:37 - 00035256 _____ C:\Users\Hiden\Downloads\ZZZ_manualIgnition.zip
2013-08-27 21:07 - 2013-08-27 21:07 - 01566289 _____ C:\Users\Hiden\Downloads\Single_Axle_UBT_v2_by_xiukaz_UNPACK.zip
2013-08-27 18:18 - 2013-08-27 18:19 - 01839939 _____ C:\Users\Hiden\Downloads\LegoTracBySYM.zip
2013-08-27 18:17 - 2013-08-27 18:17 - 02861884 _____ C:\Users\Hiden\Downloads\Contest2013_FlieglTDK200.zip
2013-08-27 18:16 - 2013-08-27 18:17 - 11308886 _____ C:\Users\Hiden\Downloads\NewHolland_378.zip
2013-08-27 18:16 - 2013-08-27 18:16 - 01790638 _____ C:\Users\Hiden\Downloads\Kran_Halle.zip
2013-08-26 09:51 - 2013-08-26 10:00 - 27514869 _____ C:\Users\Hiden\Downloads\RopaEuroTigerPack.zip
2013-08-26 07:15 - 2013-08-26 07:15 - 04472200 _____ C:\Users\Hiden\Downloads\HorschPronto9DC_ce.zip
2013-08-26 07:10 - 2013-08-26 07:10 - 05602237 _____ C:\Users\Hiden\Downloads\horsch.zip
2013-08-26 07:07 - 2013-08-26 07:07 - 10159758 _____ C:\Users\Hiden\Downloads\KrampeBBS650_ce.zip
2013-08-26 07:05 - 2013-08-26 08:05 - 183025975 _____ C:\Users\Hiden\Downloads\Pawikowo_Finalv2.zip
2013-08-26 07:04 - 2013-08-26 07:04 - 06614055 _____ C:\Users\Hiden\Downloads\grimmeRootster604MF.zip
2013-08-26 07:01 - 2013-08-26 07:02 - 19318364 _____ C:\Users\Hiden\Downloads\Deutz_7545_Multifrucht.zip
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Local\WebPlayer
2013-08-25 17:34 - 2013-08-25 17:41 - 19971755 _____ C:\Users\Hiden\Downloads\JaguarBE_entpacken.zip
2013-08-25 16:15 - 2013-08-25 16:15 - 00211197 _____ C:\Users\Hiden\Downloads\Claas_Conspeed.zip
2013-08-25 15:47 - 2013-08-25 15:47 - 100143688 _____ C:\Windows\SysWOW64\剠楮ᵌ¤
2013-08-25 11:08 - 2013-08-25 11:08 - 00032153 _____ C:\Users\Hiden\Downloads\ZZZ_GPS.zip
2013-08-23 16:28 - 2013-08-23 16:28 - 02492035 _____ C:\Users\Hiden\Downloads\Kotte_FRP_145.exe
2013-08-23 16:25 - 2013-08-23 16:25 - 07148837 _____ C:\Users\Hiden\Downloads\TRAIL_Rolland_20_30.zip
2013-08-23 15:13 - 2013-08-23 15:13 - 10347909 _____ C:\Users\Hiden\Downloads\BF3_Update_05March2013.rar
2013-08-23 14:58 - 2013-08-23 15:46 - 901523129 _____ C:\Users\Hiden\Downloads\Battlefield3_EN.rar
2013-08-23 14:57 - 2013-08-23 15:39 - 639594154 _____ C:\Users\Hiden\Downloads\Battlefield3_DE.rar
2013-08-23 11:27 - 2013-08-23 11:27 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\EvolutionClips
2013-08-23 10:57 - 2013-08-23 10:57 - 00822784 _____ C:\Users\Hiden\Downloads\BF3 Auto Language Changer.exe
2013-08-23 10:57 - 2013-08-23 10:57 - 00822784 _____ C:\Users\Hiden\Downloads\BF3 Auto Language Changer (1).exe
2013-08-23 07:34 - 2013-08-23 19:34 - 99979851 _____ C:\Windows\SysWOW64\硳ᵌ
2013-08-22 17:40 - 2013-08-22 17:47 - 00000000 ____D C:\Users\Hiden\Documents\Battlefield 3
2013-08-22 17:06 - 2013-08-23 16:01 - 00000000 ____D C:\Program Files (x86)\Battlefield 3
2013-08-22 13:14 - 2013-09-04 14:20 - 00002372 _____ C:\Users\Hiden\Desktop\Google Chrome.lnk
2013-08-22 13:14 - 2013-08-22 13:14 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-08-22 11:23 - 2013-08-22 11:23 - 03053757 _____ C:\Users\Hiden\Downloads\concreteSawSampleDevice.exe
2013-08-22 11:22 - 2013-08-22 11:25 - 35519412 _____ C:\Users\Hiden\Downloads\EntpackeMich.zip
2013-08-22 11:22 - 2013-08-22 11:24 - 21483593 _____ C:\Users\Hiden\Downloads\EntpackeMICH_DC_Mission02.rar
2013-08-22 09:29 - 2013-08-22 16:20 - 1495924736 ____R C:\Users\Hiden\Downloads\BF3.iso
2013-08-22 09:10 - 2013-08-22 09:11 - 23196597 _____ C:\Users\Hiden\Downloads\Battlefield 3 Multiplayer.zip
2013-08-22 09:09 - 2013-08-22 09:14 - 156995087 _____ C:\Users\Hiden\Downloads\battlefield 3 game.zip
2013-08-22 09:09 - 2013-08-22 09:11 - 00000000 ____D C:\Users\Hiden\Downloads\Battlefield 3 [PC ~ MULTI10][RELOADED]
2013-08-22 09:06 - 2013-08-22 09:06 - 00046430 _____ C:\Users\Hiden\Downloads\Battlefield3@www.torrent.to.torrent
2013-08-22 09:04 - 2013-08-22 09:05 - 00000000 ____D C:\Users\Hiden\Downloads\uTorrent Ultra Accelerator v2.6.0[Asterus]
2013-08-22 09:04 - 2013-08-22 09:04 - 00001783 _____ C:\Users\Hiden\Downloads\uTorrentUltraAcceleratorv2.6.0Asterus@www.torrent.to (1).torrent
2013-08-22 09:02 - 2013-08-22 09:03 - 01040720 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\uTorrent331_30017 (4).exe
2013-08-22 09:02 - 2013-08-22 09:02 - 00001783 _____ C:\Users\Hiden\Downloads\uTorrentUltraAcceleratorv2.6.0Asterus@www.torrent.to.torrent
2013-08-21 12:43 - 2013-08-21 12:46 - 00000000 ____D C:\Program Files (x86)\Black Ops 2
2013-08-21 11:38 - 2013-08-21 11:38 - 01040720 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\uTorrent331_30017 (3).exe
2013-08-21 11:38 - 2013-08-21 11:38 - 01040720 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\uTorrent331_30017 (2).exe
2013-08-21 10:39 - 2013-08-21 11:58 - 00000000 ____D C:\Users\Hiden\Downloads\Battlefield.3-RELOADED
2013-08-21 10:38 - 2013-08-21 10:38 - 01040720 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\uTorrent331_30017 (1).exe
2013-08-21 10:37 - 2013-08-21 10:37 - 01040720 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\uTorrent331_30017.exe
2013-08-21 10:34 - 2013-08-21 10:35 - 08166239 _____ C:\Users\Hiden\Downloads\bf3.rar
2013-08-20 16:26 - 2013-08-20 16:26 - 00000000 ____D C:\Program Files (x86)\PowerISO
2013-08-20 16:26 - 2013-07-22 04:19 - 00126872 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2013-08-20 14:09 - 2013-08-20 14:49 - 1096558289 _____ C:\Users\Hiden\Downloads\Demolition Company.rar
2013-08-20 14:06 - 2013-08-20 14:06 - 01130576 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\utorrent.exe
2013-08-20 13:47 - 2013-08-20 13:47 - 00157234 _____ C:\Users\Hiden\Downloads\RouterReconnect_1.3.zip
2013-08-20 13:47 - 2013-08-20 13:47 - 00000000 ____D C:\Users\Hiden\Downloads\RouterReconnect_1.3
2013-08-20 13:41 - 2013-08-20 13:41 - 00001924 _____ C:\Users\Hiden\Downloads\Demolition.Company.Der.Abbruch.Simulator.GERMAN-1C-a98a33lxx1cl (1).dlc
2013-08-20 13:39 - 2013-08-20 13:39 - 00001924 _____ C:\Users\Hiden\Downloads\Demolition.Company.Der.Abbruch.Simulator.GERMAN-1C-a98a33lxx1cl.dlc
2013-08-20 13:26 - 2013-08-29 13:16 - 00000000 ____D C:\Users\Hiden\AppData\Local\Captcha_Brotherhood
2013-08-20 13:26 - 2013-08-20 13:26 - 00000000 ____D C:\Program Files (x86)\Brotherhood Software
2013-08-20 13:06 - 2013-08-20 13:39 - 00002096 _____ C:\Users\Hiden\Downloads\Demolition.Company.Der.Abbruch.Simulator.GERMAN-1C-shu933la56p0.dlc
2013-08-19 20:02 - 2013-09-04 14:31 - 00178176 ___SH C:\Users\Hiden\Desktop\Thumbs.db
2013-08-16 18:44 - 2013-08-16 18:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Disney Interactive Studios
2013-08-16 18:34 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-08-16 18:33 - 2013-09-02 08:17 - 00000109 _____ C:\Windows\disney.ini
2013-08-15 18:42 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 18:42 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 18:42 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 18:42 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 18:42 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 18:42 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 18:42 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 18:42 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 18:42 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 18:42 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 18:42 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 18:42 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 11:15 - 2013-08-15 11:16 - 00000000 ____D C:\Program Files (x86)\Canon
2013-08-15 11:15 - 2013-08-15 11:15 - 00000000 ____D C:\ProgramData\ZoomBrowser
2013-08-15 11:07 - 2013-08-15 11:08 - 00000000 ____D C:\Users\Hiden\AppData\Local\{896DF8D3-46B1-418C-8474-84A9741BDB2A}
2013-08-15 09:56 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 09:56 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 09:56 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 09:56 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 09:56 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 09:56 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 09:56 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 09:56 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 09:50 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 09:50 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 09:50 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 09:50 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 09:50 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 09:50 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 09:50 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 09:50 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 09:50 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 09:50 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 09:50 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 09:50 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 09:50 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 09:50 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 09:50 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 09:50 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 09:50 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 09:49 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 09:49 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 19:37 - 2013-08-13 19:37 - 00000000 ___HD C:\Windows\PIF
2013-08-12 12:50 - 2013-08-12 12:50 - 00000000 ____D C:\Program Files (x86)\Dokan
2013-08-07 20:30 - 2013-08-07 20:30 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-08-07 12:21 - 2013-08-07 12:21 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2013-08-07 12:21 - 2008-08-28 12:44 - 00025600 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys
2013-08-05 10:09 - 2013-08-05 10:09 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\AUTOSICH

==================== One Month Modified Files and Folders =======

2013-09-04 16:55 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-04 16:55 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-04 16:54 - 2013-09-04 16:39 - 00000000 ____D C:\Users\Hiden\Desktop\share
2013-09-04 16:51 - 2012-12-06 17:24 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Skype
2013-09-04 16:40 - 2012-12-05 17:57 - 01699142 _____ C:\Windows\WindowsUpdate.log
2013-09-04 16:39 - 2013-07-09 17:32 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-09-04 16:38 - 2012-12-24 22:35 - 00000000 ____D C:\Users\Hiden\Desktop\Programme
2013-09-04 16:37 - 2013-09-04 11:42 - 00000334 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-09-04 16:36 - 2012-12-06 09:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-04 16:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-04 16:36 - 2009-07-14 06:51 - 00111197 _____ C:\Windows\setupact.log
2013-09-04 16:35 - 2010-11-21 05:47 - 00724964 _____ C:\Windows\PFRO.log
2013-09-04 16:31 - 2013-09-04 12:23 - 00000000 ____D C:\_tools
2013-09-04 16:29 - 2013-04-08 15:27 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-09-04 16:25 - 2013-09-04 16:25 - 02134420 _____ C:\Users\Hiden\Downloads\RogueKiller_8.6.9.zip
2013-09-04 16:01 - 2012-12-22 09:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-04 15:10 - 2013-07-21 21:07 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Audacity
2013-09-04 14:31 - 2013-08-19 20:02 - 00178176 ___SH C:\Users\Hiden\Desktop\Thumbs.db
2013-09-04 14:28 - 2013-09-04 14:26 - 114436733 _____ C:\Users\Hiden\Desktop\Christina Perri - A Thousand Years [Official Music Video].mp4
2013-09-04 14:20 - 2013-08-22 13:14 - 00002372 _____ C:\Users\Hiden\Desktop\Google Chrome.lnk
2013-09-04 14:19 - 2012-12-05 18:10 - 00001427 _____ C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-04 13:54 - 2012-12-06 17:29 - 00000000 ____D C:\Users\Hiden\AppData\Local\CrashDumps
2013-09-04 13:41 - 2013-07-09 17:27 - 00000000 ____D C:\ProgramData\eSafe
2013-09-04 13:40 - 2013-07-09 17:32 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Omiga Plus
2013-09-04 13:40 - 2013-06-19 16:24 - 00000000 ____D C:\Program Files (x86)\AutoLyrics
2013-09-04 13:40 - 2013-06-02 08:11 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-04 13:26 - 2013-07-23 08:44 - 00000000 ____D C:\Program Files (x86)\SafeSaver
2013-09-04 13:20 - 2013-06-05 17:56 - 00108032 ___SH C:\Users\Hiden\Thumbs.db
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-04 12:40 - 2012-12-06 16:33 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\NVIDIA
2013-09-04 12:38 - 2013-09-04 11:42 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-09-04 12:36 - 2013-09-04 12:36 - 00262144 _____ C:\Windows\system32\config\default.gu
2013-09-04 12:36 - 2013-09-04 12:36 - 00028672 _____ C:\Windows\system32\config\software.gu
2013-09-04 12:36 - 2012-12-05 18:05 - 00000000 ____D C:\Users\Hiden
2013-09-04 12:36 - 2009-07-14 04:34 - 71303168 _____ C:\Windows\system32\config\software.gu.bak
2013-09-04 12:36 - 2009-07-14 04:34 - 20447232 _____ C:\Windows\system32\config\system.gu.bak
2013-09-04 12:36 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.gu.bak
2013-09-04 12:35 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.gu.bak
2013-09-04 11:51 - 2012-12-24 20:47 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
2013-09-04 11:51 - 2012-12-20 15:22 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
2013-09-04 11:51 - 2012-12-07 14:49 - 00000000 ___RD C:\Users\Hiden\Desktop\Spiele
2013-09-04 11:48 - 2013-09-04 11:48 - 00000000 ____D C:\ProgramData\GlarySoft
2013-09-04 11:42 - 2013-09-04 11:42 - 00002630 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-09-04 11:42 - 2013-09-04 11:42 - 00001086 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-09-04 11:42 - 2013-09-04 11:42 - 00000075 _____ C:\DiskDefrag.log
2013-09-04 11:42 - 2013-09-04 11:42 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\GlarySoft
2013-09-04 11:41 - 2013-09-04 11:41 - 16243768 _____ C:\Users\Hiden\Downloads\gu3setup.exe
2013-09-04 11:39 - 2013-09-04 11:39 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\IObit
2013-09-04 11:28 - 2013-08-28 15:03 - 00000000 ____D C:\hw64_422
2013-09-04 11:27 - 2013-09-04 11:27 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-04 11:27 - 2012-12-06 09:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-04 11:26 - 2012-12-06 09:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-04 11:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2013-09-04 11:25 - 2012-12-06 09:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-09-04 11:16 - 2013-09-04 11:16 - 02453054 _____ C:\Users\Hiden\Downloads\hw64_422.zip
2013-09-04 11:09 - 2013-03-25 14:59 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 10:59 - 2013-09-01 08:34 - 00000000 ____D C:\Windows\Minidump
2013-09-04 08:53 - 2013-09-04 08:52 - 00718115 ____N C:\Windows\Minidump\090413-26676-01.dmp
2013-09-04 08:39 - 2012-12-06 09:55 - 00086552 _____ C:\Users\Hiden\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-04 08:28 - 2009-07-14 06:45 - 00343656 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-04 08:26 - 2013-04-22 15:30 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2013-09-04 08:21 - 2013-02-28 19:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-04 08:20 - 2013-06-20 15:26 - 00000600 _____ C:\Windows\Rtcw.INI
2013-09-04 08:20 - 2012-12-06 16:33 - 00000000 ____D C:\Users\Hiden\Documents\my games
2013-09-04 08:19 - 2013-07-09 17:19 - 00000000 ____D C:\Program Files (x86)\Cube World
2013-09-04 08:19 - 2013-02-17 11:08 - 00000000 ____D C:\Users\Hiden\Documents\Euro Truck Simulator 2
2013-09-04 07:54 - 2013-09-04 07:54 - 95812354 _____ C:\Windows\SysWOW64\ທ쇓ᵌ'
2013-09-03 22:12 - 2013-01-27 13:41 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\TS3Client
2013-09-03 13:36 - 2013-09-03 13:30 - 19740030 _____ C:\Users\Hiden\Downloads\Fendt_312TMS_Red_BTS_V2.zip
2013-09-03 08:15 - 2013-09-03 08:15 - 95452537 _____ C:\Windows\SysWOW64\峌雠ᵌH
2013-09-02 17:35 - 2013-09-02 17:35 - 00018465 _____ C:\Users\Hiden\Downloads\ZZZ_fastForward.zip
2013-09-02 17:01 - 2012-12-06 21:15 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\.minecraft
2013-09-02 15:24 - 2013-09-02 15:24 - 12770646 _____ C:\Users\Hiden\Downloads\xvm-4.1.1.zip
2013-09-02 11:09 - 2013-09-04 12:35 - 00024352 _____ C:\Windows\system32\RegBootDefrag.exe
2013-09-02 11:09 - 2013-09-04 11:42 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-09-02 08:17 - 2013-08-16 18:33 - 00000109 _____ C:\Windows\disney.ini
2013-09-02 08:02 - 2013-09-02 08:02 - 95199985 _____ C:\Windows\SysWOW64\誤軍ᵌ’
2013-09-01 08:38 - 2013-09-01 08:38 - 95128664 _____ C:\Windows\SysWOW64\豹冮ᵌ—
2013-08-31 18:47 - 2013-08-31 18:47 - 00706105 ____N C:\Windows\Minidump\090113-28423-01.dmp
2013-08-31 16:38 - 2013-08-31 10:38 - 95115989 _____ C:\Windows\SysWOW64\塛ᵌ…
2013-08-30 20:24 - 2013-08-30 20:19 - 174242488 _____ C:\Users\Hiden\Downloads\DonsMapV1.zip
2013-08-30 20:21 - 2013-08-30 20:21 - 01358962 _____ C:\Users\Hiden\Downloads\Bierkarre.zip
2013-08-30 20:21 - 2013-08-30 20:20 - 11326313 _____ C:\Users\Hiden\Downloads\LizardBully275HP.zip
2013-08-30 19:38 - 2013-08-30 19:38 - 94985858 _____ C:\Windows\SysWOW64\쟁䡾ᵌ–
2013-08-30 19:13 - 2013-08-30 19:12 - 17423012 _____ C:\Users\Hiden\Downloads\UniversalBaleTrailer_v3_OPEN_ME.rar
2013-08-30 14:24 - 2013-08-30 14:24 - 03808017 _____ C:\Users\Hiden\Downloads\WelgerAP.zip
2013-08-30 14:07 - 2013-08-30 14:06 - 03760642 _____ C:\Users\Hiden\Downloads\SipmaZ224.zip
2013-08-30 14:04 - 2013-08-30 13:57 - 221791348 _____ C:\Users\Hiden\Downloads\entpack mich.rar
2013-08-30 14:03 - 2013-08-30 14:02 - 30501886 _____ C:\Users\Hiden\Downloads\Ballengitterwagen_Pack_entpacken.rar
2013-08-30 13:39 - 2013-08-30 13:39 - 94829123 _____ C:\Windows\SysWOW64\합ﬠᵌ™
2013-08-29 20:41 - 2013-08-29 20:41 - 94663095 _____ C:\Windows\SysWOW64\ꩠ䥦ᵌ
2013-08-29 19:14 - 2013-08-29 19:06 - 163566314 _____ C:\Users\Hiden\Downloads\Ahlen_Map.zip
2013-08-29 19:12 - 2013-08-29 19:08 - 69599016 _____ C:\Users\Hiden\Downloads\GIANTSContest2013_Belgique_Profonde_2_LuxFarm_Ls.zip
2013-08-29 18:37 - 2013-08-29 18:34 - 94159810 _____ C:\Users\Hiden\Downloads\hackselLandV1.zip
2013-08-29 14:41 - 2013-08-29 14:41 - 94605346 _____ C:\Windows\SysWOW64\浇榏ᵌD
2013-08-29 13:17 - 2013-01-27 13:41 - 00000000 ____D C:\Users\Hiden\AppData\Local\TeamSpeak 3 Client
2013-08-29 13:16 - 2013-08-20 13:26 - 00000000 ____D C:\Users\Hiden\AppData\Local\Captcha_Brotherhood
2013-08-29 13:14 - 2013-08-29 13:14 - 00010992 _____ C:\Users\Hiden\Downloads\aaaf56b5caa5132724beb5aa9aa22998.dlc
2013-08-29 10:39 - 2013-08-29 10:38 - 03503441 _____ C:\Users\Hiden\Downloads\Piper Bergwacht Download.zip
2013-08-29 08:41 - 2013-08-29 08:41 - 101142192 _____ C:\Windows\SysWOW64\㚣㦶ᵌ¨
2013-08-28 17:38 - 2013-08-28 17:38 - 00111602 _____ C:\Users\Hiden\Downloads\SrsMoney.zip
2013-08-28 15:43 - 2013-03-31 20:04 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-08-28 15:01 - 2013-08-28 15:01 - 00000000 ____D C:\cpu-z-166
2013-08-28 15:01 - 2013-08-28 15:00 - 01981816 _____ C:\Users\Hiden\Downloads\cpu-z-166.zip
2013-08-28 13:13 - 2013-08-28 13:13 - 00000000 ____D C:\ProgramData\SummerSoft
2013-08-28 13:13 - 2012-12-20 15:27 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-28 13:11 - 2013-08-28 13:11 - 00002119 _____ C:\Users\Hiden\Downloads\[isoHunt] SKI REGION SIMULATOR 2012-FIGHTCLUB CRACK 2012.rar.torrent
2013-08-28 12:05 - 2013-08-28 12:05 - 06701308 _____ C:\Users\Hiden\Downloads\PrinothSchneefraese600.zip
2013-08-28 12:03 - 2013-08-28 12:03 - 06026202 _____ C:\Users\Hiden\Downloads\MB1520_for_SRS2012.zip
2013-08-28 11:53 - 2013-08-28 11:53 - 00321822 _____ C:\Users\Hiden\Downloads\Jd_Tow_Frame.zip
2013-08-28 11:52 - 2013-08-28 11:52 - 11830262 _____ C:\Users\Hiden\Downloads\Schneekanonenpack_Installer.exe
2013-08-28 11:50 - 2013-08-28 11:49 - 15865848 _____ C:\Users\Hiden\Downloads\Entpacken.zip
2013-08-28 11:48 - 2013-08-28 11:48 - 10216483 _____ C:\Users\Hiden\Downloads\Fendt_209_S.zip
2013-08-28 11:45 - 2013-08-28 11:45 - 19309119 _____ C:\Users\Hiden\Downloads\Xerion_Pack.rar
2013-08-28 11:44 - 2013-08-28 11:44 - 02972305 _____ C:\Users\Hiden\Downloads\Alfamodding_Ski_Addon.zip
2013-08-28 11:21 - 2013-05-19 10:52 - 00000000 ____D C:\Users\Hiden\AppData\Local\Akamai
2013-08-28 11:21 - 2013-03-21 21:02 - 00000000 ____D C:\Program Files (x86)\Clownfish
2013-08-28 11:21 - 2013-01-27 13:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\ts3overlay
2013-08-28 11:21 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-28 11:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-08-28 10:57 - 2013-08-28 10:57 - 00002948 _____ C:\Users\Hiden\Downloads\50e3b8d8af67beb9b30cb3272123eac5.dlc
2013-08-28 10:44 - 2013-08-28 10:44 - 10667567 _____ C:\Users\Hiden\Downloads\Fendt_209_S.exe
2013-08-28 10:44 - 2013-08-28 10:44 - 02350778 _____ C:\Users\Hiden\Downloads\PrinothBeast.exe
2013-08-28 10:28 - 2011-02-11 16:47 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-08-28 10:28 - 2011-02-11 16:47 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-08-28 10:28 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-28 08:47 - 2013-08-28 08:38 - 184153897 _____ C:\Users\Hiden\Downloads\Drensteinfurt.zip
2013-08-28 08:45 - 2013-08-28 08:39 - 107605806 _____ C:\Users\Hiden\Downloads\AlitaFarm.zip
2013-08-28 08:41 - 2013-08-28 08:39 - 20931134 _____ C:\Users\Hiden\Downloads\NewHolland_T7_210.zip
2013-08-28 08:39 - 2013-08-28 08:38 - 15667129 _____ C:\Users\Hiden\Downloads\FortunaFTM200_6_0.zip
2013-08-28 08:38 - 2013-08-28 08:37 - 27038761 _____ C:\Users\Hiden\Downloads\Zunhammer18500PU.zip
2013-08-28 08:38 - 2013-08-28 08:37 - 15066930 _____ C:\Users\Hiden\Downloads\JohnDeere6RPack.zip
2013-08-28 08:37 - 2013-08-28 08:37 - 00482516 _____ C:\Users\Hiden\Downloads\DustWheels.zip
2013-08-28 08:37 - 2013-08-28 08:37 - 00055856 _____ C:\Users\Hiden\Downloads\RealLights_v098.zip
2013-08-28 08:37 - 2013-08-28 08:37 - 00036427 _____ C:\Users\Hiden\Downloads\ESLimiter.zip
2013-08-28 08:37 - 2013-08-28 08:36 - 14569964 _____ C:\Users\Hiden\Downloads\JD6150RSN.zip
2013-08-28 08:37 - 2013-08-28 08:36 - 07024980 _____ C:\Users\Hiden\Downloads\KotteZubringer.zip
2013-08-28 08:37 - 2013-08-28 08:36 - 03345223 _____ C:\Users\Hiden\Downloads\KotteContainer.zip
2013-08-28 08:37 - 2013-08-28 08:36 - 00035256 _____ C:\Users\Hiden\Downloads\ZZZ_manualIgnition.zip
2013-08-27 21:07 - 2013-08-27 21:07 - 01566289 _____ C:\Users\Hiden\Downloads\Single_Axle_UBT_v2_by_xiukaz_UNPACK.zip
2013-08-27 18:19 - 2013-08-27 18:18 - 01839939 _____ C:\Users\Hiden\Downloads\LegoTracBySYM.zip
2013-08-27 18:17 - 2013-08-27 18:17 - 02861884 _____ C:\Users\Hiden\Downloads\Contest2013_FlieglTDK200.zip
2013-08-27 18:17 - 2013-08-27 18:16 - 11308886 _____ C:\Users\Hiden\Downloads\NewHolland_378.zip
2013-08-27 18:16 - 2013-08-27 18:16 - 01790638 _____ C:\Users\Hiden\Downloads\Kran_Halle.zip
2013-08-26 10:00 - 2013-08-26 09:51 - 27514869 _____ C:\Users\Hiden\Downloads\RopaEuroTigerPack.zip
2013-08-26 08:05 - 2013-08-26 07:05 - 183025975 _____ C:\Users\Hiden\Downloads\Pawikowo_Finalv2.zip
2013-08-26 07:15 - 2013-08-26 07:15 - 04472200 _____ C:\Users\Hiden\Downloads\HorschPronto9DC_ce.zip
2013-08-26 07:10 - 2013-08-26 07:10 - 05602237 _____ C:\Users\Hiden\Downloads\horsch.zip
2013-08-26 07:07 - 2013-08-26 07:07 - 10159758 _____ C:\Users\Hiden\Downloads\KrampeBBS650_ce.zip
2013-08-26 07:04 - 2013-08-26 07:04 - 06614055 _____ C:\Users\Hiden\Downloads\grimmeRootster604MF.zip
2013-08-26 07:02 - 2013-08-26 07:01 - 19318364 _____ C:\Users\Hiden\Downloads\Deutz_7545_Multifrucht.zip
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Local\WebPlayer
2013-08-25 17:41 - 2013-08-25 17:34 - 19971755 _____ C:\Users\Hiden\Downloads\JaguarBE_entpacken.zip
2013-08-25 16:15 - 2013-08-25 16:15 - 00211197 _____ C:\Users\Hiden\Downloads\Claas_Conspeed.zip
2013-08-25 15:47 - 2013-08-25 15:47 - 100143688 _____ C:\Windows\SysWOW64\剠楮ᵌ¤
2013-08-25 11:08 - 2013-08-25 11:08 - 00032153 _____ C:\Users\Hiden\Downloads\ZZZ_GPS.zip
2013-08-23 19:34 - 2013-08-23 07:34 - 99979851 _____ C:\Windows\SysWOW64\硳ᵌ
2013-08-23 16:28 - 2013-08-23 16:28 - 02492035 _____ C:\Users\Hiden\Downloads\Kotte_FRP_145.exe
2013-08-23 16:25 - 2013-08-23 16:25 - 07148837 _____ C:\Users\Hiden\Downloads\TRAIL_Rolland_20_30.zip
2013-08-23 16:09 - 2013-06-03 21:08 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-08-23 16:01 - 2013-08-22 17:06 - 00000000 ____D C:\Program Files (x86)\Battlefield 3
2013-08-23 15:46 - 2013-08-23 14:58 - 901523129 _____ C:\Users\Hiden\Downloads\Battlefield3_EN.rar
2013-08-23 15:39 - 2013-08-23 14:57 - 639594154 _____ C:\Users\Hiden\Downloads\Battlefield3_DE.rar
2013-08-23 15:21 - 2013-04-22 15:28 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-08-23 15:13 - 2013-08-23 15:13 - 10347909 _____ C:\Users\Hiden\Downloads\BF3_Update_05March2013.rar
2013-08-23 15:11 - 2012-12-25 11:58 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\uTorrent
2013-08-23 11:27 - 2013-08-23 11:27 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\EvolutionClips
2013-08-23 10:57 - 2013-08-23 10:57 - 00822784 _____ C:\Users\Hiden\Downloads\BF3 Auto Language Changer.exe
2013-08-23 10:57 - 2013-08-23 10:57 - 00822784 _____ C:\Users\Hiden\Downloads\BF3 Auto Language Changer (1).exe
2013-08-22 17:47 - 2013-08-22 17:40 - 00000000 ____D C:\Users\Hiden\Documents\Battlefield 3
2013-08-22 17:39 - 2013-03-09 17:02 - 00000000 ____D C:\Users\Hiden\AppData\Local\Unity
2013-08-22 17:38 - 2013-06-03 21:08 - 00000000 ____D C:\ProgramData\Origin
2013-08-22 16:20 - 2013-08-22 09:29 - 1495924736 ____R C:\Users\Hiden\Downloads\BF3.iso
2013-08-22 13:14 - 2013-08-22 13:14 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-08-22 13:14 - 2012-12-05 18:07 - 00000000 ____D C:\Users\Hiden\AppData\Local\Google
2013-08-22 13:12 - 2012-12-05 18:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-22 11:25 - 2013-08-22 11:22 - 35519412 _____ C:\Users\Hiden\Downloads\EntpackeMich.zip
2013-08-22 11:24 - 2013-08-22 11:22 - 21483593 _____ C:\Users\Hiden\Downloads\EntpackeMICH_DC_Mission02.rar
2013-08-22 11:23 - 2013-08-22 11:23 - 03053757 _____ C:\Users\Hiden\Downloads\concreteSawSampleDevice.exe
2013-08-22 09:14 - 2013-08-22 09:09 - 156995087 _____ C:\Users\Hiden\Downloads\battlefield 3 game.zip
2013-08-22 09:11 - 2013-08-22 09:10 - 23196597 _____ C:\Users\Hiden\Downloads\Battlefield 3 Multiplayer.zip
2013-08-22 09:11 - 2013-08-22 09:09 - 00000000 ____D C:\Users\Hiden\Downloads\Battlefield 3 [PC ~ MULTI10][RELOADED]
2013-08-22 09:06 - 2013-08-22 09:06 - 00046430 _____ C:\Users\Hiden\Downloads\Battlefield3@www.torrent.to.torrent
2013-08-22 09:05 - 2013-08-22 09:04 - 00000000 ____D C:\Users\Hiden\Downloads\uTorrent Ultra Accelerator v2.6.0[Asterus]
2013-08-22 09:04 - 2013-08-22 09:04 - 00001783 _____ C:\Users\Hiden\Downloads\uTorrentUltraAcceleratorv2.6.0Asterus@www.torrent.to (1).torrent
2013-08-22 09:03 - 2013-08-22 09:02 - 01040720 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\uTorrent331_30017 (4).exe
2013-08-22 09:02 - 2013-08-22 09:02 - 00001783 _____ C:\Users\Hiden\Downloads\uTorrentUltraAcceleratorv2.6.0Asterus@www.torrent.to.torrent
2013-08-21 12:46 - 2013-08-21 12:43 - 00000000 ____D C:\Program Files (x86)\Black Ops 2
2013-08-21 11:58 - 2013-08-21 10:39 - 00000000 ____D C:\Users\Hiden\Downloads\Battlefield.3-RELOADED
2013-08-21 11:38 - 2013-08-21 11:38 - 01040720 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\uTorrent331_30017 (3).exe
2013-08-21 11:38 - 2013-08-21 11:38 - 01040720 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\uTorrent331_30017 (2).exe
2013-08-21 10:38 - 2013-08-21 10:38 - 01040720 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\uTorrent331_30017 (1).exe
2013-08-21 10:37 - 2013-08-21 10:37 - 01040720 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\uTorrent331_30017.exe
2013-08-21 10:35 - 2013-08-21 10:34 - 08166239 _____ C:\Users\Hiden\Downloads\bf3.rar
2013-08-20 20:32 - 2012-12-22 09:13 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 20:32 - 2012-12-06 17:01 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 20:32 - 2012-12-06 17:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 16:26 - 2013-08-20 16:26 - 00000000 ____D C:\Program Files (x86)\PowerISO
2013-08-20 15:33 - 2013-09-04 11:10 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-08-20 15:32 - 2013-09-04 11:10 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-08-20 15:32 - 2013-09-04 11:10 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-08-20 14:49 - 2013-08-20 14:09 - 1096558289 _____ C:\Users\Hiden\Downloads\Demolition Company.rar
2013-08-20 14:06 - 2013-08-20 14:06 - 01130576 _____ (BitTorrent Inc.) C:\Users\Hiden\Downloads\utorrent.exe
2013-08-20 13:47 - 2013-08-20 13:47 - 00157234 _____ C:\Users\Hiden\Downloads\RouterReconnect_1.3.zip
2013-08-20 13:47 - 2013-08-20 13:47 - 00000000 ____D C:\Users\Hiden\Downloads\RouterReconnect_1.3
2013-08-20 13:41 - 2013-08-20 13:41 - 00001924 _____ C:\Users\Hiden\Downloads\Demolition.Company.Der.Abbruch.Simulator.GERMAN-1C-a98a33lxx1cl (1).dlc
2013-08-20 13:39 - 2013-08-20 13:39 - 00001924 _____ C:\Users\Hiden\Downloads\Demolition.Company.Der.Abbruch.Simulator.GERMAN-1C-a98a33lxx1cl.dlc
2013-08-20 13:39 - 2013-08-20 13:06 - 00002096 _____ C:\Users\Hiden\Downloads\Demolition.Company.Der.Abbruch.Simulator.GERMAN-1C-shu933la56p0.dlc
2013-08-20 13:26 - 2013-08-20 13:26 - 00000000 ____D C:\Program Files (x86)\Brotherhood Software
2013-08-20 10:48 - 2013-05-07 14:15 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-20 10:48 - 2013-03-25 14:59 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-17 10:49 - 2012-12-05 18:01 - 00218987 _____ C:\Windows\DirectX.log
2013-08-16 18:44 - 2013-08-16 18:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Disney Interactive Studios
2013-08-16 15:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 18:38 - 2013-07-13 13:17 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 18:37 - 2012-12-06 10:43 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 11:20 - 2013-02-26 21:16 - 00037531 ____H C:\Users\Hiden\Desktop\ZbThumbnail.info
2013-08-15 11:16 - 2013-08-15 11:15 - 00000000 ____D C:\Program Files (x86)\Canon
2013-08-15 11:15 - 2013-08-15 11:15 - 00000000 ____D C:\ProgramData\ZoomBrowser
2013-08-15 11:08 - 2013-08-15 11:07 - 00000000 ____D C:\Users\Hiden\AppData\Local\{896DF8D3-46B1-418C-8474-84A9741BDB2A}
2013-08-15 09:31 - 2013-06-19 16:25 - 00000000 ____D C:\Users\Hiden\Documents\bitComposer Games
2013-08-15 09:30 - 2013-04-28 12:38 - 00000000 ____D C:\Program Files (x86)\Nokia
2013-08-15 09:25 - 2013-07-24 13:22 - 00000000 ____D C:\Users\Hiden\AppData\Local\LogMeIn Hamachi
2013-08-13 19:37 - 2013-08-13 19:37 - 00000000 ___HD C:\Windows\PIF
2013-08-12 12:50 - 2013-08-12 12:50 - 00000000 ____D C:\Program Files (x86)\Dokan
2013-08-12 11:12 - 2013-04-19 21:18 - 00000000 ____D C:\ts3overlay
2013-08-11 11:21 - 2013-02-21 16:28 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-07 20:30 - 2013-08-07 20:30 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-08-07 20:30 - 2013-05-01 10:53 - 00286840 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-08-07 20:30 - 2013-05-01 10:52 - 00291210 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-08-07 12:24 - 2013-04-28 12:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\PC Suite
2013-08-07 12:23 - 2013-04-30 17:35 - 00000000 ____D C:\Users\Hiden\AppData\Local\Nokia
2013-08-07 12:21 - 2013-08-07 12:21 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2013-08-07 12:21 - 2013-04-28 12:44 - 00041042 _____ C:\Windows\DPINST.LOG
2013-08-05 10:09 - 2013-08-05 10:09 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\AUTOSICH

Files to move or delete:
====================
C:\Users\Hiden\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Hiden\AppData\Local\Temp\Tsu8F5BCA1D.dll
C:\Users\Hiden\AppData\Local\Temp\TsuE58EB0BC.dll
C:\Users\Hiden\AppData\Local\Temp\TsuEBBB588F.dll
C:\Users\Hiden\AppData\Local\Temp\uninst1.exe
C:\Users\Hiden\AppData\Local\Temp\{7E84F47D-2CCC-4A36-A8DD-64EEA567D68B}\Setup.exe
C:\Users\Hiden\AppData\Local\Temp\{7E84F47D-2CCC-4A36-A8DD-64EEA567D68B}\_Setup.dll
C:\Users\Hiden\AppData\Local\Temp\{7E84F47D-2CCC-4A36-A8DD-64EEA567D68B}\_Setupx.dll
C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Custom.dll
C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Setup.exe
C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\_Setup.dll
C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Custom.dll
C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Setup.exe
C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\_Setup.dll
C:\Users\Hiden\AppData\Local\Temp\Temp1_RogueKiller_8.6.9.zip\RogueKillerX64.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\setup.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NvVAD\nvaudcap32v.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NvVAD\nvaudcap64v.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NvVAD\nvgenco32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NvVAD\nvgenco64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\NVI2.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\NVI2UI.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\NVPrxy32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\NVPrxy64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\ReleaseHighlights.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\MS.NET\dotNetFx40_Full_setup.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\MS.NET\MSNetExt.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\detoured.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\nvFBC.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\NvGfeServiceBridge.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\nvsteamsupport.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\nvstreamer.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\nvstreamsvc.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\protobuf-net.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\rxinput.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\steam_api.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\SteamLauncher\NVIDIA.SteamLauncher.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\detoured.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\nvFBC.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\NvGfeServiceBridge.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\nvsteamsupport.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\nvstreamer.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\nvstreamsvc.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\rxinput.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\steam_api64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\avcodec-52.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\avdevice-52.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\avformat-52.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\avutil-49.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\Bifrost.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\cudart32_41_0.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\NvStreamCExt.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\nvwinstreamc.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\swscale-0.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\7z.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\DisplayCplExt.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ExtensionLoader.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GalaSoft.MvvmLight.Extras.WPF4.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GalaSoft.MvvmLight.WPF4.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GFExperience.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GFExperienceControls.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GFExperienceCore.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GFExperienceExt.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GridService.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\InstallerService.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\InstallerUIExtension.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\log4net.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\Microsoft.Practices.ServiceLocation.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\Microsoft.WindowsAPICodePack.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\Microsoft.WindowsAPICodePack.Shell.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\NVIDIA.Settings.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\NVIDIA.Settings.Properties.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\NVIDIA.UpdateService.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\NVIDIA.Win32Api.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\nvtmru.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\oaremote_plugin.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ShadowPlay.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Core.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Interfaces.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Linq.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.PlatformServices.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Providers.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Runtime.Remoting.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Windows.Threading.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Windows.Interactivity.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\zh-CHT\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\zh-CHS\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\tr-TR\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\th-TH\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\sv-SE\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\sl-SI\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\sk-SK\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ru-RU\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\pt-PT\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\pt-BR\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\pl-PL\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\nl-NL\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\nb-NO\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ko-KR\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ja-JP\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\it-IT\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\hu-HU\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\he-IL\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\fr-FR\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\fi-FI\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\es-MX\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\es-ES\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\en-US\GFExperience.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\en-US\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\en-GB\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\el-GR\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\de-DE\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\da-DK\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\cs-CZ\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ar-AE\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\ComUpdatus.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\daemonu.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\easyDaemonAPIU32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\easyDaemonAPIU64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdt32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdt64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtr32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtr64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtrXP32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtrXP64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtXP32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtXP64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\UpdateExt.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\WLMerger.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Optimus\OptimusExt.dll
C:\Users\Hiden\AppData\Local\Temp\IDC3.tmp\FP_AX_CAB_INSTALLER64.exe
C:\Users\Hiden\AppData\Local\Temp\IDC2.tmp\FP_AX_CAB_INSTALLER64.exe
C:\Users\Hiden\AppData\Local\Temp\bus6D9D\BUSolution.dll
C:\Users\Hiden\AppData\Local\Temp\bus664C\CrxUpdater_g.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 12:09

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

[/CODE]

Ich hab noch Logs vom Rogue Killer:

RKreport[0]_D_09042013_163056.txt gestern um 16:30 Uhr

Code:
RogueKiller V8.6.9 _x64_ [Sep  3 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.adlice.com/forum/
Webseite : hxxp://www.adlice.com/softwares/roguekiller/
Blog : hxxp://tigzyrk.blogspot.com/

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : Hiden [Admin Rechte]
Funktion : Entfernen -- Datum : 09/04/2013 16:30:56
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> GELÖSCHT
[RUN][SUSP PATH] HKCU\[...]\Run : VSA (C:\Users\Hiden\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe [-]) -> GELÖSCHT
[RUN][SUSP PATH] HKUS\S-1-5-21-1013355498-1814289779-388905639-1000\[...]\Run : Google Update ("C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> [0x2] Das System kann die angegebene Datei nicht finden.
[RUN][SUSP PATH] HKUS\S-1-5-21-1013355498-1814289779-388905639-1000\[...]\Run : VSA (C:\Users\Hiden\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe [-]) -> [0x2] Das System kann die angegebene Datei nicht finden.
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> ERSETZT (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ERSETZT (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ERSETZT (0)

¤¤¤ Geplante Tasks : 5 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1013355498-1814289779-388905639-1000UA.job : C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> GELÖSCHT
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1013355498-1814289779-388905639-1000Core.job : C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> GELÖSCHT
[V2][SUSP PATH] Funmoods : C:\Users\Hiden\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE - /Check [x] -> GELÖSCHT
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1013355498-1814289779-388905639-1000Core : C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> GELÖSCHT
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1013355498-1814289779-388905639-1000UA : C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> GELÖSCHT

¤¤¤ Autostart-Einträge : 0 ¤¤¤

¤¤¤ Web-Browsern : 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infektion :  ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKX-07U6AA0 +++++
--- User ---
[MBR] 059af9afa77d3237483bb4a3097bc460
[BSP] a83ce2731a2176452a249e61641756f0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 2049 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 4200448 | Size: 474888 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[0]_D_09042013_163056.txt >>
RKreport[0]_S_09042013_163022.txt
RKreport[0]_S_09042013_163022 auch um 16:30 Uhr

Code:
RogueKiller V8.6.9 _x64_ [Sep  3 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.adlice.com/forum/
Webseite : hxxp://www.adlice.com/softwares/roguekiller/
Blog : hxxp://tigzyrk.blogspot.com/

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : Hiden [Admin Rechte]
Funktion : Scannen -- Datum : 09/04/2013 16:30:22
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> GEFUNDEN
[RUN][SUSP PATH] HKCU\[...]\Run : VSA (C:\Users\Hiden\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe [-]) -> GEFUNDEN
[RUN][SUSP PATH] HKUS\S-1-5-21-1013355498-1814289779-388905639-1000\[...]\Run : Google Update ("C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> GEFUNDEN
[RUN][SUSP PATH] HKUS\S-1-5-21-1013355498-1814289779-388905639-1000\[...]\Run : VSA (C:\Users\Hiden\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe [-]) -> GEFUNDEN
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN

¤¤¤ Geplante Tasks : 5 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1013355498-1814289779-388905639-1000UA.job : C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> GEFUNDEN
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1013355498-1814289779-388905639-1000Core.job : C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> GEFUNDEN
[V2][SUSP PATH] Funmoods : C:\Users\Hiden\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE - /Check [x] -> GEFUNDEN
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1013355498-1814289779-388905639-1000Core : C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> GEFUNDEN
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1013355498-1814289779-388905639-1000UA : C:\Users\Hiden\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> GEFUNDEN

¤¤¤ Autostart-Einträge : 0 ¤¤¤

¤¤¤ Web-Browsern : 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infektion :  ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKX-07U6AA0 +++++
--- User ---
[MBR] 059af9afa77d3237483bb4a3097bc460
[BSP] a83ce2731a2176452a249e61641756f0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 2049 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 4200448 | Size: 474888 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[0]_S_09042013_163022.txt >>
RKreport[0]_S_09042013_163140 um 16:31 Uhr

Code:
RogueKiller V8.6.9 _x64_ [Sep  3 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.adlice.com/forum/
Webseite : hxxp://www.adlice.com/softwares/roguekiller/
Blog : hxxp://tigzyrk.blogspot.com/

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : Hiden [Admin Rechte]
Funktion : Scannen -- Datum : 09/04/2013 16:31:40
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 0 ¤¤¤

¤¤¤ Geplante Tasks : 0 ¤¤¤

¤¤¤ Autostart-Einträge : 0 ¤¤¤

¤¤¤ Web-Browsern : 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infektion :  ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKX-07U6AA0 +++++
--- User ---
[MBR] 059af9afa77d3237483bb4a3097bc460
[BSP] a83ce2731a2176452a249e61641756f0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 2049 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 4200448 | Size: 474888 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[0]_S_09042013_163140.txt >>
RKreport[0]_D_09042013_163056.txt;RKreport[0]_S_09042013_163022.txt
und:

RKreport[0]_PR_09042013_163224 um 16:32

Code:
RogueKiller V8.6.9 _x64_ [Sep  3 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.adlice.com/forum/
Webseite : hxxp://www.adlice.com/softwares/roguekiller/
Blog : hxxp://tigzyrk.blogspot.com/

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : Hiden [Admin Rechte]
Funktion : Reparierte Proxy-Einstellungen -- Datum : 09/04/2013 16:32:24
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 0 ¤¤¤

¤¤¤ Web-Browsern : 0 ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infektion :  ¤¤¤

Abgeschlossen : << RKreport[0]_PR_09042013_163224.txt >>
RKreport[0]_D_09042013_163056.txt;RKreport[0]_S_09042013_163022.txt;RKreport[0]_S_09042013_163140.txt
und dann hab ich nochmal Malwarebytes Anti-Malware um 13:26 Uhr

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Hiden :: HIDEN-PC [Administrator]

04.09.2013 13:12:21
mbam-log-2013-09-04 (13-12-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 58611
Laufzeit: 11 Minute(n), 45 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 3
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> 1472 -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> 2264 -> Löschen bei Neustart.
C:\Users\Hiden\AppData\Roaming\Microsoft\svhost.exe (PUP.BitCoinMiner) -> 4772 -> Löschen bei Neustart.

Infizierte Speichermodule: 1
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 14
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BrowserDefender.A) -> Bösartig: (c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll) Gut: () -> Löschen bei Neustart.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\Users\Hiden\AppData\Roaming\Microsoft\svhost.exe (PUP.BitCoinMiner) -> Löschen bei Neustart.
C:\Program Files (x86)\AutoLyrics\AutoLyricsUpdater.exe (PUP.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SafeSaver\sprotector.dll (PUP.Optional.SProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Browse2save\511fe08882b18.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.

(Ende)
Ich habe insgesamt das Malwarebytes 5 mal suchen lassen (13:26, 13:40, 15:05, 16:34 und 16:42 Uhr) aber jedesmal hieß es wird gelöscht wenn ich neu starte. Nachdem Neustart dann aber wieder in den Funden:

Beispiel von 16:34:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Hiden :: HIDEN-PC [Administrator]

04.09.2013 13:12:21
mbam-log-2013-09-04 (13-12-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 58611
Laufzeit: 11 Minute(n), 45 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 3
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> 1472 -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> 2264 -> Löschen bei Neustart.
C:\Users\Hiden\AppData\Roaming\Microsoft\svhost.exe (PUP.BitCoinMiner) -> 4772 -> Löschen bei Neustart.

Infizierte Speichermodule: 1
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 14
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BrowserDefender.A) -> Bösartig: (c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll) Gut: () -> Löschen bei Neustart.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\Users\Hiden\AppData\Roaming\Microsoft\svhost.exe (PUP.BitCoinMiner) -> Löschen bei Neustart.
C:\Program Files (x86)\AutoLyrics\AutoLyricsUpdater.exe (PUP.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\SafeSaver\sprotector.dll (PUP.Optional.SProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Browse2save\511fe08882b18.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.

(Ende)

fuxing 05.09.2013 06:49
und hier noch ein Log aus dem Avira AntiVir (ich hoffe, dass das jetzt nicht zu viel wird!!! ;-) )

Code:
Exportierte Ereignisse:

04.09.2013 15:05 [Echtzeit-Scanner] Registry blockiert
      Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Registry
      blockiert.

04.09.2013 14:14 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Hiden\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Content.IE5\P9ZOKING\yontoosetup[1].exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54a5b142.qua'
      verschoben!

04.09.2013 14:14 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Hiden\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Content.IE5\WLCDI9MQ\pvtzd_agent_setup[1].exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.8543085' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54dbbb0b.qua'
      verschoben!

04.09.2013 14:11 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Content.IE5\WLCDI9MQ\pvtzd_agent_setup[1].exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.8543085' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

04.09.2013 14:11 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Microsoft\Windows\Temporary Internet
      Files\Content.IE5\P9ZOKING\yontoosetup[1].exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

04.09.2013 13:46 [Echtzeit-Scanner] Registry blockiert
      Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Registry
      blockiert.

04.09.2013 13:26 [Echtzeit-Scanner] Registry blockiert
      Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Registry
      blockiert.

02.09.2013 08:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\instloffer.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Vittalia.AF' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

01.09.2013 15:29 [Updater] Update nicht ausgeführt
      Das Update von Computer HIDEN-PC (127.0.0.1) von
      "hxxp://perspeak.avira-update.com/update" ist fehlgeschlagen.
      Während des Herunterladens ist ein Fehler aufgetreten.
      Es wurden keine neuen Dateien geladen.

01.09.2013 12:27 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Hiden\Downloads\Crack Ski Region Simulator 2012.rar.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/InstallRex.G.1'
      [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57dd873d.qua'
      verschoben!

01.09.2013 12:14 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\Downloads\Crack Ski Region Simulator 2012.rar.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallRex.G.1' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

01.09.2013 12:11 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\instloffer.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Vittalia.AF' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

30.08.2013 14:05 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\Downloads\Crack Ski Region Simulator 2012.rar.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallRex.G.1' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

28.08.2013 10:43 [Echtzeit-Scanner] Lizenzfehler
      Lizenzfehler

28.08.2013 10:23 [Echtzeit-Scanner] Lizenzfehler
      Lizenzfehler

28.08.2013 09:52 [Echtzeit-Scanner] Autorun blockiert
      Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Datei
      'P:\autorun.inf' blockiert.

23.08.2013 14:34 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Hiden\AppData\Local\Temp\{FB21D0C7-94E3-460F-A4E4-DCC120C2F231}\Addons
      \newtab_setup.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3d53df79.qua'
      verschoben!

23.08.2013 14:34 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Hiden\AppData\Local\Temp\nsmD72D.tmp\Binary.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/StartPage.cab' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4cb4e760.qua'
      verschoben!

23.08.2013 14:34 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Hiden\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/Bunndle.B' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5423c8db.qua'
      verschoben!

23.08.2013 14:34 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Addons
      \browser_coupon_setup.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '78dff253.qua'
      verschoben!

23.08.2013 14:34 [System-Scanner] Malware gefunden
      Die Datei
      'C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Addons
      \browser_coupon_setup.exe'
      enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1ee8bd91.qua'
      verschoben!

23.08.2013 13:04 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{FB21D0C7-94E3-460F-A4E4-DCC120C2F231}\Addons
      \newtab_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

23.08.2013 13:04 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Addons
      \browser_coupon_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

23.08.2013 13:04 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Addons
      \browser_coupon_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

23.08.2013 13:04 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\nsmD72D.tmp\Binary.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/StartPage.cab' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

23.08.2013 13:04 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Bunndle.B' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

23.08.2013 13:03 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\instloffer.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Vittalia.AF' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

22.08.2013 09:03 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Bunndle.B' [adware]
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

22.08.2013 09:03 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Bunndle.B' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

21.08.2013 11:38 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Bunndle.B' [adware]
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

21.08.2013 11:38 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Bunndle.B' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

21.08.2013 10:38 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Bunndle.B' [adware]
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

21.08.2013 10:38 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Bunndle.B' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

20.08.2013 16:45 [Updater] Update nicht ausgeführt
      Das Update von Computer HIDEN-PC (127.0.0.1) von
      "hxxp://perspeak.avira-update.com/update" ist fehlgeschlagen.
      Während des Herunterladens ist ein Fehler aufgetreten.
      Es wurden keine neuen Dateien geladen.

20.08.2013 16:24 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'I:\Setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.UPKM.Gen' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

20.08.2013 16:24 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'I:\Setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.UPKM.Gen' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

20.08.2013 14:42 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{FB21D0C7-94E3-460F-A4E4-DCC120C2F231}\Addons
      \newtab_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

20.08.2013 14:42 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Addons
      \browser_coupon_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

20.08.2013 14:42 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Addons
      \browser_coupon_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

20.08.2013 14:42 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\nsmD72D.tmp\Binary.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/StartPage.cab' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

20.08.2013 14:41 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\instloffer.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Vittalia.AF' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

20.08.2013 13:39 [System-Scanner] Malware gefunden
      Die Datei
      'C:\$Recycle.Bin\S-1-5-21-1013355498-1814289779-388905639-1000\$RQ5M8R2.exe'
      enthielt einen Virus oder unerwünschtes Programm 'Adware/Airinstall.J' [adware].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55c5c5e9.qua'
      verschoben!

20.08.2013 13:39 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\$Recycle.Bin\S-1-5-21-1013355498-1814289779-388905639-1000\$RQ5M8R2.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Airinstall.J' [adware]
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

20.08.2013 13:39 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\Downloads\Download-534895hhr43431.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Airinstall.J' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

19.08.2013 19:55 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{FB21D0C7-94E3-460F-A4E4-DCC120C2F231}\Addons
      \newtab_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

19.08.2013 19:55 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Addons
      \browser_coupon_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

19.08.2013 19:55 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Addons
      \browser_coupon_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

19.08.2013 19:55 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\nsmD72D.tmp\Binary.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/StartPage.cab' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

19.08.2013 19:54 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\instloffer.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Vittalia.AF' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

18.08.2013 18:49 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{FB21D0C7-94E3-460F-A4E4-DCC120C2F231}\Addons
      \newtab_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

18.08.2013 18:49 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Addons
      \browser_coupon_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

18.08.2013 18:49 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Addons
      \browser_coupon_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

18.08.2013 18:49 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\nsmD72D.tmp\Binary.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/StartPage.cab' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

18.08.2013 18:48 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\instloffer.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Vittalia.AF' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.08.2013 16:21 [Updater] Update nicht ausgeführt
      Das Update von Computer HIDEN-PC (127.0.0.1) von
      "hxxp://perspeak.avira-update.com/update" ist fehlgeschlagen.
      Während des Herunterladens ist ein Fehler aufgetreten.
      Es wurden keine neuen Dateien geladen.

17.08.2013 10:38 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\$Recycle.Bin\S-1-5-21-1013355498-1814289779-388905639-1000\$R11LQLT.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Somoto.PD' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.08.2013 09:27 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{FB21D0C7-94E3-460F-A4E4-DCC120C2F231}\Addons
      \newtab_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.08.2013 09:27 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Addons
      \browser_coupon_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.08.2013 09:27 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Addons
      \browser_coupon_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.08.2013 09:27 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\nsmD72D.tmp\Binary.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/StartPage.cab' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

17.08.2013 09:26 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\instloffer.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Vittalia.AF' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

16.08.2013 15:52 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{FB21D0C7-94E3-460F-A4E4-DCC120C2F231}\Addons
      \newtab_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

16.08.2013 15:52 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Addons
      \browser_coupon_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

16.08.2013 15:52 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Addons
      \browser_coupon_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

16.08.2013 15:52 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\nsmD72D.tmp\Binary.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/StartPage.cab' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

16.08.2013 15:52 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\instloffer.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Vittalia.AF' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

16.08.2013 15:15 [Updater] Update nicht ausgeführt
      Das Update von Computer HIDEN-PC (127.0.0.1) von
      "hxxp://perspeak.avira-update.com/update" ist fehlgeschlagen.
      Während des Herunterladens ist ein Fehler aufgetreten.
      Es wurden keine neuen Dateien geladen.

11.08.2013 13:56 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\Downloads\Download-534895hhr43431.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Airinstall.J' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

11.08.2013 12:04 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{FB21D0C7-94E3-460F-A4E4-DCC120C2F231}\Addons
      \newtab_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

11.08.2013 12:04 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Addons
      \browser_coupon_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

11.08.2013 12:04 [Echtzeit-Scanner] Malware gefunden
      In der Datei
      'C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Addons
      \browser_coupon_setup.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen7' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

11.08.2013 12:04 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\nsmD72D.tmp\Binary.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/StartPage.cab' [trojan]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

11.08.2013 12:04 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Hiden\AppData\Local\Temp\instloffer.exe'
      wurde ein Virus oder unerwünschtes Programm 'ADWARE/Vittalia.AF' [adware]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

cosinus 05.09.2013 09:39
Zitat:
C:\Users\Hiden\Downloads\[isoHunt] SKI REGION SIMULATOR 2012-FIGHTCLUB CRACK 2012.rar.torrent
C:\Users\Hiden\Downloads\share-online.biz.URL
C:\Users\Hiden\Downloads\uploaded.to.URL
C:\Users\Hiden\Downloads\Crack Ski Region Simulator 2012.rar.exe
:pfui:

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

fuxing 05.09.2013 13:21
Hallo!

Bitte entschuldige. Das ist der PC eines Freundes.
Der Inhalt des Download-Ordner (sowie auch der Bilder- & Dokumente-Ordner und diverses aus den Programmen) wurde so wie er war in den Papierkorb und dann ordentlich gelöscht bzw. deinstalliert!

Ich hoffe, ich habe nichts übersehen!

LG


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2013 03
Ran by Hiden (administrator) on HIDEN-PC on 05-09-2013 14:18:49
Running from C:\Users\Hiden\Desktop\share
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gizmo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Clownfish] - C:\Program Files (x86)\Clownfish\Clownfish.exe [1276152 2013-07-02] (Bogdan Sharkov)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [GizmoDriveDelegate] - C:\Program Files (x86)\Gizmo\gizmo.exe [223640 2013-02-16] (Arainia Solutions)
MountPoints2: G - G:\cdstart.exe
MountPoints2: I - I:\cdstart.exe
MountPoints2: {7051758a-b309-11e2-9e44-fbb951157bc6} - F:\OriginInstaller.exe
MountPoints2: {b4993d4d-3f3e-11e2-8214-806e6f6e6963} - E:\cdstart.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gizmo.lnk
ShortcutTarget: Gizmo.lnk -> C:\Program Files (x86)\Gizmo\gizmo.exe (Arainia Solutions)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
URLSearchHook: (No Name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914
SearchScopes: HKLM - {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzy0E0AyB0CtCtCtBtD0E0FtN0D0Tzu0CtAyDzytN1L2XzutBtFtBtFtCtFyEtDyB&cr=1614796548
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914
SearchScopes: HKLM-x32 - {43127BD9-3ACA-4259-9A77-D5C69F5CB9BA} URL = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q={searchTerms}
SearchScopes: HKLM-x32 - {96932D4E-8C01-43DD-98CC-011CA708A907} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.good-results.info/?l=1&q={searchTerms}&pid=724&r=2013/02/16&hid=1021253944&lg=EN&cc=AT
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119816&babsrc=SP_ss_bad2g&mntrId=0016000C4343BD02
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119816&babsrc=SP_ss_bad2g&mntrId=0016000C4343BD02
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {62E3F633-EDFB-44CC-9142-718C84A5CD02} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119292&babsrc=SP_ss&mntrId=001620ef000000000000000c4343bd02
SearchScopes: HKCU - {B5918D46-D596-40AB-B9B9-4235D17141A0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10263&src=kw&q={searchTerms}&locale=de_AT&apn_ptnrs=^AGU&apn_dtid=^YYYYYY^YY^AT&apn_uid=3DB68FCC-ADA4-4017-8C38-58DE2CDFAFE8&apn_sauid=22187DFA-8181-45F6-B34D-BA650EECB054
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.good-results.info/?l=1&q={searchTerms}&pid=724&r=2013/02/16&hid=1021253944&lg=EN&cc=AT
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb205/?search={searchTerms}&loc=IB_DS&a=6PQRV9rixw&i=26
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default
FF user.js: detected! => C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\user.js
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\babylon1.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Funmoods.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Searchab.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\winload-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF Extension: Browse2save - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\511fe088829a4@511fe088829dd.com
FF Extension: incredibar.com - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\ffxtlbr@incredibar.com
FF Extension: Spartipps von SparPilot.com - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\sparpilot@sparpilot.com
FF Extension: No Name - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\staged
FF Extension: Winload  - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
FF Extension: WhiteSmoke US New  - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}
FF Extension: ftdownloader - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\ftdownloader@ftdownloader.com.xpi
FF Extension: torntv - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\torntv@torntv.com.xpi
FF Extension: No Name - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\WTB_GLOBAL.sqlite
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [511fe088829a4@511fe088829dd.com] C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com
FF Extension: Browse2save - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF HKCU\...\Firefox\Extensions: [autolyrics@man-soft.net] C:\Program Files (x86)\AutoLyrics\FF\
FF Extension: No Name - C:\Program Files (x86)\AutoLyrics\FF\

Chrome:
=======
CHR HomePage: hxxp://www.google.at/
CHR RestoreOnStartup: "https://www.google.at/"
CHR DefaultSearchURL: (Babylon Search) - hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0016944452EDFDAF&affID=123895&tsp=4985
CHR DefaultSuggestURL: (Babylon Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Hiden\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Google Update) - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (Lightning Newtab) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.4.9_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (Auto Lyrics) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf\1.114_0
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Hiden\AppData\Local\funmoods.crx
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Hiden\AppData\Local\funmoods-speeddial_sf.crx
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Hiden\AppData\Roaming\BabSolution\CR\BabylonChrome1.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [gkjoindjjcmbdpbfppabdgflnkgbbcli] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn11.crx
CHR HKLM-x32\...\Chrome\Extension: [pkcdkfohdadbjmlfejhncigcbfkiaamf] - C:\Program Files (x86)\AutoLyrics\Chrome.crx

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2013-02-16] (Arainia Solutions)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-07-09] (Taiwan Shui Mu Chih Ching Technology Limited.)
S2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [x]

==================== Drivers (Whitelisted) ====================

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-25] (Avira Operations GmbH & Co. KG)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-02] (DT Soft Ltd)
S3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-08] (Duplex Secure Ltd.)
U3 ahi4h10m; C:\Windows\System32\Drivers\ahi4h10m.sys [0 ] (Advanced Micro Devices)
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-04 16:55 - 2013-09-04 16:55 - 00000000 ____D C:\FRST
2013-09-04 16:39 - 2013-09-05 14:18 - 00000000 ____D C:\Users\Hiden\Desktop\share
2013-09-04 14:26 - 2013-09-04 14:28 - 114436733 _____ C:\Users\Hiden\Desktop\Christina Perri - A Thousand Years [Official Music Video].mp4
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-04 13:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-04 12:36 - 2013-09-04 12:36 - 00262144 _____ C:\Windows\system32\config\default.gu
2013-09-04 12:36 - 2013-09-04 12:36 - 00028672 _____ C:\Windows\system32\config\software.gu
2013-09-04 12:35 - 2013-09-02 11:09 - 00024352 _____ C:\Windows\system32\RegBootDefrag.exe
2013-09-04 12:23 - 2013-09-04 16:31 - 00000000 ____D C:\_tools
2013-09-04 11:48 - 2013-09-04 11:48 - 00000000 ____D C:\ProgramData\GlarySoft
2013-09-04 11:42 - 2013-09-05 14:17 - 00000334 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-09-04 11:42 - 2013-09-04 12:38 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-09-04 11:42 - 2013-09-04 11:42 - 00002630 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-09-04 11:42 - 2013-09-04 11:42 - 00001086 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-09-04 11:42 - 2013-09-04 11:42 - 00000075 _____ C:\DiskDefrag.log
2013-09-04 11:42 - 2013-09-04 11:42 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\GlarySoft
2013-09-04 11:42 - 2013-09-02 11:09 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-09-04 11:39 - 2013-09-04 11:39 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\IObit
2013-09-04 11:27 - 2013-09-04 11:27 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-04 11:26 - 2013-06-21 12:23 - 06496544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 03514656 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 02555680 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 00884512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-09-04 11:26 - 2013-06-21 12:23 - 00237856 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-09-04 11:26 - 2013-06-20 06:17 - 03253909 _____ C:\Windows\system32\nvcoproc.bin
2013-09-04 11:18 - 2013-06-21 14:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 15920536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 15144928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 13411896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 12427240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 11235104 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-04 11:18 - 2013-06-21 14:06 - 09239344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02953504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432049.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432049.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 01059560 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00925648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00572704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00570656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00266448 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00218592 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00214448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00181488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00021578 _____ C:\Windows\system32\nvinfo.pb
2013-09-04 11:18 - 2013-02-25 07:27 - 00194848 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-09-04 11:18 - 2013-02-25 07:27 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-09-04 11:18 - 2013-01-29 10:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 02936208 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 02597856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-04 11:10 - 2013-08-20 15:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-09-04 11:10 - 2013-08-20 15:32 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-09-04 11:10 - 2013-08-20 15:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-09-04 08:52 - 2013-09-04 08:53 - 00718115 ____N C:\Windows\Minidump\090413-26676-01.dmp
2013-09-04 07:54 - 2013-09-04 07:54 - 95812354 _____ C:\Windows\SysWOW64\ທ쇓ᵌ'
2013-09-03 08:15 - 2013-09-03 08:15 - 95452537 _____ C:\Windows\SysWOW64\峌雠ᵌH
2013-09-02 08:02 - 2013-09-02 08:02 - 95199985 _____ C:\Windows\SysWOW64\誤軍ᵌ’
2013-09-01 08:38 - 2013-09-01 08:38 - 95128664 _____ C:\Windows\SysWOW64\豹冮ᵌ—
2013-09-01 08:34 - 2013-09-04 10:59 - 00000000 ____D C:\Windows\Minidump
2013-08-31 18:47 - 2013-08-31 18:47 - 00706105 ____N C:\Windows\Minidump\090113-28423-01.dmp
2013-08-31 10:38 - 2013-08-31 16:38 - 95115989 _____ C:\Windows\SysWOW64\塛ᵌ…
2013-08-30 19:38 - 2013-08-30 19:38 - 94985858 _____ C:\Windows\SysWOW64\쟁䡾ᵌ–
2013-08-30 13:39 - 2013-08-30 13:39 - 94829123 _____ C:\Windows\SysWOW64\합ﬠᵌ™
2013-08-29 20:41 - 2013-08-29 20:41 - 94663095 _____ C:\Windows\SysWOW64\ꩠ䥦ᵌ
2013-08-29 14:41 - 2013-08-29 14:41 - 94605346 _____ C:\Windows\SysWOW64\浇榏ᵌD
2013-08-29 08:41 - 2013-08-29 08:41 - 101142192 _____ C:\Windows\SysWOW64\㚣㦶ᵌ¨
2013-08-28 15:03 - 2013-09-04 11:28 - 00000000 ____D C:\hw64_422
2013-08-28 15:01 - 2013-08-28 15:01 - 00000000 ____D C:\cpu-z-166
2013-08-28 13:13 - 2013-08-28 13:13 - 00000000 ____D C:\ProgramData\SummerSoft
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Local\WebPlayer
2013-08-25 15:47 - 2013-08-25 15:47 - 100143688 _____ C:\Windows\SysWOW64\剠楮ᵌ¤
2013-08-23 11:27 - 2013-08-23 11:27 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\EvolutionClips
2013-08-23 07:34 - 2013-08-23 19:34 - 99979851 _____ C:\Windows\SysWOW64\硳ᵌ
2013-08-22 17:40 - 2013-08-22 17:47 - 00000000 ____D C:\Users\Hiden\Documents\Battlefield 3
2013-08-22 17:06 - 2013-08-23 16:01 - 00000000 ____D C:\Program Files (x86)\Battlefield 3
2013-08-22 13:14 - 2013-09-04 14:20 - 00002372 _____ C:\Users\Hiden\Desktop\Google Chrome.lnk
2013-08-22 13:14 - 2013-08-22 13:14 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-08-21 12:43 - 2013-08-21 12:46 - 00000000 ____D C:\Program Files (x86)\Black Ops 2
2013-08-20 16:26 - 2013-08-20 16:26 - 00000000 ____D C:\Program Files (x86)\PowerISO
2013-08-20 16:26 - 2013-07-22 04:19 - 00126872 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2013-08-20 13:26 - 2013-08-29 13:16 - 00000000 ____D C:\Users\Hiden\AppData\Local\Captcha_Brotherhood
2013-08-20 13:26 - 2013-08-20 13:26 - 00000000 ____D C:\Program Files (x86)\Brotherhood Software
2013-08-19 20:02 - 2013-09-04 14:31 - 00178176 ___SH C:\Users\Hiden\Desktop\Thumbs.db
2013-08-16 18:44 - 2013-08-16 18:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Disney Interactive Studios
2013-08-16 18:34 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-08-16 18:33 - 2013-09-02 08:17 - 00000109 _____ C:\Windows\disney.ini
2013-08-15 18:42 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 18:42 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 18:42 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 18:42 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 18:42 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 18:42 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 18:42 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 18:42 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 18:42 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 18:42 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 18:42 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 18:42 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 11:15 - 2013-08-15 11:16 - 00000000 ____D C:\Program Files (x86)\Canon
2013-08-15 11:15 - 2013-08-15 11:15 - 00000000 ____D C:\ProgramData\ZoomBrowser
2013-08-15 11:07 - 2013-08-15 11:08 - 00000000 ____D C:\Users\Hiden\AppData\Local\{896DF8D3-46B1-418C-8474-84A9741BDB2A}
2013-08-15 09:56 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 09:56 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 09:56 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 09:56 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 09:56 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 09:56 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 09:56 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 09:56 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 09:50 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 09:50 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 09:50 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 09:50 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 09:50 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 09:50 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 09:50 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 09:50 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 09:50 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 09:50 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 09:50 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 09:50 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 09:50 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 09:50 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 09:50 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 09:50 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 09:50 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 09:49 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 09:49 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 19:37 - 2013-08-13 19:37 - 00000000 ___HD C:\Windows\PIF
2013-08-12 12:50 - 2013-08-12 12:50 - 00000000 ____D C:\Program Files (x86)\Dokan
2013-08-07 20:30 - 2013-08-07 20:30 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-08-07 12:21 - 2013-08-07 12:21 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2013-08-07 12:21 - 2008-08-28 12:44 - 00025600 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys

==================== One Month Modified Files and Folders =======

2013-09-05 14:18 - 2013-09-04 16:39 - 00000000 ____D C:\Users\Hiden\Desktop\share
2013-09-05 14:17 - 2013-09-04 11:42 - 00000334 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-09-05 14:17 - 2012-12-06 17:24 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Skype
2013-09-05 14:16 - 2013-07-09 17:32 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-09-05 14:16 - 2012-12-06 09:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-05 14:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-05 14:16 - 2009-07-14 06:51 - 00111533 _____ C:\Windows\setupact.log
2013-09-05 14:13 - 2012-12-05 17:57 - 01760739 _____ C:\Windows\WindowsUpdate.log
2013-09-05 14:11 - 2013-02-17 11:08 - 00000000 ____D C:\Users\Hiden\Documents\Euro Truck Simulator 2
2013-09-05 14:01 - 2012-12-22 09:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-05 13:57 - 2013-06-05 17:56 - 00122880 ___SH C:\Users\Hiden\Thumbs.db
2013-09-05 07:31 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 07:31 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 07:27 - 2013-03-31 20:04 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-09-04 16:55 - 2013-09-04 16:55 - 00000000 ____D C:\FRST
2013-09-04 16:38 - 2012-12-24 22:35 - 00000000 ____D C:\Users\Hiden\Desktop\Programme
2013-09-04 16:35 - 2010-11-21 05:47 - 00724964 _____ C:\Windows\PFRO.log
2013-09-04 16:31 - 2013-09-04 12:23 - 00000000 ____D C:\_tools
2013-09-04 16:29 - 2013-04-08 15:27 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-09-04 15:10 - 2013-07-21 21:07 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Audacity
2013-09-04 14:31 - 2013-08-19 20:02 - 00178176 ___SH C:\Users\Hiden\Desktop\Thumbs.db
2013-09-04 14:28 - 2013-09-04 14:26 - 114436733 _____ C:\Users\Hiden\Desktop\Christina Perri - A Thousand Years [Official Music Video].mp4
2013-09-04 14:20 - 2013-08-22 13:14 - 00002372 _____ C:\Users\Hiden\Desktop\Google Chrome.lnk
2013-09-04 14:19 - 2012-12-05 18:10 - 00001427 _____ C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-04 13:54 - 2012-12-06 17:29 - 00000000 ____D C:\Users\Hiden\AppData\Local\CrashDumps
2013-09-04 13:41 - 2013-07-09 17:27 - 00000000 ____D C:\ProgramData\eSafe
2013-09-04 13:40 - 2013-07-09 17:32 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Omiga Plus
2013-09-04 13:40 - 2013-06-19 16:24 - 00000000 ____D C:\Program Files (x86)\AutoLyrics
2013-09-04 13:40 - 2013-06-02 08:11 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-09-04 13:26 - 2013-07-23 08:44 - 00000000 ____D C:\Program Files (x86)\SafeSaver
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-04 12:40 - 2012-12-06 16:33 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\NVIDIA
2013-09-04 12:38 - 2013-09-04 11:42 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-09-04 12:36 - 2013-09-04 12:36 - 00262144 _____ C:\Windows\system32\config\default.gu
2013-09-04 12:36 - 2013-09-04 12:36 - 00028672 _____ C:\Windows\system32\config\software.gu
2013-09-04 12:36 - 2012-12-05 18:05 - 00000000 ____D C:\Users\Hiden
2013-09-04 12:36 - 2009-07-14 04:34 - 71303168 _____ C:\Windows\system32\config\software.gu.bak
2013-09-04 12:36 - 2009-07-14 04:34 - 20447232 _____ C:\Windows\system32\config\system.gu.bak
2013-09-04 12:36 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.gu.bak
2013-09-04 12:35 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.gu.bak
2013-09-04 11:51 - 2012-12-24 20:47 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
2013-09-04 11:51 - 2012-12-20 15:22 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
2013-09-04 11:51 - 2012-12-07 14:49 - 00000000 ___RD C:\Users\Hiden\Desktop\Spiele
2013-09-04 11:48 - 2013-09-04 11:48 - 00000000 ____D C:\ProgramData\GlarySoft
2013-09-04 11:42 - 2013-09-04 11:42 - 00002630 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-09-04 11:42 - 2013-09-04 11:42 - 00001086 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-09-04 11:42 - 2013-09-04 11:42 - 00000075 _____ C:\DiskDefrag.log
2013-09-04 11:42 - 2013-09-04 11:42 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\GlarySoft
2013-09-04 11:39 - 2013-09-04 11:39 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\IObit
2013-09-04 11:28 - 2013-08-28 15:03 - 00000000 ____D C:\hw64_422
2013-09-04 11:27 - 2013-09-04 11:27 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-04 11:27 - 2012-12-06 09:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-04 11:26 - 2012-12-06 09:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-04 11:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2013-09-04 11:25 - 2012-12-06 09:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-09-04 11:09 - 2013-03-25 14:59 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 10:59 - 2013-09-01 08:34 - 00000000 ____D C:\Windows\Minidump
2013-09-04 08:53 - 2013-09-04 08:52 - 00718115 ____N C:\Windows\Minidump\090413-26676-01.dmp
2013-09-04 08:39 - 2012-12-06 09:55 - 00086552 _____ C:\Users\Hiden\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-04 08:28 - 2009-07-14 06:45 - 00343656 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-04 08:26 - 2013-04-22 15:30 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2013-09-04 08:21 - 2013-02-28 19:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-04 08:20 - 2013-06-20 15:26 - 00000600 _____ C:\Windows\Rtcw.INI
2013-09-04 08:20 - 2012-12-06 16:33 - 00000000 ____D C:\Users\Hiden\Documents\my games
2013-09-04 08:19 - 2013-07-09 17:19 - 00000000 ____D C:\Program Files (x86)\Cube World
2013-09-04 07:54 - 2013-09-04 07:54 - 95812354 _____ C:\Windows\SysWOW64\ທ쇓ᵌ'
2013-09-03 22:12 - 2013-01-27 13:41 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\TS3Client
2013-09-03 08:15 - 2013-09-03 08:15 - 95452537 _____ C:\Windows\SysWOW64\峌雠ᵌH
2013-09-02 17:01 - 2012-12-06 21:15 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\.minecraft
2013-09-02 11:09 - 2013-09-04 12:35 - 00024352 _____ C:\Windows\system32\RegBootDefrag.exe
2013-09-02 11:09 - 2013-09-04 11:42 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-09-02 08:17 - 2013-08-16 18:33 - 00000109 _____ C:\Windows\disney.ini
2013-09-02 08:02 - 2013-09-02 08:02 - 95199985 _____ C:\Windows\SysWOW64\誤軍ᵌ’
2013-09-01 08:38 - 2013-09-01 08:38 - 95128664 _____ C:\Windows\SysWOW64\豹冮ᵌ—
2013-08-31 18:47 - 2013-08-31 18:47 - 00706105 ____N C:\Windows\Minidump\090113-28423-01.dmp
2013-08-31 16:38 - 2013-08-31 10:38 - 95115989 _____ C:\Windows\SysWOW64\塛ᵌ…
2013-08-30 19:38 - 2013-08-30 19:38 - 94985858 _____ C:\Windows\SysWOW64\쟁䡾ᵌ–
2013-08-30 13:39 - 2013-08-30 13:39 - 94829123 _____ C:\Windows\SysWOW64\합ﬠᵌ™
2013-08-29 20:41 - 2013-08-29 20:41 - 94663095 _____ C:\Windows\SysWOW64\ꩠ䥦ᵌ
2013-08-29 14:41 - 2013-08-29 14:41 - 94605346 _____ C:\Windows\SysWOW64\浇榏ᵌD
2013-08-29 13:17 - 2013-01-27 13:41 - 00000000 ____D C:\Users\Hiden\AppData\Local\TeamSpeak 3 Client
2013-08-29 13:16 - 2013-08-20 13:26 - 00000000 ____D C:\Users\Hiden\AppData\Local\Captcha_Brotherhood
2013-08-29 08:41 - 2013-08-29 08:41 - 101142192 _____ C:\Windows\SysWOW64\㚣㦶ᵌ¨
2013-08-28 15:01 - 2013-08-28 15:01 - 00000000 ____D C:\cpu-z-166
2013-08-28 13:13 - 2013-08-28 13:13 - 00000000 ____D C:\ProgramData\SummerSoft
2013-08-28 13:13 - 2012-12-20 15:27 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-28 11:21 - 2013-05-19 10:52 - 00000000 ____D C:\Users\Hiden\AppData\Local\Akamai
2013-08-28 11:21 - 2013-03-21 21:02 - 00000000 ____D C:\Program Files (x86)\Clownfish
2013-08-28 11:21 - 2013-01-27 13:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\ts3overlay
2013-08-28 11:21 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-28 11:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-08-28 10:28 - 2011-02-11 16:47 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-08-28 10:28 - 2011-02-11 16:47 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-08-28 10:28 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Local\WebPlayer
2013-08-25 15:47 - 2013-08-25 15:47 - 100143688 _____ C:\Windows\SysWOW64\剠楮ᵌ¤
2013-08-23 19:34 - 2013-08-23 07:34 - 99979851 _____ C:\Windows\SysWOW64\硳ᵌ
2013-08-23 16:09 - 2013-06-03 21:08 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-08-23 16:01 - 2013-08-22 17:06 - 00000000 ____D C:\Program Files (x86)\Battlefield 3
2013-08-23 15:21 - 2013-04-22 15:28 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-08-23 15:11 - 2012-12-25 11:58 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\uTorrent
2013-08-23 11:27 - 2013-08-23 11:27 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\EvolutionClips
2013-08-22 17:47 - 2013-08-22 17:40 - 00000000 ____D C:\Users\Hiden\Documents\Battlefield 3
2013-08-22 17:39 - 2013-03-09 17:02 - 00000000 ____D C:\Users\Hiden\AppData\Local\Unity
2013-08-22 17:38 - 2013-06-03 21:08 - 00000000 ____D C:\ProgramData\Origin
2013-08-22 13:14 - 2013-08-22 13:14 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-08-22 13:14 - 2012-12-05 18:07 - 00000000 ____D C:\Users\Hiden\AppData\Local\Google
2013-08-22 13:12 - 2012-12-05 18:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-21 12:46 - 2013-08-21 12:43 - 00000000 ____D C:\Program Files (x86)\Black Ops 2
2013-08-20 20:32 - 2012-12-22 09:13 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 20:32 - 2012-12-06 17:01 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 20:32 - 2012-12-06 17:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 16:26 - 2013-08-20 16:26 - 00000000 ____D C:\Program Files (x86)\PowerISO
2013-08-20 15:33 - 2013-09-04 11:10 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-08-20 15:32 - 2013-09-04 11:10 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-08-20 15:32 - 2013-09-04 11:10 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-08-20 13:26 - 2013-08-20 13:26 - 00000000 ____D C:\Program Files (x86)\Brotherhood Software
2013-08-20 10:48 - 2013-05-07 14:15 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-20 10:48 - 2013-03-25 14:59 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-17 10:49 - 2012-12-05 18:01 - 00218987 _____ C:\Windows\DirectX.log
2013-08-16 18:44 - 2013-08-16 18:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Disney Interactive Studios
2013-08-16 15:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 18:38 - 2013-07-13 13:17 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 18:37 - 2012-12-06 10:43 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 11:20 - 2013-02-26 21:16 - 00037531 ____H C:\Users\Hiden\Desktop\ZbThumbnail.info
2013-08-15 11:16 - 2013-08-15 11:15 - 00000000 ____D C:\Program Files (x86)\Canon
2013-08-15 11:15 - 2013-08-15 11:15 - 00000000 ____D C:\ProgramData\ZoomBrowser
2013-08-15 11:08 - 2013-08-15 11:07 - 00000000 ____D C:\Users\Hiden\AppData\Local\{896DF8D3-46B1-418C-8474-84A9741BDB2A}
2013-08-15 09:31 - 2013-06-19 16:25 - 00000000 ____D C:\Users\Hiden\Documents\bitComposer Games
2013-08-15 09:30 - 2013-04-28 12:38 - 00000000 ____D C:\Program Files (x86)\Nokia
2013-08-15 09:25 - 2013-07-24 13:22 - 00000000 ____D C:\Users\Hiden\AppData\Local\LogMeIn Hamachi
2013-08-13 19:37 - 2013-08-13 19:37 - 00000000 ___HD C:\Windows\PIF
2013-08-12 12:50 - 2013-08-12 12:50 - 00000000 ____D C:\Program Files (x86)\Dokan
2013-08-12 11:12 - 2013-04-19 21:18 - 00000000 ____D C:\ts3overlay
2013-08-11 11:21 - 2013-02-21 16:28 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-07 20:30 - 2013-08-07 20:30 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-08-07 20:30 - 2013-05-01 10:53 - 00286840 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-08-07 20:30 - 2013-05-01 10:52 - 00291210 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-08-07 12:24 - 2013-04-28 12:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\PC Suite
2013-08-07 12:23 - 2013-04-30 17:35 - 00000000 ____D C:\Users\Hiden\AppData\Local\Nokia
2013-08-07 12:21 - 2013-08-07 12:21 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2013-08-07 12:21 - 2013-04-28 12:44 - 00041042 _____ C:\Windows\DPINST.LOG

Files to move or delete:
====================
C:\Users\Hiden\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Hiden\AppData\Local\Temp\Tsu8F5BCA1D.dll
C:\Users\Hiden\AppData\Local\Temp\TsuE58EB0BC.dll
C:\Users\Hiden\AppData\Local\Temp\TsuEBBB588F.dll
C:\Users\Hiden\AppData\Local\Temp\uninst1.exe
C:\Users\Hiden\AppData\Local\Temp\{7E84F47D-2CCC-4A36-A8DD-64EEA567D68B}\Setup.exe
C:\Users\Hiden\AppData\Local\Temp\{7E84F47D-2CCC-4A36-A8DD-64EEA567D68B}\_Setup.dll
C:\Users\Hiden\AppData\Local\Temp\{7E84F47D-2CCC-4A36-A8DD-64EEA567D68B}\_Setupx.dll
C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Custom.dll
C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\Setup.exe
C:\Users\Hiden\AppData\Local\Temp\{36616E42-33AE-4B91-A97A-7B8CED824CB4}\_Setup.dll
C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Custom.dll
C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\Setup.exe
C:\Users\Hiden\AppData\Local\Temp\{2E6F7654-96F1-401D-A2F6-DED3F58C54A2}\_Setup.dll
C:\Users\Hiden\AppData\Local\Temp\Temp1_RogueKiller_8.6.9.zip\RogueKillerX64.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\setup.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NvVAD\nvaudcap32v.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NvVAD\nvaudcap64v.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NvVAD\nvgenco32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NvVAD\nvgenco64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\NVI2.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\NVI2UI.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\NVPrxy32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\NVPrxy64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\NVI2\ReleaseHighlights.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\MS.NET\dotNetFx40_Full_setup.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\MS.NET\MSNetExt.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\detoured.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\nvFBC.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\NvGfeServiceBridge.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\nvsteamsupport.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\nvstreamer.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\nvstreamsvc.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\protobuf-net.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\rxinput.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\x86\server\steam_api.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\SteamLauncher\NVIDIA.SteamLauncher.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\detoured.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\nvFBC.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\NvGfeServiceBridge.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\nvsteamsupport.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\nvstreamer.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\nvstreamsvc.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\rxinput.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamSrv\amd64\server\steam_api64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\avcodec-52.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\avdevice-52.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\avformat-52.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\avutil-49.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\Bifrost.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\cudart32_41_0.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\NvStreamCExt.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\nvwinstreamc.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience.NvStreamC\swscale-0.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\7z.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\DisplayCplExt.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ExtensionLoader.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GalaSoft.MvvmLight.Extras.WPF4.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GalaSoft.MvvmLight.WPF4.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GFExperience.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GFExperienceControls.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GFExperienceCore.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GFExperienceExt.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\GridService.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\InstallerService.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\InstallerUIExtension.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\log4net.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\Microsoft.Practices.ServiceLocation.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\Microsoft.WindowsAPICodePack.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\Microsoft.WindowsAPICodePack.Shell.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\NVIDIA.Settings.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\NVIDIA.Settings.Properties.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\NVIDIA.UpdateService.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\NVIDIA.Win32Api.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\nvtmru.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\oaremote_plugin.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ShadowPlay.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Core.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Interfaces.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Linq.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.PlatformServices.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Providers.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Runtime.Remoting.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Reactive.Windows.Threading.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\System.Windows.Interactivity.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\zh-CHT\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\zh-CHS\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\tr-TR\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\th-TH\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\sv-SE\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\sl-SI\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\sk-SK\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ru-RU\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\pt-PT\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\pt-BR\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\pl-PL\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\nl-NL\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\nb-NO\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ko-KR\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ja-JP\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\it-IT\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\hu-HU\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\he-IL\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\fr-FR\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\fi-FI\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\es-MX\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\es-ES\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\en-US\GFExperience.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\en-US\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\en-GB\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\el-GR\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\de-DE\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\da-DK\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\cs-CZ\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\GFExperience\ar-AE\GFExperienceControls.resources.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\ComUpdatus.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\daemonu.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\easyDaemonAPIU32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\easyDaemonAPIU64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdt32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdt64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtr32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtr64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtrXP32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtrXP64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtXP32.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\nvupdtXP64.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\UpdateExt.dll
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Update\WLMerger.exe
C:\Users\Hiden\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\8.3.14.1\Display.Optimus\OptimusExt.dll
C:\Users\Hiden\AppData\Local\Temp\IDC3.tmp\FP_AX_CAB_INSTALLER64.exe
C:\Users\Hiden\AppData\Local\Temp\IDC2.tmp\FP_AX_CAB_INSTALLER64.exe
C:\Users\Hiden\AppData\Local\Temp\bus6D9D\BUSolution.dll
C:\Users\Hiden\AppData\Local\Temp\bus664C\CrxUpdater_g.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 12:09

==================== End Of Log ============================
--- --- ---

cosinus 05.09.2013 14:09
Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

fuxing 06.09.2013 06:58
So, also hier noch combofix:

Code:
ComboFix 13-09-06.01 - Hiden 06.09.2013  7:41.1.2 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.4046.2691 [GMT 2:00]
ausgeführt von:: c:\users\Hiden\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hiden\AppData\Roaming\337
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\ebase.dll
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\image\default\app_close.png
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\image\default\app_max.png
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\image\default\app_min.png
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\image\default\app_restore.png
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\image\default\wallpaper_resource.xml
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\image\default\window.png
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\language\en_us\wallpaper_lang.ini
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\language\es_es\wallpaper_lang.ini
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\language\pt_br\wallpaper_lang.ini
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\language\tr_tr\wallpaper_lang.ini
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\language\zh_tw\wallpaper_lang.ini
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\layout\default\dp_appwnd.xml
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\layout\default\msgbox.xml
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\libpng.dll
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\main
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\msvcp100.dll
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\msvcr100.dll
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\ouilibnl.dll
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\plusapp.exe
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\style\wallpaper_style.xml
c:\users\Hiden\AppData\Roaming\337\337 Wallpaper\TrayDownloader.exe
c:\users\Hiden\AppData\Roaming\convert\convert.exe
c:\users\Hiden\AppData\Roaming\Gizmo
c:\users\Hiden\AppData\Roaming\Gizmo\mru.xml
c:\users\Hiden\AppData\Roaming\Gizmo\update.xml
c:\users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com
c:\users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com\bootstrap.js
c:\users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com\chrome.manifest
c:\users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com\content\bg.js
c:\users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com\content\zy.xul
c:\users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com\install.rdf
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BrowserDefendert
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-08-06 bis 2013-09-06  ))))))))))))))))))))))))))))))
.
.
2013-09-04 14:55 . 2013-09-04 14:55        --------        d-----w-        C:\FRST
2013-09-04 11:02 . 2013-09-04 11:02        --------        d-----w-        c:\users\Hiden\AppData\Roaming\Malwarebytes
2013-09-04 11:02 . 2013-09-04 11:02        --------        d-----w-        c:\programdata\Malwarebytes
2013-09-04 11:02 . 2013-09-04 11:02        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-04 11:02 . 2013-04-04 12:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-09-04 10:35 . 2013-09-02 09:09        24352        ----a-w-        c:\windows\system32\RegBootDefrag.exe
2013-09-04 10:23 . 2013-09-04 14:31        --------        d-----w-        C:\_tools
2013-09-04 09:48 . 2013-09-04 09:48        --------        d-----w-        c:\programdata\GlarySoft
2013-09-04 09:42 . 2013-09-02 09:09        117024        ----a-w-        c:\windows\system32\BootDefrag.exe
2013-09-04 09:42 . 2013-09-04 09:42        --------        d-----w-        c:\users\Hiden\AppData\Roaming\GlarySoft
2013-09-04 09:42 . 2013-09-04 10:38        --------        d-----w-        c:\program files (x86)\Glary Utilities 3
2013-09-04 09:39 . 2013-09-04 09:39        --------        d-----w-        c:\users\Hiden\AppData\Roaming\IObit
2013-09-04 09:27 . 2013-09-04 09:27        --------        d-----w-        c:\program files (x86)\AGEIA Technologies
2013-09-04 09:26 . 2013-06-21 10:23        3514656        ----a-w-        c:\windows\system32\nvsvc64.dll
2013-09-04 09:26 . 2013-06-21 10:23        884512        ----a-w-        c:\windows\system32\nvvsvc.exe
2013-09-04 09:26 . 2013-06-21 10:23        63776        ----a-w-        c:\windows\system32\nvshext.dll
2013-09-04 09:26 . 2013-06-21 10:23        6496544        ----a-w-        c:\windows\system32\nvcpl.dll
2013-09-04 09:26 . 2013-06-21 10:23        2555680        ----a-w-        c:\windows\system32\nvsvcr.dll
2013-09-04 09:26 . 2013-06-21 10:23        237856        ----a-w-        c:\windows\system32\nvmctray.dll
2013-09-04 09:26 . 2013-06-20 04:17        3253909        ----a-w-        c:\windows\system32\nvcoproc.bin
2013-09-04 09:17 . 2013-06-21 12:06        2936208        ----a-w-        c:\windows\system32\nvapi64.dll
2013-09-04 09:17 . 2013-06-21 12:06        2597856        ----a-w-        c:\windows\SysWow64\nvapi.dll
2013-09-04 09:17 . 2013-06-21 12:06        25256224        ----a-w-        c:\windows\system32\nvcompiler.dll
2013-09-04 09:17 . 2013-06-21 12:06        17560352        ----a-w-        c:\windows\SysWow64\nvcompiler.dll
2013-09-04 09:10 . 2013-08-20 13:33        39200        ----a-w-        c:\windows\system32\drivers\nvvad64v.sys
2013-09-04 09:10 . 2013-08-20 13:32        29984        ----a-w-        c:\windows\system32\nvaudcap64v.dll
2013-09-04 09:10 . 2013-08-20 13:32        28448        ----a-w-        c:\windows\SysWow64\nvaudcap32v.dll
2013-08-28 13:03 . 2013-09-04 09:28        --------        d-----w-        C:\hw64_422
2013-08-28 13:01 . 2013-08-28 13:01        --------        d-----w-        C:\cpu-z-166
2013-08-28 11:13 . 2013-08-28 11:13        --------        d-----w-        c:\programdata\SummerSoft
2013-08-25 15:50 . 2013-08-25 15:50        --------        d-----w-        c:\users\Hiden\AppData\Local\WebPlayer
2013-08-24 20:02 . 2013-04-23 15:03        87054        ----a-w-        c:\users\Hiden\AppData\Roaming\Microsoft\IE10\libpdcurses.dll
2013-08-24 20:02 . 2013-04-23 15:03        45056        ----a-w-        c:\users\Hiden\AppData\Roaming\Microsoft\IE10\pthreadGC2.dll
2013-08-24 20:02 . 2013-04-23 15:03        323584        ----a-w-        c:\users\Hiden\AppData\Roaming\Microsoft\IE10\ssleay32.dll
2013-08-24 20:02 . 2013-04-23 15:03        309248        ----a-w-        c:\users\Hiden\AppData\Roaming\Microsoft\IE10\libcurl-4.dll
2013-08-24 20:02 . 2013-04-23 15:03        224256        ----a-w-        c:\users\Hiden\AppData\Roaming\Microsoft\IE10\libidn-11.dll
2013-08-24 20:02 . 2013-04-23 15:03        1479680        ----a-w-        c:\users\Hiden\AppData\Roaming\Microsoft\IE10\libeay32.dll
2013-08-24 20:02 . 2013-04-23 15:03        122368        ----a-w-        c:\users\Hiden\AppData\Roaming\Microsoft\IE10\zlib1.dll
2013-08-24 20:02 . 2013-04-23 15:03        104960        ----a-w-        c:\users\Hiden\AppData\Roaming\Microsoft\IE10\libusb-1.0.dll
2013-08-24 20:02 . 2013-09-04 13:09        587776        ----a-w-        c:\users\Hiden\AppData\Roaming\Microsoft\IE10\7z.exe
2013-08-23 09:27 . 2013-05-07 17:26        1751552        ----a-w-        c:\users\Hiden\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe
2013-08-23 09:27 . 2013-08-23 09:27        --------        d-----w-        c:\users\Hiden\AppData\Roaming\EvolutionClips
2013-08-22 15:06 . 2013-08-23 14:01        --------        d-----w-        c:\program files (x86)\Battlefield 3
2013-08-21 10:43 . 2013-08-21 10:46        --------        d-----w-        c:\program files (x86)\Black Ops 2
2013-08-20 14:26 . 2013-08-20 14:26        --------        d-----w-        c:\program files (x86)\PowerISO
2013-08-20 14:26 . 2013-07-22 02:19        126872        ----a-w-        c:\windows\system32\drivers\scdemu.sys
2013-08-20 11:26 . 2013-08-29 11:16        --------        d-----w-        c:\users\Hiden\AppData\Local\Captcha_Brotherhood
2013-08-20 11:26 . 2013-08-20 11:26        --------        d-----w-        c:\program files (x86)\Brotherhood Software
2013-08-17 08:50 . 2013-08-17 08:50        --------        d--h--w-        c:\program files (x86)\Common Files\EAInstaller
2013-08-16 16:44 . 2013-08-16 16:44        --------        d-----w-        c:\users\Hiden\AppData\Roaming\Disney Interactive Studios
2013-08-16 16:34 . 2008-07-12 06:18        467984        ----a-w-        c:\windows\SysWow64\d3dx10_39.dll
2013-08-16 16:34 . 2008-07-12 06:18        1493528        ----a-w-        c:\windows\SysWow64\D3DCompiler_39.dll
2013-08-16 16:34 . 2008-07-12 06:18        540688        ----a-w-        c:\windows\system32\d3dx10_39.dll
2013-08-16 16:34 . 2008-07-12 06:18        1942552        ----a-w-        c:\windows\system32\D3DCompiler_39.dll
2013-08-16 16:34 . 2008-07-12 06:18        3851784        ----a-w-        c:\windows\SysWow64\D3DX9_39.dll
2013-08-16 16:34 . 2008-07-12 06:18        4992520        ----a-w-        c:\windows\system32\D3DX9_39.dll
2013-08-15 09:15 . 2013-08-15 09:15        --------        d-----w-        c:\programdata\ZoomBrowser
2013-08-15 09:15 . 2013-08-15 09:16        --------        d-----w-        c:\program files (x86)\Canon
2013-08-15 07:56 . 2013-07-09 05:52        224256        ----a-w-        c:\windows\system32\wintrust.dll
2013-08-15 07:56 . 2013-07-09 05:46        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2013-08-15 07:56 . 2013-07-09 05:46        1472512        ----a-w-        c:\windows\system32\crypt32.dll
2013-08-15 07:56 . 2013-07-09 05:46        139776        ----a-w-        c:\windows\system32\cryptnet.dll
2013-08-15 07:56 . 2013-07-09 04:52        175104        ----a-w-        c:\windows\SysWow64\wintrust.dll
2013-08-15 07:56 . 2013-07-09 04:46        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2013-08-15 07:56 . 2013-07-09 04:46        1166848        ----a-w-        c:\windows\SysWow64\crypt32.dll
2013-08-15 07:56 . 2013-07-09 04:46        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2013-08-15 07:49 . 2013-06-15 04:32        39936        ----a-w-        c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 07:49 . 2013-07-06 06:03        1910208        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-08-13 17:37 . 2013-08-13 17:37        --------        d--h--w-        c:\windows\PIF
2013-08-12 10:50 . 2013-08-12 10:50        --------        d-----w-        c:\program files (x86)\Dokan
2013-08-07 18:30 . 2013-08-07 18:30        --------        d-----w-        c:\program files (x86)\MSXML 4.0
2013-08-07 10:21 . 2008-08-28 10:44        25600        ----a-w-        c:\windows\system32\drivers\pccsmcfdx64.sys
2013-08-07 10:21 . 2013-08-07 10:21        --------        d-----w-        c:\program files (x86)\PC Connectivity Solution
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-04 09:09 . 2013-03-25 12:59        105344        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-08-20 18:32 . 2012-12-06 15:01        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-20 18:32 . 2012-12-06 15:01        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-20 08:48 . 2013-05-07 12:15        81112        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-08-20 08:48 . 2013-03-25 12:59        132088        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-08-15 16:37 . 2012-12-06 08:43        78161360        ----a-w-        c:\windows\system32\MRT.exe
2013-07-09 04:45 . 2013-08-15 07:50        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2013-06-24 13:06 . 2013-06-24 13:06        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 13:06 . 2012-12-06 19:52        867240        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-06-24 13:06 . 2012-12-06 19:52        789416        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-06-21 12:06 . 2012-12-06 07:57        61216        ----a-w-        c:\windows\system32\OpenCL.dll
2013-06-21 12:06 . 2012-12-06 07:57        53024        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2013-06-21 03:16 . 2013-06-21 03:16        566048        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49        281760        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2013-07-02 1276152]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"GizmoDriveDelegate"="c:\program files (x86)\Gizmo\gizmo.exe" [2013-02-16 223640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-08-20 347192]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Gizmo.lnk - c:\program files (x86)\Gizmo\gizmo.exe /NoSplash /NoShow [2013-2-16 223640]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files\Fujitsu\LaunchCenter\LaunchCenter.exe [2012-12-5 379160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE"
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys;c:\windows\SYSNATIVE\drivers\FUJ02E3.sys [x]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 GizmoDrv;Gizmo Device Driver; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys;c:\windows\SYSNATIVE\drivers\dokan.sys [x]
S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [x]
S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 winzipersvc;WinZiper service;c:\program files (x86)\WinZipper\winzipersvc.exe;c:\program files (x86)\WinZipper\winzipersvc.exe [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-06 18:32]
.
2013-09-06 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-09-02 09:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-30 14:49        342176        ----a-w-        c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-04-24 7477016]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
mStart Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.1.254
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DIB\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICO\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JFIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPE\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPEG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.png.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WDP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-09-06  07:52:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-09-06 05:52
.
Vor Suchlauf: 19 Verzeichnis(se), 156.486.045.696 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 156.376.690.688 Bytes frei
.
- - End Of File - - A6079AEFC127A252C6738E36CCA2838E

cosinus 06.09.2013 11:58
Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

fuxing 09.09.2013 07:45
Code:
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.09.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Hiden :: HIDEN-PC [administrator]

09.09.2013 07:57:11
mbar-log-2013-09-09 (07-57-11).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 272270
Time elapsed: 34 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Refog Software (Refog.Keylogger) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus 09.09.2013 08:57
Was ist mit gmer?

fuxing 09.09.2013 09:39
ByTheWay:
Also, nach dem Neustart findet malwarebytes anti rootkit und anti malware nix mehr, aber beim spielen von "Landwirtschaftssimulator 2013" klettert die gpu temperatur immer noch auf 100°C. Und das war ja der Grund warum ich überhaupt angefangen hab zu suchen, nach Fehlern.

Nachdem ich das Spiel beendet habe sank zwar die Temperatur wieder auf 85°C und nach 5min auf 66°C runter und die GPU-Auslastung auf beinahe 0%, aber ist das normal, dass diese Graka (EVGA NVidia Geforce GT 610 mit 2GB Grafikspeicher) so warm wird? (Laut NVidia ist die Maximaltemperatur mit 102°C angegeben)

LG

cosinus 09.09.2013 09:41
Ich bin kein Grafikkartenexperte. Das wäre ein neues Thema für unseren Hardwarebereich.
Was ist denn jtzt mit GMER?

fuxing 10.09.2013 13:12
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-09 07:48:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.17.0 465,76GB
Running: v50wmd1r.exe; Driver: C:\Users\Hiden\AppData\Local\Temp\awtoipow.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload                                                                                        fffff88007028d64 12 bytes {MOV RAX, 0xfffffa8006f012a0; JMP RAX}

---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\WinZipper\winzipersvc.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000075511465 2 bytes [51, 75]
.text  C:\Program Files (x86)\WinZipper\winzipersvc.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000755114bb 2 bytes [51, 75]
.text  ...                                                                                                                                      * 2
.text  C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                            0000000075511465 2 bytes [51, 75]
.text  C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000755114bb 2 bytes [51, 75]
.text  ...                                                                                                                                      * 2
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000075511465 2 bytes [51, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000755114bb 2 bytes [51, 75]
.text  ...                                                                                                                                      * 2
.text  C:\program files (x86)\avira\antivir desktop\avcenter.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000075511465 2 bytes [51, 75]
.text  C:\program files (x86)\avira\antivir desktop\avcenter.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                00000000755114bb 2 bytes [51, 75]
.text  ...                                                                                                                                      * 2

---- Devices - GMER 2.1 ----

Device  \Driver\a8jpcc19 \Device\Scsi\a8jpcc191                                                                                                  fffffa8006f8d2c0
Device  \FileSystem\Ntfs \Ntfs                                                                                                                  fffffa80036732c0
Device  \Driver\usbehci \Device\USBPDO-1                                                                                                        fffffa8006e1c2c0
Device  \Driver\cdrom \Device\CdRom0                                                                                                            fffffa8006d022c0
Device  \Driver\cdrom \Device\CdRom1                                                                                                            fffffa8006d022c0
Device  \Driver\cdrom \Device\CdRom2                                                                                                            fffffa8006d022c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{B328ED59-D5CC-4F66-8D88-7F20A95E37F0}                                                                fffffa8006b9a2c0
Device  \Driver\usbehci \Device\USBFDO-0                                                                                                        fffffa8006e1c2c0
Device  \Driver\dtsoftbus01 \Device\DTSoftBusCtl                                                                                                fffffa80047002c0
Device  \Driver\usbehci \Device\USBFDO-1                                                                                                        fffffa8006e1c2c0
Device  \Driver\dtsoftbus01 \Device\00000072                                                                                                    fffffa80047002c0
Device  \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                  fffffa8006b9a2c0
Device  \Driver\dtsoftbus01 \Device\00000073                                                                                                    fffffa80047002c0
Device  \Driver\usbehci \Device\USBPDO-0                                                                                                        fffffa8006e1c2c0
Device  \Driver\a8jpcc19 \Device\ScsiPort1                                                                                                      fffffa8006f8d2c0

---- Modules - GMER 2.1 ----

Module  \SystemRoot\System32\Drivers\a8jpcc19.SYS                                                                                                fffff88003000000-fffff88003051000 (331776 bytes)

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                      C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                      0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                      0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                  0xCB 0x48 0x20 0xAA ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                            0xA0 0x02 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                          0x3A 0x1E 0xDD 0x0C ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                         
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                    0xEC 0x71 0x3A 0x60 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                                         
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                    0x04 0x18 0x6A 0x6A ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2                                         
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                                    0x9A 0xE6 0x1F 0x3C ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                   
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                          C:\Program Files (x86)\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                          0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                          0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                      0xAC 0xC1 0x90 0xAA ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                           
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                0xA0 0x02 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                              0x3A 0x1E 0xDD 0x0C ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                     
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                        0xEC 0x71 0x3A 0x60 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)                     
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                        0x04 0x18 0x6A 0x6A ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)                     
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                                        0x9A 0xE6 0x1F 0x3C ...

---- EOF - GMER 2.1 ----

cosinus 10.09.2013 16:32
Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


fuxing 11.09.2013 09:21
Code:
# AdwCleaner v3.003 - Bericht erstellt am 11/09/2013 um 09:59:00
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Hiden - HIDEN-PC
# Gestartet von : C:\Users\Hiden\Desktop\share\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : winzipersvc

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\bprotector_extensions.sqlite
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\bprotector_prefs.js
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Babylon.xml
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\babylon1.xml
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\delta.xml
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\funmoods.xml
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\MyStart Search.xml
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Searchab.xml
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Web Search.xml
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\WebSearch.xml
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\user.js
Datei Gefunden : C:\Windows\System32\Tasks\Omiga Plus RunAsStdUser
Ordner Gefunden : C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf
Ordner Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Ordner Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Ordner Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}
Ordner Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\ffxtlbr@incredibar.com
Ordner Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\sparpilot@sparpilot.com
Ordner Gefunden C:\Program Files (x86)\AutoLyrics
Ordner Gefunden C:\Program Files (x86)\Common Files\337
Ordner Gefunden C:\Program Files (x86)\Conduit
Ordner Gefunden C:\Program Files (x86)\FilesFrog Update Checker
Ordner Gefunden C:\Program Files (x86)\MagniPic
Ordner Gefunden C:\Program Files (x86)\Omiga Plus
Ordner Gefunden C:\Program Files (x86)\Protected Search
Ordner Gefunden C:\Program Files (x86)\Red Sky
Ordner Gefunden C:\Program Files (x86)\SafeSaver
Ordner Gefunden C:\Program Files (x86)\SimilarSites
Ordner Gefunden C:\Program Files (x86)\WinZipper
Ordner Gefunden C:\ProgramData\Babylon
Ordner Gefunden C:\ProgramData\BrowserDefender
Ordner Gefunden C:\ProgramData\clsoft ltd
Ordner Gefunden C:\ProgramData\eSafe
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Ordner Gefunden C:\ProgramData\Partner
Ordner Gefunden C:\ProgramData\RightClick
Ordner Gefunden C:\ProgramData\StarApp
Ordner Gefunden C:\Users\Hiden\AppData\Local\Conduit
Ordner Gefunden C:\Users\Hiden\AppData\Local\DownTango
Ordner Gefunden C:\Users\Hiden\AppData\Local\Ilivid
Ordner Gefunden C:\Users\Hiden\AppData\Local\PutLockerDownloader
Ordner Gefunden C:\Users\Hiden\AppData\Local\SwvUpdater
Ordner Gefunden C:\Users\Hiden\AppData\LocalLow\Browse2Save
Ordner Gefunden C:\Users\Hiden\AppData\LocalLow\Conduit
Ordner Gefunden C:\Users\Hiden\AppData\LocalLow\delta
Ordner Gefunden C:\Users\Hiden\AppData\LocalLow\SimplyTech
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\eIntaller
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\ExpressFiles
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Funmoods
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\CT2319825
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\jetpack
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Smartbar
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\NCdownloader
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Omiga Plus
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\SimilarSites
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\WinZipper
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\yourfiledownloader

***** [ Verknüpfungen ] *****

Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353 )
Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914 )
Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353 )
Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914 )
Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk ( hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=2938 )
Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk ( hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=2938 )
Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\World of Tanks.lnk ( hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=2938 )
Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk ( hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=2938 )

***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\5b6dfdfb63cb917
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AutoLyrics
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\SProtector
Schlüssel Gefunden : HKCU\Software\BI
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\ExpressFiles
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\powerpack
Schlüssel Gefunden : HKCU\Software\PrivitizeVPNInstallDates
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Somoto
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : [x64] HKCU\Software\APN PIP
Schlüssel Gefunden : [x64] HKCU\Software\BI
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : [x64] HKCU\Software\ExpressFiles
Schlüssel Gefunden : [x64] HKCU\Software\IM
Schlüssel Gefunden : [x64] HKCU\Software\ImInstaller
Schlüssel Gefunden : [x64] HKCU\Software\InstallCore
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\powerpack
Schlüssel Gefunden : [x64] HKCU\Software\PrivitizeVPNInstallDates
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\Somoto
Schlüssel Gefunden : [x64] HKCU\Software\StartSearch
Schlüssel Gefunden : HKLM\SOFTWARE\5b6dfdfb63cb917
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\FTDownloader
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\delta-homesSoftware
Schlüssel Gefunden : HKLM\Software\Desksvc
Schlüssel Gefunden : HKLM\Software\eSafeSecControl
Schlüssel Gefunden : HKLM\Software\ExpressFiles
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf
Schlüssel Gefunden : HKLM\Software\IB Updater
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\Software\InstallCore
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hjsplit_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hjsplit_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_skiregion-simulator-2012_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_skiregion-simulator-2012_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_bad-piggies_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_bad-piggies_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_camstudio_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_camstudio_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_crazy-taxi_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_crazy-taxi_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_euro-truck-simulator_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_euro-truck-simulator_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_fond-decran-gta-5_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_fond-decran-gta-5_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_funny-voice_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_funny-voice_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gta-iv-san-andreas_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gta-iv-san-andreas_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_minecraft_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_minecraft_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mousometer_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mousometer_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_san-andreas-multiplayer_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_san-andreas-multiplayer_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_slender_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_slender_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\autolyrics@man-soft.net
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_008a99b9
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f5d3e0aa
Schlüssel Gefunden : HKLM\Software\omigaplusSvc
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : HKLM\Software\SoftwareUpdater
Schlüssel Gefunden : HKLM\Software\SP Global
Schlüssel Gefunden : HKLM\Software\SProtector
Schlüssel Gefunden : HKLM\Software\V9
Schlüssel Gefunden : HKLM\Software\YourFileDownloader
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\IB Updater
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [autolyrics@man-soft.net]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q=%s
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q=%s

-\\ Mozilla Firefox v

[ Datei : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\prefs.js ]

Zeile gefunden : user_pref("CT2319825.1000082.isDisplayHidden", "true");
Zeile gefunden : user_pref("CT2319825.1000082.state", "{\"state\":\"stopped\",\"text\":\"1Live\",\"description\":\"1Live\",\"url\":\"hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_einslive_a\"}");
Zeile gefunden : user_pref("CT2319825.1000234.TWC_TMP_city", "VIENNA");
Zeile gefunden : user_pref("CT2319825.1000234.TWC_TMP_country", "AT");
Zeile gefunden : user_pref("CT2319825.1000234.TWC_locId", "USGA0594");
Zeile gefunden : user_pref("CT2319825.1000234.TWC_location", "Vienna, GA");
Zeile gefunden : user_pref("CT2319825.1000234.TWC_region", "OT");
Zeile gefunden : user_pref("CT2319825.1000234.TWC_temp_dis", "c");
Zeile gefunden : user_pref("CT2319825.1000234.TWC_wind_dis", "kmh");
Zeile gefunden : user_pref("CT2319825.1000234.weatherData", "{\"icon\":\"29.png\",\"temperature\":\"14°C\",\"temperatureClear\":\"14°C\",\"highTemperature\":\"14°C\",\"lowTemperature\":\"13°C\",\"feelsLike\":\"14°C\",[...]
Zeile gefunden : user_pref("CT2319825.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2319825.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2319825.FirstTime", "true");
Zeile gefunden : user_pref("CT2319825.FirstTimeFF3", "true");
Zeile gefunden : user_pref("CT2319825.ID.enc", "NTMxOTQxMjk=");
Zeile gefunden : user_pref("CT2319825.LoginRevertSettingsEnabled", false);
Zeile gefunden : user_pref("CT2319825.RevertSettingsEnabled", true);
Zeile gefunden : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=");
Zeile gefunden : user_pref("CT2319825.UserID", "UN78966689770749893");
Zeile gefunden : user_pref("CT2319825.addressBarTakeOverEnabledInHidden", "true");
Zeile gefunden : user_pref("CT2319825.autoDisableScopes", 2);
Zeile gefunden : user_pref("CT2319825.browser.search.defaultthis.engineName", true);
Zeile gefunden : user_pref("CT2319825.defaultSearch", "true");
Zeile gefunden : user_pref("CT2319825.embeddedsData", "[{\"appId\":\"128898076802619666\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Zeile gefunden : user_pref("CT2319825.enableAlerts", "always");
Zeile gefunden : user_pref("CT2319825.enableSearchFromAddressBar", "true");
Zeile gefunden : user_pref("CT2319825.firstTimeDialogOpened", "true");
Zeile gefunden : user_pref("CT2319825.fixPageNotFoundError", "true");
Zeile gefunden : user_pref("CT2319825.fixPageNotFoundErrorInHidden", "true");
Zeile gefunden : user_pref("CT2319825.fixUrls", true);
Zeile gefunden : user_pref("CT2319825.installId", "conduitnsisintegration");
Zeile gefunden : user_pref("CT2319825.installType", "conduitnsisintegration");
Zeile gefunden : user_pref("CT2319825.isCheckedStartAsHidden", true);
Zeile gefunden : user_pref("CT2319825.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2319825.isFirstTimeToolbarLoading", "false");
Zeile gefunden : user_pref("CT2319825.isNewTabEnabled", false);
Zeile gefunden : user_pref("CT2319825.isPerformedSmartBarTransition", "true");
Zeile gefunden : user_pref("CT2319825.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gefunden : user_pref("CT2319825.keyword", true);
Zeile gefunden : user_pref("CT2319825.migrateAppsAndComponents", true);
Zeile gefunden : user_pref("CT2319825.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.facebook.com%2Findex.php%3Fstype%3Dlo%26lh%3DAc_cTXr3UD7pTrNX\",\"EB_MAIN_FRAME_TITLE\"[...]
Zeile gefunden : user_pref("CT2319825.openThankYouPage", "false");
Zeile gefunden : user_pref("CT2319825.openUninstallPage", "true");
Zeile gefunden : user_pref("CT2319825.revertSettingsEnabled", "false");
Zeile gefunden : user_pref("CT2319825.search.searchAppId", "128898076802619666");
Zeile gefunden : user_pref("CT2319825.search.searchCount", "0");
Zeile gefunden : user_pref("CT2319825.searchInNewTabEnabledInHidden", "true");
Zeile gefunden : user_pref("CT2319825.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2319825.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2319825.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Zeile gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2319825\"}");
Zeile gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://Winload.OurToolbar.com//xpi\"}");
Zeile gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Winload\"}");
Zeile gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2319825.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1354821465896");
Zeile gefunden : user_pref("CT2319825.serviceLayer_services_appsMetadata_lastUpdate", "1354955096156");
Zeile gefunden : user_pref("CT2319825.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1354821466811");
Zeile gefunden : user_pref("CT2319825.serviceLayer_services_login_10.13.40.15_lastUpdate", "1357741309747");
Zeile gefunden : user_pref("CT2319825.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1354821466873");
Zeile gefunden : user_pref("CT2319825.serviceLayer_services_searchAPI_lastUpdate", "1354955096360");
Zeile gefunden : user_pref("CT2319825.serviceLayer_services_serviceMap_lastUpdate", "1357743451250");
Zeile gefunden : user_pref("CT2319825.serviceLayer_services_toolbarContextMenu_lastUpdate", "1354821466838");
Zeile gefunden : user_pref("CT2319825.serviceLayer_services_toolbarSettings_lastUpdate", "1357751367412");
Zeile gefunden : user_pref("CT2319825.serviceLayer_services_translation_lastUpdate", "1357743452626");
Zeile gefunden : user_pref("CT2319825.settingsINI", true);
Zeile gefunden : user_pref("CT2319825.shouldFirstTimeDialog", "false");
Zeile gefunden : user_pref("CT2319825.smartbar.CTID", "CT2319825");
Zeile gefunden : user_pref("CT2319825.smartbar.Uninstall", "0");
Zeile gefunden : user_pref("CT2319825.smartbar.homepage", true);
Zeile gefunden : user_pref("CT2319825.smartbar.isHidden", true);
Zeile gefunden : user_pref("CT2319825.smartbar.toolbarName", "Winload ");
Zeile gefunden : user_pref("CT2319825.startPage", "userChanged");
Zeile gefunden : user_pref("CT2319825.toolbarBornServerTime", "6-12-2012");
Zeile gefunden : user_pref("CT2319825.toolbarCurrentServerTime", "9-1-2013");
Zeile gefunden : user_pref("CT2319825_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1357752043042,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gefunden : user_pref("Smartbar.ConduitHomepagesList", "");
Zeile gefunden : user_pref("Smartbar.ConduitSearchEngineList", "Winload Customized Web Search");
Zeile gefunden : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=");
Zeile gefunden : user_pref("Smartbar.keywordURLSelectedCTID", "CT2319825");
Zeile gefunden : user_pref("aol_toolbar.default.homepage.check", false);
Zeile gefunden : user_pref("aol_toolbar.default.search.check", false);
Zeile gefunden : user_pref("browser.search.defaultengine", "Web Search");
Zeile gefunden : user_pref("browser.search.defaulturl", "hxxp://websearch.good-results.info/?pid=724&r=2013/02/16&hid=1021253944&lg=EN&cc=AT&l=1&q=");
Zeile gefunden : user_pref("extensions.BabylonToolbar.admin", false);
Zeile gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Zeile gefunden : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Zeile gefunden : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.BabylonToolbar.babExt", "");
Zeile gefunden : user_pref("extensions.BabylonToolbar.babTrack", "affID=117023&tt=4912_5");
Zeile gefunden : user_pref("extensions.BabylonToolbar.bbDpng", "24");
Zeile gefunden : user_pref("extensions.BabylonToolbar.cntry", "AT");
Zeile gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Zeile gefunden : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Zeile gefunden : user_pref("extensions.BabylonToolbar.dpkLst", "");
Zeile gefunden : user_pref("extensions.BabylonToolbar.excTlbr", false);
Zeile gefunden : user_pref("extensions.BabylonToolbar.hdrMd5", "6689309A624528F9413A9B148FEF7742");
Zeile gefunden : user_pref("extensions.BabylonToolbar.hmpg", true);
Zeile gefunden : user_pref("extensions.BabylonToolbar.id", "001620ef000000000000000c4343bd02");
Zeile gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15681");
Zeile gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Zeile gefunden : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.4.918:26:07");
Zeile gefunden : user_pref("extensions.BabylonToolbar.newTab", false);
Zeile gefunden : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"59\",\"lastVrsn\":\"59\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Zeile gefunden : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Zeile gefunden : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Zeile gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Zeile gefunden : user_pref("extensions.BabylonToolbar.rvrt", "false");
Zeile gefunden : user_pref("extensions.BabylonToolbar.sg", "azb");
Zeile gefunden : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Zeile gefunden : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Zeile gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Zeile gefunden : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=001620ef000000000000000c4343bd02&q=");
Zeile gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.8.4.9");
Zeile gefunden : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.4.918:26:07");
Zeile gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.8.4.9");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=117023&tt=4912_5");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.newTab", false);
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.4.918:26:07");
Zeile gefunden : user_pref("extensions.enabledAddons", "ffxtlbr%40incredibar.com:1.5.0,software%40loadtubes.com:1.01,%7B40c3cc16-7269-4b32-9531-17f2950fb06f%7D:10.13.40.15,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17[...]
Zeile gefunden : user_pref("extensions.funmoods.aflt", "nv1");
Zeile gefunden : user_pref("extensions.funmoods.autoRvrt", false);
Zeile gefunden : user_pref("extensions.funmoods.cntry", "AT");
Zeile gefunden : user_pref("extensions.funmoods.cv", "cv5");
Zeile gefunden : user_pref("extensions.funmoods.dfltLng", "");
Zeile gefunden : user_pref("extensions.funmoods.dfltSrch", true);
Zeile gefunden : user_pref("extensions.funmoods.dnsErr", true);
Zeile gefunden : user_pref("extensions.funmoods.envrmnt", "production");
Zeile gefunden : user_pref("extensions.funmoods.excTlbr", false);
Zeile gefunden : user_pref("extensions.funmoods.hdrMd5", "E8A7C63620AD6D0E88CB0F3A084ED5BF");
Zeile gefunden : user_pref("extensions.funmoods.hmpg", true);
Zeile gefunden : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzy0E0AyB0CtCtCtBtD0E0FtN0D0Tzu0CtAyDzytN1L2XzutBtFtBtFtCtFyEtDyB&cr=1614796548");
Zeile gefunden : user_pref("extensions.funmoods.id", "001999EA7C1120EF");
Zeile gefunden : user_pref("extensions.funmoods.instlDay", "15698");
Zeile gefunden : user_pref("extensions.funmoods.instlRef", "nv1");
Zeile gefunden : user_pref("extensions.funmoods.isdcmntcmplt", true);
Zeile gefunden : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2219:48:13");
Zeile gefunden : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Zeile gefunden : user_pref("extensions.funmoods.newTab", true);
Zeile gefunden : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzy0E0AyB0CtCtCtBtD0E0FtN0D0Tzu0CtAyDzytN1L2XzutBtFtBtFtCtFyEtDyB&cr=1614796548");
Zeile gefunden : user_pref("extensions.funmoods.prdct", "funmoods");
Zeile gefunden : user_pref("extensions.funmoods.prtnrId", "funmoods");
Zeile gefunden : user_pref("extensions.funmoods.sg", "none");
Zeile gefunden : user_pref("extensions.funmoods.smplGrp", "none");
Zeile gefunden : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Zeile gefunden : user_pref("extensions.funmoods.tlbrId", "base");
Zeile gefunden : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzy0E0AyB0CtCtCtBtD0E0FtN0D0Tzu0CtAyDzytN1L2XzutBtFtBtFtCtFyEtDyB&cr=1614796548&q=[...]
Zeile gefunden : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Zeile gefunden : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2219:48:13");
Zeile gefunden : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Zeile gefunden : user_pref("extensions.funmoods_i.newTab", true);
Zeile gefunden : user_pref("extensions.funmoods_i.smplGrp", "none");
Zeile gefunden : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2219:48:13");
Zeile gefunden : user_pref("extensions.incredibar.actvtyRptTime", "1354954977193");
Zeile gefunden : user_pref("extensions.incredibar.admin", false);
Zeile gefunden : user_pref("extensions.incredibar.aflt", "orgnl");
Zeile gefunden : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Zeile gefunden : user_pref("extensions.incredibar.cntry", "AT");
Zeile gefunden : user_pref("extensions.incredibar.dfltLng", "EN");
Zeile gefunden : user_pref("extensions.incredibar.dfltlng", "EN");
Zeile gefunden : user_pref("extensions.incredibar.dfltsrch", "false");
Zeile gefunden : user_pref("extensions.incredibar.did", "10643");
Zeile gefunden : user_pref("extensions.incredibar.envrmnt", "production");
Zeile gefunden : user_pref("extensions.incredibar.excTlbr", false);
Zeile gefunden : user_pref("extensions.incredibar.hdrMd5", "EFF9AF06198A7E78C29E60F192565867");
Zeile gefunden : user_pref("extensions.incredibar.hmpg", false);
Zeile gefunden : user_pref("extensions.incredibar.hrdid", "001620ef000000000000000c4343bd02");
Zeile gefunden : user_pref("extensions.incredibar.id", "001620ef000000000000000c4343bd02");
Zeile gefunden : user_pref("extensions.incredibar.installerproductid", "26");
Zeile gefunden : user_pref("extensions.incredibar.instlday", "15680");
Zeile gefunden : user_pref("extensions.incredibar.instlref", "");
Zeile gefunden : user_pref("extensions.incredibar.isDcmntCmplt", false);
Zeile gefunden : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Zeile gefunden : user_pref("extensions.incredibar.keywordurl", "");
Zeile gefunden : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1421:05:21");
Zeile gefunden : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Zeile gefunden : user_pref("extensions.incredibar.newtab", "false");
Zeile gefunden : user_pref("extensions.incredibar.newtaburl", "");
Zeile gefunden : user_pref("extensions.incredibar.noFFXTlbr", false);
Zeile gefunden : user_pref("extensions.incredibar.ppd", "1");
Zeile gefunden : user_pref("extensions.incredibar.prdct", "incredibar");
Zeile gefunden : user_pref("extensions.incredibar.productid", "26");
Zeile gefunden : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Zeile gefunden : user_pref("extensions.incredibar.sg", "{smplGrp}");
Zeile gefunden : user_pref("extensions.incredibar.smplgrp", "none");
Zeile gefunden : user_pref("extensions.incredibar.srch", "");
Zeile gefunden : user_pref("extensions.incredibar.srchprvdr", "");
Zeile gefunden : user_pref("extensions.incredibar.tlbrid", "base");
Zeile gefunden : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQRV9rixw&loc=IB_TB&i=26&search=");
Zeile gefunden : user_pref("extensions.incredibar.upn2", "6PQRV9rixw");
Zeile gefunden : user_pref("extensions.incredibar.upn2n", "92544051393484350");
Zeile gefunden : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Zeile gefunden : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Zeile gefunden : user_pref("extensions.incredibar.vrsnts", "1.5.11.1421:05:21");
Zeile gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl");
Zeile gefunden : user_pref("extensions.incredibar_i.dfltLng", "");
Zeile gefunden : user_pref("extensions.incredibar_i.did", "10643");
Zeile gefunden : user_pref("extensions.incredibar_i.excTlbr", false);
Zeile gefunden : user_pref("extensions.incredibar_i.id", "001620ef000000000000000c4343bd02");
Zeile gefunden : user_pref("extensions.incredibar_i.installerproductid", "26");
Zeile gefunden : user_pref("extensions.incredibar_i.instlDay", "15680");
Zeile gefunden : user_pref("extensions.incredibar_i.instlRef", "");
Zeile gefunden : user_pref("extensions.incredibar_i.ms_url_id", "");
Zeile gefunden : user_pref("extensions.incredibar_i.newTab", false);
Zeile gefunden : user_pref("extensions.incredibar_i.ppd", "1");
Zeile gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar");
Zeile gefunden : user_pref("extensions.incredibar_i.productid", "26");
Zeile gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Zeile gefunden : user_pref("extensions.incredibar_i.smplGrp", "none");
Zeile gefunden : user_pref("extensions.incredibar_i.tlbrId", "base");
Zeile gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQRV9rixw&loc=IB_TB&i=26&search=");
Zeile gefunden : user_pref("extensions.incredibar_i.upn2", "6PQRV9rixw");
Zeile gefunden : user_pref("extensions.incredibar_i.upn2n", "92544051393484350");
Zeile gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Zeile gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:05:21");
Zeile gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Zeile gefunden : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13&CUI=SB_CUI");
Zeile gefunden : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=");
Zeile gefunden : user_pref("smartbar.originalHomepage", "hxxp://www.google.at/");
Zeile gefunden : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=");
Zeile gefunden : user_pref("smartbar.originalSearchEngine", "Ask.com");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Zeile gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Zeile gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Zeile gefunden : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v

[ Datei : C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden : icon_url
Gefunden : search_url
Gefunden : keyword
Gefunden : search_url

*************************

AdwCleaner[R0].txt - [44110 octets] - [11/09/2013 09:59:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [44171 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Professional x64
Ran by Hiden on 11.09.2013 at 10:12:06,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1013355498-1814289779-388905639-1000\Software\IB Updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1013355498-1814289779-388905639-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\omigaplussvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\privitizevpn_1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\privitizevpn_1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\privitizevpn_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\privitizevpn_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{62E3F633-EDFB-44CC-9142-718C84A5CD02}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B5918D46-D596-40AB-B9B9-4235D17141A0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{43127BD9-3ACA-4259-9A77-D5C69F5CB9BA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{96932D4E-8C01-43DD-98CC-011CA708A907}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\Hiden\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Users\Hiden\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{2DB10C62-AF5A-4110-94FD-D90AEDF369B1}
Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{73E33F05-4EFB-41EA-A363-0E3FDFE7B2AE}
Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{76BFD201-EEF4-4AB4-B058-DE030E9C9ECD}
Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{87115E91-3D49-443B-BB51-BCD0FDA0AF3C}
Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{896DF8D3-46B1-418C-8474-84A9741BDB2A}
Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{97727E40-0BDD-4B81-A9A7-9F668B6EE871}
Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{C62D2E80-ED1C-4700-B84B-41CD40B523E9}
Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{CCA577B4-4B62-454A-883F-8031D2392960}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Hiden\AppData\Roaming\mozilla\firefox\profiles\jjs60k77.default\extensions\staged
Emptied folder: C:\Users\Hiden\AppData\Roaming\mozilla\firefox\profiles\jjs60k77.default\minidumps [74 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.09.2013 at 10:14:02,47
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Die FRST.txt habe ich gefunden, aber es wurde keine neue Addition erstellt. Da hab ich immer noch nur die erste vom 04.09!?



FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013
Ran by Hiden (administrator) on HIDEN-PC on 11-09-2013 10:16:47
Running from C:\Users\Hiden\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gizmo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Clownfish] - C:\Program Files (x86)\Clownfish\Clownfish.exe [1276152 2013-07-02] (Bogdan Sharkov)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [GizmoDriveDelegate] - C:\Program Files (x86)\Gizmo\gizmo.exe [223640 2013-02-16] (Arainia Solutions)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gizmo.lnk
ShortcutTarget: Gizmo.lnk -> C:\Program Files (x86)\Gizmo\gizmo.exe (Arainia Solutions)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\winload-customized-web-search.xml
FF Extension: ftdownloader - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\ftdownloader@ftdownloader.com.xpi
FF Extension: torntv - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\torntv@torntv.com.xpi
FF Extension: No Name - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\WTB_GLOBAL.sqlite
FF HKLM-x32\...\Firefox\Extensions: [511fe088829a4@511fe088829dd.com] C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com

Chrome:
=======
CHR HomePage: hxxp://www.google.at/
CHR RestoreOnStartup: "https://www.google.at/"
CHR DefaultSearchURL: (Babylon Search) - hxxp://www.google.com
CHR DefaultSuggestURL: (Babylon Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Hiden\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Google Update) - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (Lightning Newtab) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.4.9_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [gkjoindjjcmbdpbfppabdgflnkgbbcli] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2013-02-16] (Arainia Solutions)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek)

==================== Drivers (Whitelisted) ====================

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-25] (Avira Operations GmbH & Co. KG)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-02] (DT Soft Ltd)
S3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-08] (Duplex Secure Ltd.)
U3 ac7mb5mt; C:\Windows\System32\Drivers\ac7mb5mt.sys [0 ] (Advanced Micro Devices)
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-11 10:14 - 2013-09-11 10:14 - 00004005 _____ C:\Users\Hiden\Desktop\JRT.txt
2013-09-11 10:06 - 2013-09-11 10:06 - 00000000 ____D C:\Windows\ERUNT
2013-09-11 09:58 - 2013-09-11 10:02 - 00000000 ____D C:\AdwCleaner
2013-09-09 07:57 - 2013-09-09 08:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-09 07:55 - 2013-09-09 08:59 - 00000000 ____D C:\Users\Hiden\Desktop\mbar
2013-09-09 07:55 - 2013-09-09 07:41 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Hiden\Desktop\mbar-1.07.0.1005.exe
2013-09-06 08:23 - 2013-09-06 08:23 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Gizmo
2013-09-06 07:52 - 2013-09-06 07:52 - 00030365 _____ C:\ComboFix.txt
2013-09-06 07:40 - 2013-09-06 07:52 - 00000000 ____D C:\Qoobox
2013-09-06 07:40 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-06 07:40 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-06 07:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-06 07:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-06 07:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-06 07:40 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-06 07:40 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-06 07:40 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-06 07:39 - 2013-09-06 07:51 - 00000000 ____D C:\Windows\erdnt
2013-09-06 07:39 - 2013-09-06 07:38 - 05120615 ____R (Swearware) C:\Users\Hiden\Desktop\ComboFix.exe
2013-09-04 16:55 - 2013-09-04 16:55 - 00000000 ____D C:\FRST
2013-09-04 16:39 - 2013-09-11 10:15 - 00000000 ____D C:\Users\Hiden\Desktop\share
2013-09-04 14:26 - 2013-09-04 14:28 - 114436733 _____ C:\Users\Hiden\Desktop\Christina Perri - A Thousand Years [Official Music Video].mp4
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-04 13:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-04 12:36 - 2013-09-04 12:36 - 00262144 _____ C:\Windows\system32\config\default.gu
2013-09-04 12:36 - 2013-09-04 12:36 - 00028672 _____ C:\Windows\system32\config\software.gu
2013-09-04 12:35 - 2013-09-02 11:09 - 00024352 _____ C:\Windows\system32\RegBootDefrag.exe
2013-09-04 12:23 - 2013-09-04 16:31 - 00000000 ____D C:\_tools
2013-09-04 11:48 - 2013-09-04 11:48 - 00000000 ____D C:\ProgramData\GlarySoft
2013-09-04 11:42 - 2013-09-11 10:12 - 00000334 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-09-04 11:42 - 2013-09-04 12:38 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-09-04 11:42 - 2013-09-04 11:42 - 00002630 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-09-04 11:42 - 2013-09-04 11:42 - 00001086 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-09-04 11:42 - 2013-09-04 11:42 - 00000075 _____ C:\DiskDefrag.log
2013-09-04 11:42 - 2013-09-04 11:42 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\GlarySoft
2013-09-04 11:42 - 2013-09-02 11:09 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-09-04 11:39 - 2013-09-04 11:39 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\IObit
2013-09-04 11:27 - 2013-09-04 11:27 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-04 11:26 - 2013-06-21 12:23 - 06496544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 03514656 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 02555680 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 00884512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-09-04 11:26 - 2013-06-21 12:23 - 00237856 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-09-04 11:26 - 2013-06-20 06:17 - 03253909 _____ C:\Windows\system32\nvcoproc.bin
2013-09-04 11:18 - 2013-06-21 14:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 15920536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 15144928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 13411896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 12427240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 11235104 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-04 11:18 - 2013-06-21 14:06 - 09239344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02953504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432049.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432049.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 01059560 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00925648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00572704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00570656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00266448 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00218592 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00214448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00181488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00021578 _____ C:\Windows\system32\nvinfo.pb
2013-09-04 11:18 - 2013-02-25 07:27 - 00194848 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-09-04 11:18 - 2013-02-25 07:27 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-09-04 11:18 - 2013-01-29 10:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 02936208 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 02597856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-04 11:10 - 2013-08-20 15:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-09-04 11:10 - 2013-08-20 15:32 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-09-04 11:10 - 2013-08-20 15:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-09-04 08:52 - 2013-09-04 08:53 - 00718115 ____N C:\Windows\Minidump\090413-26676-01.dmp
2013-09-04 07:54 - 2013-09-04 07:54 - 95812354 _____ C:\Windows\SysWOW64\ທ쇓ᵌ'
2013-09-03 08:15 - 2013-09-03 08:15 - 95452537 _____ C:\Windows\SysWOW64\峌雠ᵌH
2013-09-02 08:02 - 2013-09-02 08:02 - 95199985 _____ C:\Windows\SysWOW64\誤軍ᵌ’
2013-09-01 08:38 - 2013-09-01 08:38 - 95128664 _____ C:\Windows\SysWOW64\豹冮ᵌ—
2013-09-01 08:34 - 2013-09-04 10:59 - 00000000 ____D C:\Windows\Minidump
2013-08-31 18:47 - 2013-08-31 18:47 - 00706105 ____N C:\Windows\Minidump\090113-28423-01.dmp
2013-08-31 10:38 - 2013-08-31 16:38 - 95115989 _____ C:\Windows\SysWOW64\塛ᵌ…
2013-08-30 19:38 - 2013-08-30 19:38 - 94985858 _____ C:\Windows\SysWOW64\쟁䡾ᵌ–
2013-08-30 13:39 - 2013-08-30 13:39 - 94829123 _____ C:\Windows\SysWOW64\합ﬠᵌ™
2013-08-29 20:41 - 2013-08-29 20:41 - 94663095 _____ C:\Windows\SysWOW64\ꩠ䥦ᵌ
2013-08-29 14:41 - 2013-08-29 14:41 - 94605346 _____ C:\Windows\SysWOW64\浇榏ᵌD
2013-08-29 08:41 - 2013-08-29 08:41 - 101142192 _____ C:\Windows\SysWOW64\㚣㦶ᵌ¨
2013-08-28 15:03 - 2013-09-04 11:28 - 00000000 ____D C:\hw64_422
2013-08-28 15:01 - 2013-08-28 15:01 - 00000000 ____D C:\cpu-z-166
2013-08-28 13:13 - 2013-08-28 13:13 - 00000000 ____D C:\ProgramData\SummerSoft
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Local\WebPlayer
2013-08-25 15:47 - 2013-08-25 15:47 - 100143688 _____ C:\Windows\SysWOW64\剠楮ᵌ¤
2013-08-23 11:27 - 2013-08-23 11:27 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\EvolutionClips
2013-08-23 07:34 - 2013-08-23 19:34 - 99979851 _____ C:\Windows\SysWOW64\硳ᵌ
2013-08-22 17:40 - 2013-08-22 17:47 - 00000000 ____D C:\Users\Hiden\Documents\Battlefield 3
2013-08-22 17:06 - 2013-08-23 16:01 - 00000000 ____D C:\Program Files (x86)\Battlefield 3
2013-08-22 13:14 - 2013-09-11 10:02 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-08-22 13:14 - 2013-09-04 14:20 - 00002372 _____ C:\Users\Hiden\Desktop\Google Chrome.lnk
2013-08-21 12:43 - 2013-08-21 12:46 - 00000000 ____D C:\Program Files (x86)\Black Ops 2
2013-08-20 16:26 - 2013-08-20 16:26 - 00000000 ____D C:\Program Files (x86)\PowerISO
2013-08-20 16:26 - 2013-07-22 04:19 - 00126872 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2013-08-20 13:26 - 2013-08-29 13:16 - 00000000 ____D C:\Users\Hiden\AppData\Local\Captcha_Brotherhood
2013-08-20 13:26 - 2013-08-20 13:26 - 00000000 ____D C:\Program Files (x86)\Brotherhood Software
2013-08-19 20:02 - 2013-09-04 14:31 - 00178176 ___SH C:\Users\Hiden\Desktop\Thumbs.db
2013-08-16 18:44 - 2013-08-16 18:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Disney Interactive Studios
2013-08-16 18:34 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-08-16 18:33 - 2013-09-02 08:17 - 00000109 _____ C:\Windows\disney.ini
2013-08-15 18:42 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 18:42 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 18:42 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 18:42 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 18:42 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 18:42 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 18:42 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 18:42 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 18:42 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 18:42 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 18:42 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 18:42 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 11:15 - 2013-08-15 11:16 - 00000000 ____D C:\Program Files (x86)\Canon
2013-08-15 11:15 - 2013-08-15 11:15 - 00000000 ____D C:\ProgramData\ZoomBrowser
2013-08-15 09:56 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 09:56 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 09:56 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 09:56 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 09:56 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 09:56 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 09:56 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 09:56 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 09:50 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 09:50 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 09:50 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 09:50 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 09:50 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 09:50 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 09:50 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 09:50 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 09:50 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 09:50 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 09:50 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 09:50 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 09:50 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 09:50 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 09:50 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 09:50 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 09:50 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 09:49 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 09:49 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 19:37 - 2013-08-13 19:37 - 00000000 ___HD C:\Windows\PIF
2013-08-12 12:50 - 2013-08-12 12:50 - 00000000 ____D C:\Program Files (x86)\Dokan

==================== One Month Modified Files and Folders =======

2013-09-11 10:15 - 2013-09-04 16:39 - 00000000 ____D C:\Users\Hiden\Desktop\share
2013-09-11 10:14 - 2013-09-11 10:14 - 00004005 _____ C:\Users\Hiden\Desktop\JRT.txt
2013-09-11 10:12 - 2013-09-04 11:42 - 00000334 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-09-11 10:12 - 2012-12-06 17:24 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Skype
2013-09-11 10:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-11 10:11 - 2009-07-14 06:51 - 00113717 _____ C:\Windows\setupact.log
2013-09-11 10:10 - 2012-12-06 09:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-11 10:09 - 2012-12-05 17:57 - 01443947 _____ C:\Windows\WindowsUpdate.log
2013-09-11 10:09 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-11 10:09 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-11 10:06 - 2013-09-11 10:06 - 00000000 ____D C:\Windows\ERUNT
2013-09-11 10:02 - 2013-09-11 09:58 - 00000000 ____D C:\AdwCleaner
2013-09-11 10:02 - 2013-08-22 13:14 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-11 10:01 - 2012-12-22 09:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-11 09:53 - 2013-09-11 10:16 - 01949408 _____ (Farbar) C:\Users\Hiden\Desktop\FRST64.exe
2013-09-09 08:59 - 2013-09-09 07:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-09 08:59 - 2013-09-09 07:55 - 00000000 ____D C:\Users\Hiden\Desktop\mbar
2013-09-09 07:41 - 2013-09-09 07:55 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Hiden\Desktop\mbar-1.07.0.1005.exe
2013-09-09 07:41 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-09 07:39 - 2013-04-08 15:27 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-09-06 08:23 - 2013-09-06 08:23 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Gizmo
2013-09-06 07:52 - 2013-09-06 07:52 - 00030365 _____ C:\ComboFix.txt
2013-09-06 07:52 - 2013-09-06 07:40 - 00000000 ____D C:\Qoobox
2013-09-06 07:52 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-06 07:51 - 2013-09-06 07:39 - 00000000 ____D C:\Windows\erdnt
2013-09-06 07:49 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-06 07:47 - 2010-11-21 05:47 - 00725504 _____ C:\Windows\PFRO.log
2013-09-06 07:47 - 2009-07-14 04:34 - 71086080 _____ C:\Windows\system32\config\software.bak
2013-09-06 07:47 - 2009-07-14 04:34 - 20447232 _____ C:\Windows\system32\config\system.bak
2013-09-06 07:47 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-09-06 07:47 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\default.bak
2013-09-06 07:47 - 2009-07-14 04:34 - 00028672 _____ C:\Windows\system32\config\security.bak
2013-09-06 07:46 - 2012-12-06 22:12 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\convert
2013-09-06 07:38 - 2013-09-06 07:39 - 05120615 ____R (Swearware) C:\Users\Hiden\Desktop\ComboFix.exe
2013-09-05 14:11 - 2013-02-17 11:08 - 00000000 ____D C:\Users\Hiden\Documents\Euro Truck Simulator 2
2013-09-05 13:57 - 2013-06-05 17:56 - 00122880 ___SH C:\Users\Hiden\Thumbs.db
2013-09-05 07:27 - 2013-03-31 20:04 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-09-04 16:55 - 2013-09-04 16:55 - 00000000 ____D C:\FRST
2013-09-04 16:38 - 2012-12-24 22:35 - 00000000 ____D C:\Users\Hiden\Desktop\Programme
2013-09-04 16:31 - 2013-09-04 12:23 - 00000000 ____D C:\_tools
2013-09-04 15:10 - 2013-07-21 21:07 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Audacity
2013-09-04 14:31 - 2013-08-19 20:02 - 00178176 ___SH C:\Users\Hiden\Desktop\Thumbs.db
2013-09-04 14:28 - 2013-09-04 14:26 - 114436733 _____ C:\Users\Hiden\Desktop\Christina Perri - A Thousand Years [Official Music Video].mp4
2013-09-04 14:20 - 2013-08-22 13:14 - 00002372 _____ C:\Users\Hiden\Desktop\Google Chrome.lnk
2013-09-04 14:19 - 2012-12-05 18:10 - 00001427 _____ C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-04 13:54 - 2012-12-06 17:29 - 00000000 ____D C:\Users\Hiden\AppData\Local\CrashDumps
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-04 12:40 - 2012-12-06 16:33 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\NVIDIA
2013-09-04 12:38 - 2013-09-04 11:42 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-09-04 12:36 - 2013-09-04 12:36 - 00262144 _____ C:\Windows\system32\config\default.gu
2013-09-04 12:36 - 2013-09-04 12:36 - 00028672 _____ C:\Windows\system32\config\software.gu
2013-09-04 12:36 - 2012-12-05 18:05 - 00000000 ____D C:\Users\Hiden
2013-09-04 12:36 - 2009-07-14 04:34 - 71303168 _____ C:\Windows\system32\config\software.gu.bak
2013-09-04 12:36 - 2009-07-14 04:34 - 20447232 _____ C:\Windows\system32\config\system.gu.bak
2013-09-04 12:36 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.gu.bak
2013-09-04 12:35 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.gu.bak
2013-09-04 11:51 - 2012-12-07 14:49 - 00000000 ___RD C:\Users\Hiden\Desktop\Spiele
2013-09-04 11:48 - 2013-09-04 11:48 - 00000000 ____D C:\ProgramData\GlarySoft
2013-09-04 11:42 - 2013-09-04 11:42 - 00002630 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-09-04 11:42 - 2013-09-04 11:42 - 00001086 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-09-04 11:42 - 2013-09-04 11:42 - 00000075 _____ C:\DiskDefrag.log
2013-09-04 11:42 - 2013-09-04 11:42 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\GlarySoft
2013-09-04 11:39 - 2013-09-04 11:39 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\IObit
2013-09-04 11:28 - 2013-08-28 15:03 - 00000000 ____D C:\hw64_422
2013-09-04 11:27 - 2013-09-04 11:27 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-04 11:27 - 2012-12-06 09:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-04 11:26 - 2012-12-06 09:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-04 11:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2013-09-04 11:25 - 2012-12-06 09:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-09-04 11:09 - 2013-03-25 14:59 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 10:59 - 2013-09-01 08:34 - 00000000 ____D C:\Windows\Minidump
2013-09-04 08:53 - 2013-09-04 08:52 - 00718115 ____N C:\Windows\Minidump\090413-26676-01.dmp
2013-09-04 08:39 - 2012-12-06 09:55 - 00086552 _____ C:\Users\Hiden\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-04 08:28 - 2009-07-14 06:45 - 00343656 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-04 08:26 - 2013-04-22 15:30 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2013-09-04 08:21 - 2013-02-28 19:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-04 08:20 - 2013-06-20 15:26 - 00000600 _____ C:\Windows\Rtcw.INI
2013-09-04 08:20 - 2012-12-06 16:33 - 00000000 ____D C:\Users\Hiden\Documents\my games
2013-09-04 08:19 - 2013-07-09 17:19 - 00000000 ____D C:\Program Files (x86)\Cube World
2013-09-04 07:54 - 2013-09-04 07:54 - 95812354 _____ C:\Windows\SysWOW64\ທ쇓ᵌ'
2013-09-03 22:12 - 2013-01-27 13:41 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\TS3Client
2013-09-03 08:15 - 2013-09-03 08:15 - 95452537 _____ C:\Windows\SysWOW64\峌雠ᵌH
2013-09-02 17:01 - 2012-12-06 21:15 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\.minecraft
2013-09-02 11:09 - 2013-09-04 12:35 - 00024352 _____ C:\Windows\system32\RegBootDefrag.exe
2013-09-02 11:09 - 2013-09-04 11:42 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-09-02 08:17 - 2013-08-16 18:33 - 00000109 _____ C:\Windows\disney.ini
2013-09-02 08:02 - 2013-09-02 08:02 - 95199985 _____ C:\Windows\SysWOW64\誤軍ᵌ’
2013-09-01 08:38 - 2013-09-01 08:38 - 95128664 _____ C:\Windows\SysWOW64\豹冮ᵌ—
2013-08-31 18:47 - 2013-08-31 18:47 - 00706105 ____N C:\Windows\Minidump\090113-28423-01.dmp
2013-08-31 16:38 - 2013-08-31 10:38 - 95115989 _____ C:\Windows\SysWOW64\塛ᵌ…
2013-08-30 19:38 - 2013-08-30 19:38 - 94985858 _____ C:\Windows\SysWOW64\쟁䡾ᵌ–
2013-08-30 13:39 - 2013-08-30 13:39 - 94829123 _____ C:\Windows\SysWOW64\합ﬠᵌ™
2013-08-29 20:41 - 2013-08-29 20:41 - 94663095 _____ C:\Windows\SysWOW64\ꩠ䥦ᵌ
2013-08-29 14:41 - 2013-08-29 14:41 - 94605346 _____ C:\Windows\SysWOW64\浇榏ᵌD
2013-08-29 13:17 - 2013-01-27 13:41 - 00000000 ____D C:\Users\Hiden\AppData\Local\TeamSpeak 3 Client
2013-08-29 13:16 - 2013-08-20 13:26 - 00000000 ____D C:\Users\Hiden\AppData\Local\Captcha_Brotherhood
2013-08-29 08:41 - 2013-08-29 08:41 - 101142192 _____ C:\Windows\SysWOW64\㚣㦶ᵌ¨
2013-08-28 15:01 - 2013-08-28 15:01 - 00000000 ____D C:\cpu-z-166
2013-08-28 13:13 - 2013-08-28 13:13 - 00000000 ____D C:\ProgramData\SummerSoft
2013-08-28 13:13 - 2012-12-20 15:27 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-28 11:21 - 2013-05-19 10:52 - 00000000 ____D C:\Users\Hiden\AppData\Local\Akamai
2013-08-28 11:21 - 2013-03-21 21:02 - 00000000 ____D C:\Program Files (x86)\Clownfish
2013-08-28 11:21 - 2013-01-27 13:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\ts3overlay
2013-08-28 11:21 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-28 11:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-08-28 10:28 - 2011-02-11 16:47 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-08-28 10:28 - 2011-02-11 16:47 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-08-28 10:28 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Local\WebPlayer
2013-08-25 15:47 - 2013-08-25 15:47 - 100143688 _____ C:\Windows\SysWOW64\剠楮ᵌ¤
2013-08-23 19:34 - 2013-08-23 07:34 - 99979851 _____ C:\Windows\SysWOW64\硳ᵌ
2013-08-23 16:09 - 2013-06-03 21:08 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-08-23 16:01 - 2013-08-22 17:06 - 00000000 ____D C:\Program Files (x86)\Battlefield 3
2013-08-23 15:11 - 2012-12-25 11:58 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\uTorrent
2013-08-23 11:27 - 2013-08-23 11:27 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\EvolutionClips
2013-08-22 17:47 - 2013-08-22 17:40 - 00000000 ____D C:\Users\Hiden\Documents\Battlefield 3
2013-08-22 17:39 - 2013-03-09 17:02 - 00000000 ____D C:\Users\Hiden\AppData\Local\Unity
2013-08-22 17:38 - 2013-06-03 21:08 - 00000000 ____D C:\ProgramData\Origin
2013-08-22 13:14 - 2012-12-05 18:07 - 00000000 ____D C:\Users\Hiden\AppData\Local\Google
2013-08-22 13:12 - 2012-12-05 18:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-21 12:46 - 2013-08-21 12:43 - 00000000 ____D C:\Program Files (x86)\Black Ops 2
2013-08-20 20:32 - 2012-12-22 09:13 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 20:32 - 2012-12-06 17:01 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 20:32 - 2012-12-06 17:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 16:26 - 2013-08-20 16:26 - 00000000 ____D C:\Program Files (x86)\PowerISO
2013-08-20 15:33 - 2013-09-04 11:10 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-08-20 15:32 - 2013-09-04 11:10 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-08-20 15:32 - 2013-09-04 11:10 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-08-20 13:26 - 2013-08-20 13:26 - 00000000 ____D C:\Program Files (x86)\Brotherhood Software
2013-08-20 10:48 - 2013-05-07 14:15 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-20 10:48 - 2013-03-25 14:59 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-17 10:49 - 2012-12-05 18:01 - 00218987 _____ C:\Windows\DirectX.log
2013-08-16 18:44 - 2013-08-16 18:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Disney Interactive Studios
2013-08-16 15:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 18:38 - 2013-07-13 13:17 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 18:37 - 2012-12-06 10:43 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 11:20 - 2013-02-26 21:16 - 00037531 ____H C:\Users\Hiden\Desktop\ZbThumbnail.info
2013-08-15 11:16 - 2013-08-15 11:15 - 00000000 ____D C:\Program Files (x86)\Canon
2013-08-15 11:15 - 2013-08-15 11:15 - 00000000 ____D C:\ProgramData\ZoomBrowser
2013-08-15 09:31 - 2013-06-19 16:25 - 00000000 ____D C:\Users\Hiden\Documents\bitComposer Games
2013-08-15 09:30 - 2013-04-28 12:38 - 00000000 ____D C:\Program Files (x86)\Nokia
2013-08-15 09:25 - 2013-07-24 13:22 - 00000000 ____D C:\Users\Hiden\AppData\Local\LogMeIn Hamachi
2013-08-13 19:37 - 2013-08-13 19:37 - 00000000 ___HD C:\Windows\PIF
2013-08-12 12:50 - 2013-08-12 12:50 - 00000000 ____D C:\Program Files (x86)\Dokan
2013-08-12 11:12 - 2013-04-19 21:18 - 00000000 ____D C:\ts3overlay

Files to move or delete:
====================
C:\Users\Hiden\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-01 12:09

==================== End Of Log ============================
--- --- ---

--- --- ---

cosinus 11.09.2013 14:17
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


fuxing 12.09.2013 06:39
Code:
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.11.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Hiden :: HIDEN-PC [Administrator]

Schutz: Aktiviert

11.09.2013 16:15:00
mbam-log-2013-09-11 (16-15-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen:
Durchsuchte Objekte: 250395
Laufzeit: 4 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
ESET hat dann aber wieder was gefunden?

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7f007effce64fb46a2ad2f0e115843f9
# engine=15091
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-11 07:31:12
# local_time=2013-09-11 09:31:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 19216 244347562 35417 0
# compatibility_mode=5893 16776574 100 94 5214650 130557722 0 0
# scanned=191861
# found=3
# cleaned=0
# scan_time=18530
sh=696254FF4BE9EECAB3EAE8C2FEE3597B21115257 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com\content\bg.js.vir"
sh=AA5D115DEFE49B55BD8FF7E84B12F1B6F1748726 ft=0 fh=0000000000000000 vn="Win32/Adware.1ClickDownload.AO application" ac=I fn="D:\HIDEN-PC\Backup Set 2013-09-01 190002\Backup Files 2013-09-01 190002\Backup files 10.zip"
sh=0BABE952B708D4DFC2DF9A94BE7BD356F9B1184C ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="D:\HIDEN-PC\Backup Set 2013-09-01 190002\Backup Files 2013-09-01 190002\Backup files 6.zip"
Code:
C:\Qoobox\Quarantine\C\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com\content\bg.js.vir        Win32/Adware.MultiPlug.H application
D:\HIDEN-PC\Backup Set 2013-09-01 190002\Backup Files 2013-09-01 190002\Backup files 10.zip        Win32/Adware.1ClickDownload.AO application
D:\HIDEN-PC\Backup Set 2013-09-01 190002\Backup Files 2013-09-01 190002\Backup files 6.zip        Win32/Adware.MultiPlug.H application

cosinus 12.09.2013 12:23
Sind nur irrelevante Reste. Bitte noch TFC ausführen:

TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.


fuxing 12.09.2013 12:52
TFC hat so einiges gelöscht, habe jetzt nochmal mbam laufen lassen (keine Funde)

und ESET auch nochmal gestartet, läuft aber noch...

cosinus 12.09.2013 14:12
ESET musst du nicht nochmal ausführen! Die Funde sind irrelevant!

fuxing 12.09.2013 14:25
Okay.
Das heißt du bist der Meinung, dass ich es hinter mir habe?

Oder gibts sonst nochwas?

cosinus 12.09.2013 14:49
Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

fuxing 12.09.2013 14:51
Sonst gibts im Moment keine offensichtlichen Probleme (wegen der GraKa Temperatur hilft mir Acid303).

Also: VIELEN, VIELEN DANK!!!!!!!!!!!!!!!!!!!!!!
Für die Bemühungen und deine Hilfe!

VIELEN DANK!

cosinus 12.09.2013 15:17
Dann wären wir durch! :daumenhoc


Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden.

Helfen kann dir dabei delfix:


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.






Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:39 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19