Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Vista 64bit System lagt von Zeit zu Zeit ohne ersichtlichen Grund - Als wenn Systemzugriff von außen stattfindet (https://www.trojaner-board.de/143369-vista-64bit-system-lagt-zeit-zeit-ohne-ersichtlichen-grund-systemzugriff-aussen-stattfindet.html)

Houseman 21.10.2013 13:24
Vista 64bit System lagt von Zeit zu Zeit ohne ersichtlichen Grund - Als wenn Systemzugriff von außen stattfindet
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo liebe Helfer.
Nun habe ich sovielen Usern schon Eure Seite empfohlen, und nun stehe ich selber mal vor einem Rätsel und benötige Hilfe.

Mein System hat in den vergangenen Wochen immer öfter die Angewohnheit sich so zu verhalten, als wenn ein anderer User von außen Zugriff auf das System nimmt.
Das System lagt dann sehr stark, die Maus lässt sich nur hakelig beutzen und die Systemressourcen werden ziemlich strapaziert.
Einige Male konnte ich den Explorer.exe als Übeltäter entlarven, der mit weit über 70% das System nicht wieder freigegeben hatte.
Das Problem beseitigte ich damit, das ich die Prozessstruktur des Explorers beendete und neu startete (über Task Manager).
Trotzdem habe ich langsam das Gefühl das ich mir doch irgendwie unfreiwillig etwas eingefangen habe.
Unser Privat Server wurde vor kurzen erst gehackt und für 3 Stunden als Spamschleuder missbraucht. Es war ein Haken in der Sicherheitseinstellung nicht richtig gesetzt worden. Möglicherweise konnte dies auch erst geschehen weil mein System kompromittiert ist !?
Mein Antivirus Programm AVG Free Edition 2014 sagt alles ok. Hat aber vor kurzen in ankommenden T-Com Mail (ich bin nicht T-Kunde, von daher wären die eh nie geöffnet worden), Malware gefunden.
AVG, Microsoft Essential und aktivierte Firewall, sowie diverse Sicherheitseinstellungen sind aktiv und in den vergangenen 10 Jahren, hatte ich auch nie Probleme, da ich grundsätzlich mit originaler Software arbeite. Was aber ja auch nichts heißt heutzutage.

Ich habe mal die Programme ausgeführt, sowie beschrieben und bis auf GMER (ich habe davon einen Screenshot machen müssen, weil der nicht save ausführt), funktionierte auch alles.

Wäre Nett wenn da mal einer drauf schauen könnte :kaffee:

Lieben Gruß
Houseman

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2013
Ran by ***** (administrator) on ***** on 21-10-2013 11:49:29
Running from C:\Users\*****\Downloads
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\iashost.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-16] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe
HKCU\...\Run: [Google Update] - C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-20] (Google Inc.)
MountPoints2: {92fa9643-65fe-11e1-b537-806e6f6e6963} - D:\Run.exe
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe (Samsung Electronics.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {45FCC686-4F75-4346-BDB4-694FE282A28B} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {45FCC686-4F75-4346-BDB4-694FE282A28B} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\*****\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\*****\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (InoViewer Plugin) - C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\*****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\*****\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S4 Backup Service Home-Dienst; C:\Program Files (x86)\Alexosoft\Backup Service Home 3\BSHService.exe [17920 2012-12-04] (Alexander Seeliger Software)
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
S3 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2013-09-15] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] ()

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-03-05] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [34704 2010-02-05] (CSR, plc)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-03-05] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [49256 2011-05-10] (Yamaha Corporation)
S3 7ByteIo; \??\C:\Program Files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [x]
S3 ALSysIO; \??\C:\Users\*****\AppData\Local\Temp\ALSysIO64.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S3 GenericMount; system32\DRIVERS\GenericMount.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
U2 V2iMount;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-21 11:49 - 2013-10-21 11:49 - 00000000 ____D C:\FRST
2013-10-21 11:47 - 2013-10-21 11:47 - 01954670 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2013-10-21 11:47 - 2013-10-21 11:47 - 00050477 _____ C:\Users\*****\Downloads\Defogger.exe
2013-10-21 11:47 - 2013-10-21 11:47 - 00000472 _____ C:\Users\*****\Downloads\defogger_disable.log
2013-10-21 11:47 - 2013-10-21 11:47 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-10-14 20:57 - 2013-10-14 20:57 - 00317160 _____ C:\Users\*****\Downloads\worldguard-5.7.5.zip
2013-10-14 20:42 - 2013-10-14 20:42 - 00320559 _____ C:\Users\*****\Downloads\worldguard-5.8.zip
2013-10-14 17:51 - 2013-10-14 17:51 - 00000000 ____D C:\Users\*****\Downloads\Legend of Taleth
2013-10-14 17:49 - 2013-10-14 17:50 - 18581277 _____ C:\Users\*****\Downloads\Legend of Taleth.zip
2013-10-14 17:49 - 2013-10-14 17:49 - 00000000 ____D C:\Users\*****\Downloads\Dragon Tribes (2)
2013-10-14 17:40 - 2013-10-14 17:43 - 63512548 _____ C:\Users\*****\Downloads\Dragon Tribes (2).zip
2013-10-13 21:30 - 2013-10-17 00:15 - 00000510 _____ C:\Windows\WORDPAD.INI
2013-10-13 00:12 - 2013-10-13 00:12 - 00000000 ____D C:\Users\*****\Downloads\teamspeak3-server_win64-3.0.7.1
2013-10-13 00:11 - 2013-10-13 00:11 - 05273235 _____ C:\Users\*****\Downloads\teamspeak3-server_win64-3.0.7.1.zip
2013-10-13 00:10 - 2013-10-13 00:10 - 00614816 _____ C:\Users\*****\Downloads\TeamSpeak3-Client-win32-3.0.7.1.exe
2013-10-09 21:30 - 2013-10-09 21:30 - 00000000 ____D C:\Users\Administration\AppData\Roaming\AVG2014
2013-10-09 21:30 - 2013-10-09 21:30 - 00000000 ____D C:\Users\Administration\AppData\Local\Avg2014
2013-10-09 10:22 - 2013-10-09 12:52 - 00030761 _____ C:\Users\*****\Documents\Heizverbrauch2013-2014.ods
2013-10-09 10:00 - 2013-09-23 14:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 10:00 - 2013-09-23 14:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 10:00 - 2013-09-23 14:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-09 10:00 - 2013-09-23 14:55 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-10-09 10:00 - 2013-09-23 14:53 - 00611840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2013-10-09 10:00 - 2013-09-23 14:52 - 06017024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 10:00 - 2013-09-23 14:52 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 10:00 - 2013-09-23 14:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-09 10:00 - 2013-09-23 14:52 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 11111936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 02005504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 01469440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-09 10:00 - 2013-09-23 14:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 10:00 - 2013-09-23 14:50 - 00387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-10-09 10:00 - 2013-09-23 14:49 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll
2013-10-09 10:00 - 2013-09-23 13:14 - 00385024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-10-09 10:00 - 2013-09-23 12:51 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 10:00 - 2013-09-23 12:50 - 01489920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 10:00 - 2013-09-23 12:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-09 10:00 - 2013-09-23 12:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-10-09 10:00 - 2013-09-23 12:47 - 09342464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 10:00 - 2013-09-23 12:47 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-10-09 10:00 - 2013-09-23 12:47 - 00742912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 10:00 - 2013-09-23 12:47 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-09 10:00 - 2013-09-23 12:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 12510208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 02357760 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-09 10:00 - 2013-09-23 12:46 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 10:00 - 2013-09-23 12:44 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-10-09 10:00 - 2013-09-23 11:29 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-10-09 10:00 - 2013-09-23 11:29 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-09 10:00 - 2013-09-23 11:27 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 10:00 - 2013-09-23 11:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-10-09 10:00 - 2013-09-23 11:26 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-09 10:00 - 2013-09-23 09:44 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-09 10:00 - 2013-09-23 09:43 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 10:00 - 2013-09-23 09:40 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-10-09 10:00 - 2013-09-23 09:39 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 10:00 - 2013-08-29 09:48 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 10:00 - 2013-08-27 05:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-09 10:00 - 2013-08-27 05:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-09 10:00 - 2013-08-27 05:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-09 10:00 - 2013-08-27 05:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-09 10:00 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-09 10:00 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-09 10:00 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-09 10:00 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-09 10:00 - 2013-08-27 04:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-09 10:00 - 2013-08-27 04:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-09 10:00 - 2013-08-27 04:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-09 10:00 - 2013-08-27 04:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-09 10:00 - 2013-08-27 04:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-09 10:00 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-09 10:00 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-09 10:00 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-09 10:00 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-10-09 10:00 - 2013-08-01 06:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 10:00 - 2013-08-01 05:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-09 10:00 - 2013-07-20 12:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 10:00 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 10:00 - 2013-07-12 11:19 - 00099200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 10:00 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 10:00 - 2013-07-04 06:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 10:00 - 2013-07-03 04:55 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 10:00 - 2013-07-03 04:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 10:00 - 2013-06-29 04:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 10:00 - 2013-06-29 04:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 10:00 - 2013-06-29 04:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 10:00 - 2013-06-29 04:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 10:00 - 2013-06-27 01:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 10:00 - 2013-06-04 06:16 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 10:00 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 10:00 - 2013-06-04 04:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 10:00 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 10:00 - 2011-05-05 16:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 09:58 - 2013-10-09 09:58 - 00039732 _____ C:\Users\*****\Documents\Heizverbrauch2012-2013.ods
2013-10-06 19:12 - 2013-10-06 19:12 - 00000000 ____D C:\Users\*****\Desktop\MC_Bukkit - Kreativ
2013-10-05 11:38 - 2013-10-05 11:38 - 00421267 _____ C:\Users\*****\Downloads\OptiFine_1.6.4_HD_U_C5.jar
2013-10-05 11:30 - 2013-10-05 11:30 - 00263186 _____ C:\Users\*****\Downloads\Minecraft (2).exe
2013-10-03 13:37 - 2013-10-03 13:37 - 00797183 _____ C:\Users\*****\Downloads\worldedit-5.5.6.zip
2013-10-03 11:35 - 2013-10-03 11:35 - 00000050 _____ C:\Users\*****\run.bat
2013-10-03 11:34 - 2013-10-06 03:56 - 00000000 ____D C:\Users\*****\Desktop\MC_Bukkit
2013-10-03 10:29 - 2013-10-03 10:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVG2014
2013-10-03 10:27 - 2013-10-11 11:20 - 00000859 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-03 10:27 - 2013-10-03 10:29 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-27 19:05 - 2013-10-03 11:32 - 00000000 ____D C:\Users\*****\AppData\Local\Avg2014
2013-09-25 21:07 - 2013-09-25 21:07 - 00148792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2013-09-24 14:57 - 2013-09-24 14:57 - 00421387 _____ C:\Users\*****\Downloads\OptiFine_1.6.4_HD_U_C4 (1).jar
2013-09-24 14:56 - 2013-09-24 14:56 - 00421387 _____ C:\Users\*****\Downloads\OptiFine_1.6.4_HD_U_C4.jar
2013-09-24 11:08 - 2013-09-24 11:08 - 00675988 _____ C:\Users\*****\Downloads\Minecraft (1).exe

==================== One Month Modified Files and Folders =======

2013-10-21 11:49 - 2013-10-21 11:49 - 00000000 ____D C:\FRST
2013-10-21 11:47 - 2013-10-21 11:47 - 01954670 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2013-10-21 11:47 - 2013-10-21 11:47 - 00050477 _____ C:\Users\*****\Downloads\Defogger.exe
2013-10-21 11:47 - 2013-10-21 11:47 - 00000472 _____ C:\Users\*****\Downloads\defogger_disable.log
2013-10-21 11:47 - 2013-10-21 11:47 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-10-21 11:47 - 2012-03-04 00:03 - 00000000 ____D C:\Users\*****
2013-10-21 11:35 - 2008-01-21 13:10 - 00753858 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-21 11:35 - 2008-01-21 13:09 - 00628742 _____ C:\Windows\system32\perfh007.dat
2013-10-21 11:35 - 2008-01-21 13:09 - 00126486 _____ C:\Windows\system32\perfc007.dat
2013-10-21 11:33 - 2013-08-16 23:01 - 01058862 _____ C:\Windows\WindowsUpdate.log
2013-10-21 11:31 - 2012-03-07 15:38 - 00000000 ____D C:\Users\*****\AppData\Roaming\Nitro PDF
2013-10-21 11:30 - 2012-07-31 17:08 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-10-21 11:30 - 2006-11-02 17:42 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-21 11:30 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-21 11:30 - 2006-11-02 17:22 - 00004576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-21 11:30 - 2006-11-02 17:22 - 00004576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-21 11:28 - 2013-09-05 22:18 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1109511523-3860671390-4157341050-1000UA.job
2013-10-21 11:27 - 2013-07-06 19:50 - 00000000 ____D C:\ProgramData\MFAData
2013-10-21 11:25 - 2013-08-07 09:21 - 00000000 ____D C:\Users\*****\AppData\Roaming\.minecraft
2013-10-21 10:33 - 2012-10-01 18:15 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-21 10:33 - 2012-03-05 00:11 - 00000000 ____D C:\Users\*****\AppData\Roaming\TS3Client
2013-10-21 01:28 - 2013-09-05 22:18 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1109511523-3860671390-4157341050-1000Core.job
2013-10-20 23:32 - 2012-03-04 01:25 - 00000000 ____D C:\Users\*****\Documents\Kabel Deutschland
2013-10-20 23:31 - 2012-12-26 17:14 - 00000000 ____D C:\Users\*****\AppData\Local\Paint.NET
2013-10-20 19:54 - 2012-03-05 01:02 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc
2013-10-20 01:19 - 2012-03-04 05:20 - 00156672 _____ C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-20 00:24 - 2013-03-11 19:36 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-19 17:47 - 2013-03-19 00:08 - 00000000 ____D C:\Users\*****\AppData\Local\Procaster
2013-10-18 01:23 - 2013-09-05 22:18 - 00004094 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1109511523-3860671390-4157341050-1000UA
2013-10-18 01:23 - 2013-09-05 22:18 - 00003698 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1109511523-3860671390-4157341050-1000Core
2013-10-17 14:22 - 2012-12-17 21:29 - 00000000 ____D C:\Fraps
2013-10-17 00:15 - 2013-10-13 21:30 - 00000510 _____ C:\Windows\WORDPAD.INI
2013-10-16 01:44 - 2012-11-08 12:31 - 00001912 _____ C:\Windows\epplauncher.mif
2013-10-16 01:44 - 2012-11-08 12:29 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-16 01:44 - 2012-11-08 12:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-14 20:57 - 2013-10-14 20:57 - 00317160 _____ C:\Users\*****\Downloads\worldguard-5.7.5.zip
2013-10-14 20:42 - 2013-10-14 20:42 - 00320559 _____ C:\Users\*****\Downloads\worldguard-5.8.zip
2013-10-14 17:51 - 2013-10-14 17:51 - 00000000 ____D C:\Users\*****\Downloads\Legend of Taleth
2013-10-14 17:50 - 2013-10-14 17:49 - 18581277 _____ C:\Users\*****\Downloads\Legend of Taleth.zip
2013-10-14 17:49 - 2013-10-14 17:49 - 00000000 ____D C:\Users\*****\Downloads\Dragon Tribes (2)
2013-10-14 17:43 - 2013-10-14 17:40 - 63512548 _____ C:\Users\*****\Downloads\Dragon Tribes (2).zip
2013-10-13 00:12 - 2013-10-13 00:12 - 00000000 ____D C:\Users\*****\Downloads\teamspeak3-server_win64-3.0.7.1
2013-10-13 00:11 - 2013-10-13 00:11 - 05273235 _____ C:\Users\*****\Downloads\teamspeak3-server_win64-3.0.7.1.zip
2013-10-13 00:10 - 2013-10-13 00:10 - 00614816 _____ C:\Users\*****\Downloads\TeamSpeak3-Client-win32-3.0.7.1.exe
2013-10-11 11:20 - 2013-10-03 10:27 - 00000859 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-11 11:20 - 2013-07-06 19:51 - 00000000 ___HD C:\$AVG
2013-10-09 21:30 - 2013-10-09 21:30 - 00000000 ____D C:\Users\Administration\AppData\Roaming\AVG2014
2013-10-09 21:30 - 2013-10-09 21:30 - 00000000 ____D C:\Users\Administration\AppData\Local\Avg2014
2013-10-09 15:11 - 2006-11-02 17:21 - 02049032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 12:54 - 2013-07-15 23:26 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 12:53 - 2006-11-02 14:35 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-09 12:52 - 2013-10-09 10:22 - 00030761 _____ C:\Users\*****\Documents\Heizverbrauch2013-2014.ods
2013-10-09 09:58 - 2013-10-09 09:58 - 00039732 _____ C:\Users\*****\Documents\Heizverbrauch2012-2013.ods
2013-10-08 17:20 - 2013-01-18 14:30 - 00000000 ____D C:\Users\*****\AppData\Roaming\Canon
2013-10-08 17:20 - 2012-03-05 00:54 - 00000000 ____D C:\Program Files (x86)\Paint Shop Pro 6
2013-10-08 17:20 - 2012-03-04 01:22 - 00000000 ____D C:\Users\*****\Desktop\Scanner
2013-10-06 19:12 - 2013-10-06 19:12 - 00000000 ____D C:\Users\*****\Desktop\MC_Bukkit - Kreativ
2013-10-06 03:56 - 2013-10-03 11:34 - 00000000 ____D C:\Users\*****\Desktop\MC_Bukkit
2013-10-05 11:38 - 2013-10-05 11:38 - 00421267 _____ C:\Users\*****\Downloads\OptiFine_1.6.4_HD_U_C5.jar
2013-10-05 11:30 - 2013-10-05 11:30 - 00263186 _____ C:\Users\*****\Downloads\Minecraft (2).exe
2013-10-03 13:37 - 2013-10-03 13:37 - 00797183 _____ C:\Users\*****\Downloads\worldedit-5.5.6.zip
2013-10-03 11:35 - 2013-10-03 11:35 - 00000050 _____ C:\Users\*****\run.bat
2013-10-03 11:32 - 2013-09-27 19:05 - 00000000 ____D C:\Users\*****\AppData\Local\Avg2014
2013-10-03 10:29 - 2013-10-03 10:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVG2014
2013-10-03 10:29 - 2013-10-03 10:27 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-03 10:29 - 2013-07-06 19:51 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-02 21:52 - 2012-12-29 00:52 - 00000000 ____D C:\Users\*****\Desktop\Minecraft Server
2013-10-02 21:28 - 2010-02-17 23:35 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-10-02 10:01 - 2013-06-13 17:28 - 00000000 ____D C:\Users\*****\Desktop\Minecraft Server - kreativ
2013-09-30 12:56 - 2013-06-16 10:30 - 00000000 ____D C:\Program Files (x86)\Planetary Annihilation
2013-09-29 10:28 - 2013-05-27 00:49 - 00000000 ____D C:\Users\*****\AppData\Roaming\ts3overlay
2013-09-25 21:07 - 2013-09-25 21:07 - 00148792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2013-09-25 16:51 - 2013-03-31 23:36 - 00000000 ____D C:\Users\*****\AppData\Local\Microsoft Games
2013-09-25 04:54 - 2012-11-20 17:27 - 00000000 ____D C:\Users\*****\Desktop\Motor-Talk
2013-09-24 14:57 - 2013-09-24 14:57 - 00421387 _____ C:\Users\*****\Downloads\OptiFine_1.6.4_HD_U_C4 (1).jar
2013-09-24 14:56 - 2013-09-24 14:56 - 00421387 _____ C:\Users\*****\Downloads\OptiFine_1.6.4_HD_U_C4.jar
2013-09-24 11:08 - 2013-09-24 11:08 - 00675988 _____ C:\Users\*****\Downloads\Minecraft (1).exe
2013-09-23 14:57 - 2013-10-09 10:00 - 01212928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 14:57 - 2013-10-09 10:00 - 00916992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 14:57 - 2013-10-09 10:00 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-23 14:55 - 2013-10-09 10:00 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-09-23 14:53 - 2013-10-09 10:00 - 00611840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2013-09-23 14:52 - 2013-10-09 10:00 - 06017024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 14:52 - 2013-10-09 10:00 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 14:52 - 2013-10-09 10:00 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-23 14:52 - 2013-10-09 10:00 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 11111936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 02005504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 01469440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-23 14:51 - 2013-10-09 10:00 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 14:50 - 2013-10-09 10:00 - 00387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-09-23 14:49 - 2013-10-09 10:00 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll
2013-09-23 13:14 - 2013-10-09 10:00 - 00385024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-09-23 12:51 - 2013-10-09 10:00 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 12:50 - 2013-10-09 10:00 - 01489920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 12:50 - 2013-10-09 10:00 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-23 12:49 - 2013-10-09 10:00 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-23 12:47 - 2013-10-09 10:00 - 09342464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 12:47 - 2013-10-09 10:00 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-09-23 12:47 - 2013-10-09 10:00 - 00742912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 12:47 - 2013-10-09 10:00 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-23 12:47 - 2013-10-09 10:00 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 12510208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 02357760 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-23 12:46 - 2013-10-09 10:00 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 12:44 - 2013-10-09 10:00 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-09-23 11:29 - 2013-10-09 10:00 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-09-23 11:29 - 2013-10-09 10:00 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-23 11:27 - 2013-10-09 10:00 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-23 11:27 - 2013-10-09 10:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-09-23 11:26 - 2013-10-09 10:00 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-23 09:44 - 2013-10-09 10:00 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-23 09:43 - 2013-10-09 10:00 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 09:40 - 2013-10-09 10:00 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-23 09:39 - 2013-10-09 10:00 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

Files to move or delete:
====================
C:\Users\*****\run.bat


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-21 11:36

==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2013
Ran by ***** at 2013-10-21 11:49:49
Running from C:\Users\*****\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

@BIOS (x32 Version: 2.20)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.169)
AMD Catalyst Install Manager (Version: 8.0.911.0)
Any Video Converter 5.0.8 (x32)
Any Video Converter Ultimate 4.6.1 (x32)
AVG 2014 (Version: 14.0.3614)
AVG 2014 (Version: 14.0.4158)
AVG 2014 (Version: 2014.0.4158)
AviSynth 2.5 (x32)
Backup Service Home 3.5.0.0 (x32 Version: 3.5.0.0)
Battlefield: Bad Company™ 2 (x32 Version: 1.0.0.0)
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9)
Canon Inkjet Printer Driver Add-On Module
Canon MOV Decoder (x32 Version: 1.8.0.7)
Canon MOV Encoder (x32 Version: 1.6.0.1)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.7.0.4)
Canon MP760
Canon RAW Codec (x32 Version: 1.8.0.68)
Canon ScanGear Starter (x32)
Canon Utilities Digital Photo Professional 3.10 (x32 Version: 3.10.2.0)
Canon Utilities EOS Utility (x32 Version: 2.10.2.0)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (x32 Version: 1.0.0.10)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities Picture Style Editor (x32 Version: 1.9.0.0)
Canon Utilities ZoomBrowser EX (x32 Version: 6.7.0.24)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.5.0.9)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225)
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225)
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225)
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225)
CCC Help Czech (x32 Version: 2013.0328.2217.38225)
CCC Help Danish (x32 Version: 2013.0328.2217.38225)
CCC Help Dutch (x32 Version: 2013.0328.2217.38225)
CCC Help English (x32 Version: 2013.0328.2217.38225)
CCC Help Finnish (x32 Version: 2013.0328.2217.38225)
CCC Help French (x32 Version: 2013.0328.2217.38225)
CCC Help German (x32 Version: 2013.0328.2217.38225)
CCC Help Greek (x32 Version: 2013.0328.2217.38225)
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225)
CCC Help Italian (x32 Version: 2013.0328.2217.38225)
CCC Help Japanese (x32 Version: 2013.0328.2217.38225)
CCC Help Korean (x32 Version: 2013.0328.2217.38225)
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225)
CCC Help Polish (x32 Version: 2013.0328.2217.38225)
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225)
CCC Help Russian (x32 Version: 2013.0328.2217.38225)
CCC Help Spanish (x32 Version: 2013.0328.2217.38225)
CCC Help Swedish (x32 Version: 2013.0328.2217.38225)
CCC Help Thai (x32 Version: 2013.0328.2217.38225)
CCC Help Turkish (x32 Version: 2013.0328.2217.38225)
ccc-utility64 (Version: 2013.0328.2218.38225)
CCleaner (Version: 4.03)
Core Temp 1.0 RC3 (Version: 1.0)
CPUID CPU-Z 1.66
CrystalDiskMark 3.0.1c (Version: 3.0.1c)
Defraggler (Version: 2.09)
DHTML Editing Component (x32 Version: 6.02.0001)
Etron USB3.0 Host Controller (x32 Version: 0.105)
Express Burn (x32)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
FileZilla Client 3.7.0.2 (x32 Version: 3.7.0.2)
Flight Simulator X (x32)
Flight Simulator X Service Pack 1 (x32)
Fraps (remove only) (x32)
Free Audio Converter version 5.0.28.812 (x32 Version: 5.0.28.812)
Free FLV Converter V 7.5.0 (x32 Version: 7.5.0.0)
Free YouTube to MP3 Converter version 3.12.12.827 (x32 Version: 3.12.12.827)
FreeTrack v2.2.0.279 (HKCU)
FSX Carrier Mission (x32 Version: 1.0.0)
Futuremark SystemInfo (x32 Version: 4.17.0)
Google Chrome (HKCU Version: 30.0.1599.101)
Google SketchUp 8 (x32 Version: 3.0.11762)
HD Tach version 3 (x32)
HD Tune 2.55 (x32)
Hdd Speed Test Tool v. 1.0.14 (RC 1) (x32)
Hot CPU Tester Pro 4.4 (x32 Version: 4.4 LE)
ICON A5 (x32)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1118)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
KaloMa 4.94 (x32)
Lame ACM MP3 Codec (x32)
LG Burning Tool (x32 Version: 6.2.6009)
LG CyberLink BD Advisor (x32 Version: 2.0.4606)
LG CyberLink LabelPrint (x32 Version: 2.5.3624)
LG CyberLink Media Suite (x32 Version: 8.0.2820)
LG CyberLink MediaShow (x32 Version: 4.1.3402)
LG CyberLink PowerBackup (x32 Version: 2.5.6023)
LG CyberLink PowerDVD (x32 Version: 10.0.3715.01)
LG CyberLink PowerProducer (x32 Version: 5.0.2.2820a)
LG CyberLink YouCam (x32 Version: 2.0.3718)
LG Tool Kit (x32 Version: 9.01.1124.01)
Lightworks (x32 Version: 11.1.0.0)
Livestream Procaster (x32 Version: 20.3.25)
LMMS 0.4.14 (x32 Version: 0.4.14)
marvell 91xx driver (x32 Version: 1.2.0.1027)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Camera Codec Pack (Version: 16.4.1734.1104)
Microsoft Flight Simulator X (x32 Version: 10.0.61355.0)
Microsoft Flight Simulator X Service Pack 1 (x32 Version: 10.0.61355.0)
Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft RichCopy 4.0 (x32 Version: 4.0.211)
Microsoft Robocopy GUI (x32 Version: 1.0.0)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MKVToolNix 5.8.0 (x32 Version: 5.8.0)
MSVCRT Redists (Version: 1.0)
MSXML 4.0 SP2 (KB927978) (x32 Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser und SDK (x32 Version: 4.20.9818.0)
Nitro Reader 2 (Version: 2.3.1.7)
n-Track Studio 7 x64
OpenAL (x32)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Paint Shop Pro 6.02 CD (x32)
Paint.NET v3.5.10 (Version: 3.60.0)
PlanetSide 2 (x32)
Plan-G (x32 Version: 2.0.3)
Portrait Professional 10.8 Test (x32 Version: 10.8)
RAD Video Tools (x32)
Raw Therapee V4.0.9.50 x64 (Version: 4.0.950)
Real Environment Xtreme (x32 Version: 1.0.2008.1128)
Realtek Ethernet Controller Driver (x32 Version: 6.247.222.2011)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6519)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6554)
SafeGuard® PrivateCrypto 2.31.1 (x32 Version: 2.31.1.2)
Samsung Magician (x32 Version: 4.2.1)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.22.0)
Sapphire TRIXX (x32)
SF Carrier 2 Mission
Shader 3 Mod for Flight Simulator X (x32 Version: 1.5.0)
Sins of a Solar Empire (x32 Version: 1.05)
Skype™ 6.3 (x32 Version: 6.3.107)
SpeedFan (remove only) (x32)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
TeamSpeak 3 Client (Version: 3.0.13)
The Elder Scrolls V: Skyrim (x32)
Unigine Heaven DX11 Benchmark 2.5 version 2.5 (x32 Version: 2.5)
Unigine Valley Benchmark version 1.0 (x32 Version: 1.0)
Unlocker 1.9.2 (Version: 1.9.2)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
VCDS-Lite 1.2 (x32 Version: 1.2)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
VLC media player 2.0.7 (Version: 2.0.7)
WebTemp 3.37 (kostenlose Version) (x32)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
YAMAHA Musicsoft Downloader 5 (x32 Version: )
Yamaha USB-MIDI Driver (Version: 3.1.1.1)
Yamaha USB-MIDI Driver (x32 Version: 3.1.1.1)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {3BA21E64-F787-4118-8DD1-125585E039E2} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - ***** => C:\Program Files\Windows Calendar\wincal.exe [2008-01-21] (Microsoft Corporation)
Task: {76EDD6E5-2EF2-49AD-B7A3-6E7E2AC273CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {A8BF6AB7-0AFF-4473-84E0-2AF1EE1120FC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1109511523-3860671390-4157341050-1000Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-20] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F6F491C5-ABCF-4B2E-A557-E39641808024} - System32\Tasks\MinecraftRMServer => C:\Users\*****\Desktop\Minecraft Server\Minecraft_Server.exe [2013-05-03] ()
Task: {FEE2BF47-2347-4BA0-A693-408F1ABE6987} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1109511523-3860671390-4157341050-1000UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-20] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1109511523-3860671390-4157341050-1000Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1109511523-3860671390-4157341050-1000UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-29 03:07 - 2013-03-29 03:07 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2013-08-27 10:06 - 2013-05-16 14:42 - 00013824 _____ () C:\Program Files (x86)\Samsung SSD Magician\SAMSUNG_SSD.dll
2013-10-17 10:24 - 2013-10-09 02:02 - 04055504 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-17 10:24 - 2013-10-09 02:02 - 00415184 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-17 10:24 - 2013-10-09 02:01 - 01604560 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-10-17 10:24 - 2013-10-09 02:01 - 00698832 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-17 10:24 - 2013-10-09 02:01 - 00099792 _____ () C:\Users\*****\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:2BE9FEFC
AlternateDataStreams: C:\ProgramData\Temp:BF3D62E7

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/21/2013 11:32:37 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2013 10:15:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2013 04:14:26 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung PlanetSide2.exe, Version 0.0.0.0, Zeitstempel 0x525d7846, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18704, Zeitstempel 0x5065cd44, Ausnahmecode 0xc0000005, Fehleroffset 0x0001d8cb,
Prozess-ID 0x1498, Anwendungsstartzeit PlanetSide2.exe0.

Error: (10/19/2013 11:41:34 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\*****\APPDATA\ROAMING\.MINECRAFT\STATS\STATS_*****_UNSENT.OLD> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (10/19/2013 09:24:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2013 05:19:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2013 09:47:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2013 02:57:42 PM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\*****\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZ> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (10/17/2013 10:21:52 AM) (Source: Windows Search Service) (User: )
Description: Eintrag <C:\USERS\*****\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZZZ> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (10/17/2013 09:42:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/21/2013 11:31:02 AM) (Source: RemoteAccess) (User: )
Description: Die Schnittstelle "{5241B61C-789B-4589-8325-4924B4DBB451}" kann nicht zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion kann nicht abgeschlossen werden.

Error: (10/21/2013 11:30:02 AM) (Source: Service Control Manager) (User: )
Description: 30000avgwd

Error: (10/21/2013 10:13:39 AM) (Source: RemoteAccess) (User: )
Description: Die Schnittstelle "{5241B61C-789B-4589-8325-4924B4DBB451}" kann nicht zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion kann nicht abgeschlossen werden.

Error: (10/19/2013 09:22:32 PM) (Source: RemoteAccess) (User: )
Description: Die Schnittstelle "{5241B61C-789B-4589-8325-4924B4DBB451}" kann nicht zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion kann nicht abgeschlossen werden.

Error: (10/19/2013 09:21:24 PM) (Source: Service Control Manager) (User: )
Description: 30000avgwd

Error: (10/19/2013 05:17:50 PM) (Source: RemoteAccess) (User: )
Description: Die Schnittstelle "{5241B61C-789B-4589-8325-4924B4DBB451}" kann nicht zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion kann nicht abgeschlossen werden.

Error: (10/19/2013 03:06:51 AM) (Source: Service Control Manager) (User: )
Description: 30000avgwd

Error: (10/18/2013 09:45:40 AM) (Source: RemoteAccess) (User: )
Description: Die Schnittstelle "{5241B61C-789B-4589-8325-4924B4DBB451}" kann nicht zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion kann nicht abgeschlossen werden.

Error: (10/17/2013 09:41:13 AM) (Source: RemoteAccess) (User: )
Description: Die Schnittstelle "{5241B61C-789B-4589-8325-4924B4DBB451}" kann nicht zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion kann nicht abgeschlossen werden.

Error: (10/16/2013 10:08:49 AM) (Source: RemoteAccess) (User: )
Description: Die Schnittstelle "{5241B61C-789B-4589-8325-4924B4DBB451}" kann nicht zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion kann nicht abgeschlossen werden.


Microsoft Office Sessions:
=========================
Error: (10/21/2013 11:32:37 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2013 10:15:12 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/21/2013 04:14:26 AM) (Source: Application Error)(User: )
Description: PlanetSide2.exe0.0.0.0525d7846kernel32.dll6.0.6002.187045065cd44c00000050001d8cb149801cecdddbab69f00

Error: (10/19/2013 11:41:34 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\*****\APPDATA\ROAMING\.MINECRAFT\STATS\STATS_*****_UNSENT.OLD

Error: (10/19/2013 09:24:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2013 05:19:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2013 09:47:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2013 02:57:42 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\*****\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZ

Error: (10/17/2013 10:21:52 AM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\*****\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\ZZZZZZZZ

Error: (10/17/2013 09:42:56 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 16366.2 MB
Available physical RAM: 14017.74 MB
Total Pagefile: 32533.39 MB
Available Pagefile: 30286.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (System 2009) (Fixed) (Total:238.47 GB) (Free:94.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Backupplatte) (Fixed) (Total:465.76 GB) (Free:82.81 GB) NTFS
Drive f: (Video HDD 500GB) (Fixed) (Total:465.76 GB) (Free:376.84 GB) NTFS
Drive h: (EOS_DIGITAL) (Removable) (Total:14.83 GB) (Free:6.33 GB) FAT32
Drive i: (Volume) (Fixed) (Total:465.76 GB) (Free:227.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 238 GB) (Disk ID: A99D2F41)
Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 62AA49E6)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 5DA798DB)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 3BC3159A)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:47 on 21/10/2013 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
GMER save/Copy funktionierte nicht. Ich habe davon mal einen Destopscreen gemacht und als Anhang mit angefügt.

schrauber 21.10.2013 15:29
hi,
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Houseman 21.10.2013 19:18
Hallo Schrauber.

Hier der Combofix.txt

Code:
ComboFix 13-10-21.01 - ***** 21.10.2013  17:10:07.1.4 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.16366.13637 [GMT 2:00]
ausgeführt von:: c:\users\*****\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\test.txt
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-09-21 bis 2013-10-21  ))))))))))))))))))))))))))))))
.
.
2013-10-21 17:52 . 2013-10-21 17:52        75888        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39A0ED04-FA5E-476F-9970-4F0A018C9793}\offreg.dll
2013-10-21 15:14 . 2013-10-21 17:55        --------        d-----w-        c:\users\*****\AppData\Local\temp
2013-10-21 15:14 . 2013-10-21 15:14        --------        d-----w-        c:\users\*****\AppData\Local\temp
2013-10-21 09:49 . 2013-10-21 09:49        --------        d-----w-        C:\FRST
2013-10-20 19:33 . 2013-10-14 07:12        10280728        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39A0ED04-FA5E-476F-9970-4F0A018C9793}\mpengine.dll
2013-10-19 15:28 . 2013-10-14 07:12        10280728        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-18 07:56 . 2013-10-18 07:55        965000        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F418B4A8-B829-4A02-94CE-5FE6DBDE65CA}\gapaengine.dll
2013-10-09 19:30 . 2013-10-09 19:30        --------        d-----w-        c:\users\Admin*****\AppData\Roaming\AVG2014
2013-10-09 19:30 . 2013-10-09 19:30        --------        d-----w-        c:\users\Admin*****\AppData\Local\Avg2014
2013-10-03 09:35 . 2013-10-03 09:35        50        ----a-w-        c:\users\*****\run.bat
2013-10-03 08:29 . 2013-10-03 08:29        --------        d-----w-        c:\users\*****\AppData\Roaming\AVG2014
2013-10-03 08:27 . 2013-10-03 08:29        --------        d-----w-        c:\programdata\AVG2014
2013-09-27 17:05 . 2013-10-03 09:32        --------        d-----w-        c:\users\*****\AppData\Local\Avg2014
2013-09-25 19:07 . 2013-09-25 19:07        148792        ----a-w-        c:\windows\system32\drivers\avgdiska.sys
2013-09-24 09:15 . 2013-09-24 09:08        675988        ----a-w-        c:\users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Minecraft Launcher.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 10:53 . 2006-11-02 12:35        80541720        ----a-w-        c:\windows\system32\mrt.exe
2013-09-15 09:58 . 2012-11-25 20:38        215128        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-09-15 09:58 . 2012-03-04 20:37        215128        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2013-09-15 09:46 . 2012-11-25 20:38        75064        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2013-09-08 20:11 . 2013-09-08 20:11        31544        ----a-w-        c:\windows\system32\drivers\avgrkx64.sys
2013-09-06 09:08 . 2012-11-09 08:34        965008        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-09-02 08:59 . 2013-09-02 08:59        212280        ----a-w-        c:\windows\system32\drivers\avgldx64.sys
2013-09-02 08:29 . 2013-09-02 08:29        294712        ----a-w-        c:\windows\system32\drivers\avgloga.sys
2013-09-02 08:26 . 2013-09-02 08:26        192824        ----a-w-        c:\windows\system32\drivers\avgidsha.sys
2013-09-02 08:26 . 2013-09-02 08:26        241464        ----a-w-        c:\windows\system32\drivers\avgidsdrivera.sys
2013-08-20 20:53 . 2013-08-20 20:53        123704        ----a-w-        c:\windows\system32\drivers\avgmfx64.sys
2013-08-02 14:06 . 2013-08-27 20:17        1706496        ----a-w-        c:\windows\system32\WMVDECOD.DLL
2013-08-02 04:09 . 2013-08-27 20:17        1548288        ----a-w-        c:\windows\SysWow64\WMVDECOD.DLL
2013-08-01 14:07 . 2013-08-01 14:07        251192        ----a-w-        c:\windows\system32\drivers\avgtdia.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
.
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Magician.lnk - c:\program files (x86)\Samsung SSD Magician\Samsung Magician.exe  /AUTOHIDE [2013-8-27 4351392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 7ByteIo;7ByteIo;c:\program files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys;c:\program files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1109511523-3860671390-4157341050-1000Core.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-20 15:36]
.
2013-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1109511523-3860671390-4157341050-1000UA.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-20 15:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: rki.de\grippeweb
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41} - c:\programdata\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BandiMPEG1]
@Denied: (Full) (Administrators)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\AVG\AVG2014\avgidsagent.exe
c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
c:\program files (x86)\Samsung SSD Magician\Samsung Magician.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-10-21  19:58:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-10-21 17:58
.
Vor Suchlauf: 19 Verzeichnis(se), 100.919.738.368 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 100.511.428.608 Bytes frei
.
- - End Of File - - 23BB1E2A3F35FCB409E32049D56FDA14
Danke fürs nachschauen.

Nachtrag: Meine kleine Tochter war am PC sagte meine Frau, als ich mich kurz ein Stündchen hingelegt hatte.
Ich habe vorsichtshalber den Scan noch einmal laufen lassen, außerdem hatte ich gesehen das ich den nicht beim ersten mal direkt vom Desktop gemacht hatte, sondern aus dem Download Ordner.

Code:
ComboFix 13-10-21.01 - ***** 21.10.2013  20:32:37.2.4 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.16366.13416 [GMT 2:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-09-21 bis 2013-10-21  ))))))))))))))))))))))))))))))
.
.
2013-10-21 18:37 . 2013-10-21 18:37        --------        d-----w-        c:\users\*****\AppData\Local\temp
2013-10-21 18:37 . 2013-10-21 18:37        --------        d-----w-        c:\users\*****\AppData\Local\temp
2013-10-21 18:37 . 2013-10-21 18:37        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-10-21 18:37 . 2013-10-21 18:37        --------        d-----w-        c:\users\admin*****\AppData\Local\temp
2013-10-21 17:52 . 2013-10-21 17:52        75888        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39A0ED04-FA5E-476F-9970-4F0A018C9793}\offreg.dll
2013-10-21 09:49 . 2013-10-21 09:49        --------        d-----w-        C:\FRST
2013-10-20 19:33 . 2013-10-14 07:12        10280728        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39A0ED04-FA5E-476F-9970-4F0A018C9793}\mpengine.dll
2013-10-19 15:28 . 2013-10-14 07:12        10280728        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-18 07:56 . 2013-10-18 07:55        965000        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F418B4A8-B829-4A02-94CE-5FE6DBDE65CA}\gapaengine.dll
2013-10-09 19:30 . 2013-10-09 19:30        --------        d-----w-        c:\users\admin*****\AppData\Roaming\AVG2014
2013-10-09 19:30 . 2013-10-09 19:30        --------        d-----w-        c:\users\admin*****\AppData\Local\Avg2014
2013-10-03 09:35 . 2013-10-03 09:35        50        ----a-w-        c:\users\*****\run.bat
2013-10-03 08:29 . 2013-10-03 08:29        --------        d-----w-        c:\users\*****\AppData\Roaming\AVG2014
2013-10-03 08:27 . 2013-10-03 08:29        --------        d-----w-        c:\programdata\AVG2014
2013-09-27 17:05 . 2013-10-03 09:32        --------        d-----w-        c:\users\*****\AppData\Local\Avg2014
2013-09-25 19:07 . 2013-09-25 19:07        148792        ----a-w-        c:\windows\system32\drivers\avgdiska.sys
2013-09-24 09:15 . 2013-09-24 09:08        675988        ----a-w-        c:\users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Minecraft Launcher.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 10:53 . 2006-11-02 12:35        80541720        ----a-w-        c:\windows\system32\mrt.exe
2013-09-15 09:58 . 2012-11-25 20:38        215128        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-09-15 09:58 . 2012-03-04 20:37        215128        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2013-09-15 09:46 . 2012-11-25 20:38        75064        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2013-09-08 20:11 . 2013-09-08 20:11        31544        ----a-w-        c:\windows\system32\drivers\avgrkx64.sys
2013-09-06 09:08 . 2012-11-09 08:34        965008        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-09-02 08:59 . 2013-09-02 08:59        212280        ----a-w-        c:\windows\system32\drivers\avgldx64.sys
2013-09-02 08:29 . 2013-09-02 08:29        294712        ----a-w-        c:\windows\system32\drivers\avgloga.sys
2013-09-02 08:26 . 2013-09-02 08:26        192824        ----a-w-        c:\windows\system32\drivers\avgidsha.sys
2013-09-02 08:26 . 2013-09-02 08:26        241464        ----a-w-        c:\windows\system32\drivers\avgidsdrivera.sys
2013-08-20 20:53 . 2013-08-20 20:53        123704        ----a-w-        c:\windows\system32\drivers\avgmfx64.sys
2013-08-02 14:06 . 2013-08-27 20:17        1706496        ----a-w-        c:\windows\system32\WMVDECOD.DLL
2013-08-02 04:09 . 2013-08-27 20:17        1548288        ----a-w-        c:\windows\SysWow64\WMVDECOD.DLL
2013-08-01 14:07 . 2013-08-01 14:07        251192        ----a-w-        c:\windows\system32\drivers\avgtdia.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
.
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Magician.lnk - c:\program files (x86)\Samsung SSD Magician\Samsung Magician.exe  /AUTOHIDE [2013-8-27 4351392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 7ByteIo;7ByteIo;c:\program files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys;c:\program files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1109511523-3860671390-4157341050-1000Core.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-20 15:36]
.
2013-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1109511523-3860671390-4157341050-1000UA.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-20 15:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: rki.de\grippeweb
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41} - c:\programdata\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BandiMPEG1]
@Denied: (Full) (Administrators)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-10-21  20:39:03
ComboFix-quarantined-files.txt  2013-10-21 18:39
ComboFix2.txt  2013-10-21 17:58
.
Vor Suchlauf: 1.781.903.360 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 100.502.417.408 Bytes frei
.
- - End Of File - - E6F737E0A21208B284B5CA29061C199D
Sorry.

schrauber 22.10.2013 09:50
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Houseman 22.10.2013 14:36
Hallo Schrauber.

Hier die von Dir angeforderten Files:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.22.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19475
***** :: ***** [Administrator]

22.10.2013 14:47:00
mbam-log-2013-10-22 (14-47-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 255738
Laufzeit: 2 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\*****\Documents\Deamon Tools Lite Oldsetup (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\*****\Downloads\FreeAudioConverter-5.0.28.812.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\*****\Downloads\FreeYouTubeToMP3Converter31212.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\*****\Downloads\TeamSpeak3-Client-win32-3.0.7.1.exe (PUP.Optional.DownloadSponsor.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\*****\Downloads\Unlocker1.9.2.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
# AdwCleaner v3.010 - Bericht erstellt am 22/10/2013 um 14:57:51
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : ***** - *****
# Gestartet von : C:\Users\*****\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\ProgramData\boost_interprocess
[!] Ordner Gelöscht : C:\Users\*****\AppData\Local\PackageAware
[!] Ordner Gelöscht : C:\Users\*****\AppData\Roaming\dvdvideosoftiehelpers

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\Software\Conduit

***** [ Browser ] *****

-\\ Internet Explorer v8.0.6001.19475


-\\ Google Chrome v

[ Datei : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\admin*****\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1887 octets] - [22/10/2013 14:55:39]
AdwCleaner[S0].txt - [1529 octets] - [22/10/2013 14:57:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1589 octets] ##########

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows (TM) Vista Home Premium x64
Ran by ***** on 22.10.2013 at 15:02:14,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\*****\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.10.2013 at 15:06:04,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2013
Ran by ***** (administrator) on ***** on 22-10-2013 15:26:38
Running from C:\Users\*****\Downloads
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\*****\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-16] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKU\admin*****\...\Run: [Facebook Update] - C:\Users\admin*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-13] (Facebook Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe (Samsung Electronics.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {45FCC686-4F75-4346-BDB4-694FE282A28B} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {45FCC686-4F75-4346-BDB4-694FE282A28B} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\*****\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\*****\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (InoViewer Plugin) - C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\*****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\*****\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S4 Backup Service Home-Dienst; C:\Program Files (x86)\Alexosoft\Backup Service Home 3\BSHService.exe [17920 2012-12-04] (Alexander Seeliger Software)
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2006-11-02] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2009-04-11] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
S3 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2013-09-15] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] ()
R3 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [441344 2009-04-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-03-05] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 Beep; No ImagePath
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [34704 2010-02-05] (CSR, plc)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-03-05] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [49256 2011-05-10] (Yamaha Corporation)
S3 7ByteIo; \??\C:\Program Files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [x]
S3 ALSysIO; \??\C:\Users\*****\AppData\Local\Temp\ALSysIO64.sys [x]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S3 GenericMount; system32\DRIVERS\GenericMount.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U2 V2iMount;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-22 15:24 - 2013-10-22 15:24 - 01954682 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2013-10-22 15:06 - 2013-10-22 15:06 - 00000912 _____ C:\Users\*****\Desktop\JRT.txt
2013-10-22 15:02 - 2013-10-22 15:02 - 00000000 ____D C:\Windows\ERUNT
2013-10-22 14:54 - 2013-10-22 14:57 - 00000000 ____D C:\AdwCleaner
2013-10-22 14:53 - 2013-10-22 14:53 - 00001368 _____ C:\Windows\PFRO.log
2013-10-22 14:44 - 2013-10-22 14:44 - 00000919 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-22 14:44 - 2013-10-22 14:44 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-10-22 14:44 - 2013-10-22 14:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-22 14:44 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-22 14:43 - 2013-10-22 14:43 - 01060070 _____ C:\Users\*****\Downloads\adwcleaner.exe
2013-10-22 14:43 - 2013-10-22 14:43 - 01033335 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe
2013-10-22 14:42 - 2013-10-22 14:42 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\*****\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-21 20:41 - 2013-10-21 20:42 - 00012604 _____ C:\Users\*****\Desktop\combofix.txt
2013-10-21 20:39 - 2013-10-21 20:39 - 00012618 _____ C:\ComboFix.txt
2013-10-21 20:13 - 2013-10-21 20:13 - 00013391 _____ C:\combofine.txt
2013-10-21 17:09 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-21 17:09 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-21 17:09 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-21 17:09 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-21 17:09 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-21 17:09 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-21 17:09 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-21 17:09 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-21 17:08 - 2013-10-21 20:39 - 00000000 ____D C:\Qoobox
2013-10-21 17:08 - 2013-10-21 19:56 - 00000000 ____D C:\Windows\erdnt
2013-10-21 17:06 - 2013-10-21 17:07 - 05136138 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2013-10-21 13:29 - 2013-10-22 15:12 - 00000000 ____D C:\Users\*****\Desktop\Trojaner-Board
2013-10-21 12:57 - 2013-10-21 12:57 - 00377856 _____ C:\Users\*****\Downloads\gmer_2.1.19163.exe
2013-10-21 11:49 - 2013-10-21 11:49 - 00000000 ____D C:\FRST
2013-10-21 11:47 - 2013-10-21 11:47 - 00050477 _____ C:\Users\*****\Downloads\Defogger.exe
2013-10-21 11:47 - 2013-10-21 11:47 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-10-14 20:57 - 2013-10-14 20:57 - 00317160 _____ C:\Users\*****\Downloads\worldguard-5.7.5.zip
2013-10-14 20:42 - 2013-10-14 20:42 - 00320559 _____ C:\Users\*****\Downloads\worldguard-5.8.zip
2013-10-14 17:51 - 2013-10-14 17:51 - 00000000 ____D C:\Users\*****\Downloads\Legend of Taleth
2013-10-14 17:49 - 2013-10-14 17:50 - 18581277 _____ C:\Users\*****\Downloads\Legend of Taleth.zip
2013-10-14 17:49 - 2013-10-14 17:49 - 00000000 ____D C:\Users\*****\Downloads\Dragon Tribes (2)
2013-10-14 17:40 - 2013-10-14 17:43 - 63512548 _____ C:\Users\*****\Downloads\Dragon Tribes (2).zip
2013-10-13 21:30 - 2013-10-17 00:15 - 00000510 _____ C:\Windows\WORDPAD.INI
2013-10-13 00:12 - 2013-10-13 00:12 - 00000000 ____D C:\Users\*****\Downloads\teamspeak3-server_win64-3.0.7.1
2013-10-13 00:11 - 2013-10-13 00:11 - 05273235 _____ C:\Users\*****\Downloads\teamspeak3-server_win64-3.0.7.1.zip
2013-10-09 21:30 - 2013-10-09 21:30 - 00000000 ____D C:\Users\admin*****\AppData\Roaming\AVG2014
2013-10-09 21:30 - 2013-10-09 21:30 - 00000000 ____D C:\Users\admin*****\AppData\Local\Avg2014
2013-10-09 10:22 - 2013-10-09 12:52 - 00030761 _____ C:\Users\*****\Documents\Heizverbrauch2013-2014.ods
2013-10-09 10:00 - 2013-09-23 14:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 10:00 - 2013-09-23 14:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 10:00 - 2013-09-23 14:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-09 10:00 - 2013-09-23 14:55 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-10-09 10:00 - 2013-09-23 14:53 - 00611840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2013-10-09 10:00 - 2013-09-23 14:52 - 06017024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 10:00 - 2013-09-23 14:52 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 10:00 - 2013-09-23 14:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-09 10:00 - 2013-09-23 14:52 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 11111936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 02005504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 01469440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-09 10:00 - 2013-09-23 14:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 10:00 - 2013-09-23 14:50 - 00387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-10-09 10:00 - 2013-09-23 14:49 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll
2013-10-09 10:00 - 2013-09-23 13:14 - 00385024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-10-09 10:00 - 2013-09-23 12:51 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 10:00 - 2013-09-23 12:50 - 01489920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 10:00 - 2013-09-23 12:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-09 10:00 - 2013-09-23 12:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-10-09 10:00 - 2013-09-23 12:47 - 09342464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 10:00 - 2013-09-23 12:47 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-10-09 10:00 - 2013-09-23 12:47 - 00742912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 10:00 - 2013-09-23 12:47 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-09 10:00 - 2013-09-23 12:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 12510208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 02357760 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-09 10:00 - 2013-09-23 12:46 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 10:00 - 2013-09-23 12:44 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-10-09 10:00 - 2013-09-23 11:29 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-10-09 10:00 - 2013-09-23 11:29 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-09 10:00 - 2013-09-23 11:27 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 10:00 - 2013-09-23 11:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-10-09 10:00 - 2013-09-23 11:26 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-09 10:00 - 2013-09-23 09:44 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-09 10:00 - 2013-09-23 09:43 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 10:00 - 2013-09-23 09:40 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-10-09 10:00 - 2013-09-23 09:39 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 10:00 - 2013-08-29 09:48 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 10:00 - 2013-08-27 05:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-09 10:00 - 2013-08-27 05:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-09 10:00 - 2013-08-27 05:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-09 10:00 - 2013-08-27 05:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-09 10:00 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-09 10:00 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-09 10:00 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-09 10:00 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-09 10:00 - 2013-08-27 04:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-09 10:00 - 2013-08-27 04:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-09 10:00 - 2013-08-27 04:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-09 10:00 - 2013-08-27 04:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-09 10:00 - 2013-08-27 04:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-09 10:00 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-09 10:00 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-09 10:00 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-09 10:00 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-10-09 10:00 - 2013-08-01 06:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 10:00 - 2013-08-01 05:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-09 10:00 - 2013-07-20 12:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 10:00 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 10:00 - 2013-07-12 11:19 - 00099200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 10:00 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 10:00 - 2013-07-04 06:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 10:00 - 2013-07-03 04:55 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 10:00 - 2013-07-03 04:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 10:00 - 2013-06-29 04:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 10:00 - 2013-06-29 04:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 10:00 - 2013-06-29 04:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 10:00 - 2013-06-29 04:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 10:00 - 2013-06-27 01:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 10:00 - 2013-06-04 06:16 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 10:00 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 10:00 - 2013-06-04 04:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 10:00 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 10:00 - 2011-05-05 16:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 09:58 - 2013-10-09 09:58 - 00039732 _____ C:\Users\*****\Documents\Heizverbrauch2012-2013.ods
2013-10-06 19:12 - 2013-10-06 19:12 - 00000000 ____D C:\Users\*****\Desktop\MC_Bukkit - Kreativ
2013-10-05 11:38 - 2013-10-05 11:38 - 00421267 _____ C:\Users\*****\Downloads\OptiFine_1.6.4_HD_U_C5.jar
2013-10-05 11:30 - 2013-10-05 11:30 - 00263186 _____ C:\Users\*****\Downloads\Minecraft (2).exe
2013-10-03 13:37 - 2013-10-03 13:37 - 00797183 _____ C:\Users\*****\Downloads\worldedit-5.5.6.zip
2013-10-03 11:35 - 2013-10-03 11:35 - 00000050 _____ C:\Users\*****\run.bat
2013-10-03 11:34 - 2013-10-06 03:56 - 00000000 ____D C:\Users\*****\Desktop\MC_Bukkit
2013-10-03 10:29 - 2013-10-03 10:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVG2014
2013-10-03 10:27 - 2013-10-11 11:20 - 00000859 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-03 10:27 - 2013-10-03 10:29 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-27 19:05 - 2013-10-03 11:32 - 00000000 ____D C:\Users\*****\AppData\Local\Avg2014
2013-09-25 21:07 - 2013-09-25 21:07 - 00148792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2013-09-24 14:57 - 2013-09-24 14:57 - 00421387 _____ C:\Users\*****\Downloads\OptiFine_1.6.4_HD_U_C4 (1).jar
2013-09-24 14:56 - 2013-09-24 14:56 - 00421387 _____ C:\Users\*****\Downloads\OptiFine_1.6.4_HD_U_C4.jar
2013-09-24 11:08 - 2013-09-24 11:08 - 00675988 _____ C:\Users\*****\Downloads\Minecraft (1).exe

==================== One Month Modified Files and Folders =======

2013-10-22 15:24 - 2013-10-22 15:24 - 01954682 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2013-10-22 15:12 - 2013-10-21 13:29 - 00000000 ____D C:\Users\*****\Desktop\Trojaner-Board
2013-10-22 15:06 - 2013-10-22 15:06 - 00000912 _____ C:\Users\*****\Desktop\JRT.txt
2013-10-22 15:06 - 2008-01-21 13:10 - 00753858 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-22 15:06 - 2008-01-21 13:09 - 00628742 _____ C:\Windows\system32\perfh007.dat
2013-10-22 15:06 - 2008-01-21 13:09 - 00126486 _____ C:\Windows\system32\perfc007.dat
2013-10-22 15:02 - 2013-10-22 15:02 - 00000000 ____D C:\Windows\ERUNT
2013-10-22 15:02 - 2013-08-16 23:01 - 01133330 _____ C:\Windows\WindowsUpdate.log
2013-10-22 15:00 - 2012-03-07 15:38 - 00000000 ____D C:\Users\*****\AppData\Roaming\Nitro PDF
2013-10-22 15:00 - 2006-11-02 17:22 - 00004576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-22 15:00 - 2006-11-02 17:22 - 00004576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-22 14:59 - 2012-07-31 17:08 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-10-22 14:59 - 2006-11-02 17:42 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-22 14:59 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-22 14:57 - 2013-10-22 14:54 - 00000000 ____D C:\AdwCleaner
2013-10-22 14:53 - 2013-10-22 14:53 - 00001368 _____ C:\Windows\PFRO.log
2013-10-22 14:44 - 2013-10-22 14:44 - 00000919 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-22 14:44 - 2013-10-22 14:44 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-10-22 14:44 - 2013-10-22 14:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-22 14:43 - 2013-10-22 14:43 - 01060070 _____ C:\Users\*****\Downloads\adwcleaner.exe
2013-10-22 14:43 - 2013-10-22 14:43 - 01033335 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe
2013-10-22 14:42 - 2013-10-22 14:42 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\*****\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-22 14:28 - 2013-09-05 22:18 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1109511523-3860671390-4157341050-1000UA.job
2013-10-22 09:40 - 2013-07-06 19:50 - 00000000 ____D C:\ProgramData\MFAData
2013-10-22 09:40 - 2012-10-01 18:15 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-22 09:21 - 2013-08-07 09:21 - 00000000 ____D C:\Users\*****\AppData\Roaming\.minecraft
2013-10-22 02:50 - 2012-03-05 00:11 - 00000000 ____D C:\Users\*****\AppData\Roaming\TS3Client
2013-10-22 01:27 - 2013-09-05 22:18 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1109511523-3860671390-4157341050-1000Core.job
2013-10-21 20:42 - 2013-10-21 20:41 - 00012604 _____ C:\Users\*****\Desktop\combofix.txt
2013-10-21 20:39 - 2013-10-21 20:39 - 00012618 _____ C:\ComboFix.txt
2013-10-21 20:39 - 2013-10-21 17:08 - 00000000 ____D C:\Qoobox
2013-10-21 20:37 - 2006-11-02 14:34 - 00000215 _____ C:\Windows\system.ini
2013-10-21 20:13 - 2013-10-21 20:13 - 00013391 _____ C:\combofine.txt
2013-10-21 20:03 - 2006-11-02 15:33 - 00000000 __RHD C:\Users\Default
2013-10-21 19:56 - 2013-10-21 17:08 - 00000000 ____D C:\Windows\erdnt
2013-10-21 17:15 - 2006-11-02 14:33 - 65798144 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-10-21 17:15 - 2006-11-02 14:33 - 57933824 _____ C:\Windows\system32\config\COMPONENTS.bak
2013-10-21 17:15 - 2006-11-02 14:33 - 43515904 _____ C:\Windows\system32\config\SYSTEM.bak
2013-10-21 17:15 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-10-21 17:15 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-10-21 17:15 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2013-10-21 17:07 - 2013-10-21 17:06 - 05136138 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2013-10-21 13:14 - 2012-12-26 17:14 - 00000000 ____D C:\Users\*****\AppData\Local\Paint.NET
2013-10-21 12:57 - 2013-10-21 12:57 - 00377856 _____ C:\Users\*****\Downloads\gmer_2.1.19163.exe
2013-10-21 11:49 - 2013-10-21 11:49 - 00000000 ____D C:\FRST
2013-10-21 11:47 - 2013-10-21 11:47 - 00050477 _____ C:\Users\*****\Downloads\Defogger.exe
2013-10-21 11:47 - 2013-10-21 11:47 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-10-21 11:47 - 2012-03-04 00:03 - 00000000 ____D C:\Users\*****
2013-10-20 23:32 - 2012-03-04 01:25 - 00000000 ____D C:\Users\*****\Documents\Kabel Deutschland
2013-10-20 19:54 - 2012-03-05 01:02 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc
2013-10-20 01:19 - 2012-03-04 05:20 - 00156672 _____ C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-19 17:47 - 2013-03-19 00:08 - 00000000 ____D C:\Users\*****\AppData\Local\Procaster
2013-10-18 01:23 - 2013-09-05 22:18 - 00004094 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1109511523-3860671390-4157341050-1000UA
2013-10-18 01:23 - 2013-09-05 22:18 - 00003698 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1109511523-3860671390-4157341050-1000Core
2013-10-17 14:22 - 2012-12-17 21:29 - 00000000 ____D C:\Fraps
2013-10-17 00:15 - 2013-10-13 21:30 - 00000510 _____ C:\Windows\WORDPAD.INI
2013-10-16 01:44 - 2012-11-08 12:31 - 00001912 _____ C:\Windows\epplauncher.mif
2013-10-16 01:44 - 2012-11-08 12:29 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-16 01:44 - 2012-11-08 12:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-14 20:57 - 2013-10-14 20:57 - 00317160 _____ C:\Users\*****\Downloads\worldguard-5.7.5.zip
2013-10-14 20:42 - 2013-10-14 20:42 - 00320559 _____ C:\Users\*****\Downloads\worldguard-5.8.zip
2013-10-14 17:51 - 2013-10-14 17:51 - 00000000 ____D C:\Users\*****\Downloads\Legend of Taleth
2013-10-14 17:50 - 2013-10-14 17:49 - 18581277 _____ C:\Users\*****\Downloads\Legend of Taleth.zip
2013-10-14 17:49 - 2013-10-14 17:49 - 00000000 ____D C:\Users\*****\Downloads\Dragon Tribes (2)
2013-10-14 17:43 - 2013-10-14 17:40 - 63512548 _____ C:\Users\*****\Downloads\Dragon Tribes (2).zip
2013-10-13 00:12 - 2013-10-13 00:12 - 00000000 ____D C:\Users\*****\Downloads\teamspeak3-server_win64-3.0.7.1
2013-10-13 00:11 - 2013-10-13 00:11 - 05273235 _____ C:\Users\*****\Downloads\teamspeak3-server_win64-3.0.7.1.zip
2013-10-11 11:20 - 2013-10-03 10:27 - 00000859 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-11 11:20 - 2013-07-06 19:51 - 00000000 ____D C:\$AVG
2013-10-09 21:30 - 2013-10-09 21:30 - 00000000 ____D C:\Users\admin*****\AppData\Roaming\AVG2014
2013-10-09 21:30 - 2013-10-09 21:30 - 00000000 ____D C:\Users\admin*****\AppData\Local\Avg2014
2013-10-09 15:11 - 2006-11-02 17:21 - 02049032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 12:54 - 2013-07-15 23:26 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 12:53 - 2006-11-02 14:35 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-09 12:52 - 2013-10-09 10:22 - 00030761 _____ C:\Users\*****\Documents\Heizverbrauch2013-2014.ods
2013-10-09 09:58 - 2013-10-09 09:58 - 00039732 _____ C:\Users\*****\Documents\Heizverbrauch2012-2013.ods
2013-10-08 17:20 - 2013-01-18 14:30 - 00000000 ____D C:\Users\*****\AppData\Roaming\Canon
2013-10-08 17:20 - 2012-03-05 00:54 - 00000000 ____D C:\Program Files (x86)\Paint Shop Pro 6
2013-10-08 17:20 - 2012-03-04 01:22 - 00000000 ____D C:\Users\*****\Desktop\Scanner
2013-10-06 19:12 - 2013-10-06 19:12 - 00000000 ____D C:\Users\*****\Desktop\MC_Bukkit - Kreativ
2013-10-06 03:56 - 2013-10-03 11:34 - 00000000 ____D C:\Users\*****\Desktop\MC_Bukkit
2013-10-05 11:38 - 2013-10-05 11:38 - 00421267 _____ C:\Users\*****\Downloads\OptiFine_1.6.4_HD_U_C5.jar
2013-10-05 11:30 - 2013-10-05 11:30 - 00263186 _____ C:\Users\*****\Downloads\Minecraft (2).exe
2013-10-03 13:37 - 2013-10-03 13:37 - 00797183 _____ C:\Users\*****\Downloads\worldedit-5.5.6.zip
2013-10-03 11:35 - 2013-10-03 11:35 - 00000050 _____ C:\Users\*****\run.bat
2013-10-03 11:32 - 2013-09-27 19:05 - 00000000 ____D C:\Users\*****\AppData\Local\Avg2014
2013-10-03 10:29 - 2013-10-03 10:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVG2014
2013-10-03 10:29 - 2013-10-03 10:27 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-03 10:29 - 2013-07-06 19:51 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-02 21:52 - 2012-12-29 00:52 - 00000000 ____D C:\Users\*****\Desktop\Minecraft Server
2013-10-02 21:28 - 2010-02-17 23:35 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-10-02 10:01 - 2013-06-13 17:28 - 00000000 ____D C:\Users\*****\Desktop\Minecraft Server - kreativ
2013-09-30 12:56 - 2013-06-16 10:30 - 00000000 ____D C:\Program Files (x86)\Planetary Annihilation
2013-09-29 10:28 - 2013-05-27 00:49 - 00000000 ____D C:\Users\*****\AppData\Roaming\ts3overlay
2013-09-25 21:07 - 2013-09-25 21:07 - 00148792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2013-09-25 16:51 - 2013-03-31 23:36 - 00000000 ____D C:\Users\*****\AppData\Local\Microsoft Games
2013-09-25 04:54 - 2012-11-20 17:27 - 00000000 ____D C:\Users\*****\Desktop\Motor-Talk
2013-09-24 14:57 - 2013-09-24 14:57 - 00421387 _____ C:\Users\*****\Downloads\OptiFine_1.6.4_HD_U_C4 (1).jar
2013-09-24 14:56 - 2013-09-24 14:56 - 00421387 _____ C:\Users\*****\Downloads\OptiFine_1.6.4_HD_U_C4.jar
2013-09-24 11:08 - 2013-09-24 11:08 - 00675988 _____ C:\Users\*****\Downloads\Minecraft (1).exe
2013-09-23 14:57 - 2013-10-09 10:00 - 01212928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 14:57 - 2013-10-09 10:00 - 00916992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 14:57 - 2013-10-09 10:00 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-23 14:55 - 2013-10-09 10:00 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-09-23 14:53 - 2013-10-09 10:00 - 00611840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2013-09-23 14:52 - 2013-10-09 10:00 - 06017024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 14:52 - 2013-10-09 10:00 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 14:52 - 2013-10-09 10:00 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-23 14:52 - 2013-10-09 10:00 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 11111936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 02005504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 01469440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-23 14:51 - 2013-10-09 10:00 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 14:50 - 2013-10-09 10:00 - 00387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-09-23 14:49 - 2013-10-09 10:00 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll
2013-09-23 13:14 - 2013-10-09 10:00 - 00385024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-09-23 12:51 - 2013-10-09 10:00 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 12:50 - 2013-10-09 10:00 - 01489920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 12:50 - 2013-10-09 10:00 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-23 12:49 - 2013-10-09 10:00 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-23 12:47 - 2013-10-09 10:00 - 09342464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 12:47 - 2013-10-09 10:00 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-09-23 12:47 - 2013-10-09 10:00 - 00742912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 12:47 - 2013-10-09 10:00 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-23 12:47 - 2013-10-09 10:00 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 12510208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 02357760 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-23 12:46 - 2013-10-09 10:00 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 12:44 - 2013-10-09 10:00 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-09-23 11:29 - 2013-10-09 10:00 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-09-23 11:29 - 2013-10-09 10:00 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-23 11:27 - 2013-10-09 10:00 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-23 11:27 - 2013-10-09 10:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-09-23 11:26 - 2013-10-09 10:00 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-23 09:44 - 2013-10-09 10:00 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-23 09:43 - 2013-10-09 10:00 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 09:40 - 2013-10-09 10:00 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-23 09:39 - 2013-10-09 10:00 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

Files to move or delete:
====================
C:\Users\*****\run.bat


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\temp\jansi-64-git-Bukkit-1.5.2-R1.0-b2788jnks.dll
C:\Users\*****\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-22 15:05

==================== End Of Log ============================
--- --- ---


Ich war ziemlich überrascht das Viren in den 5 Dateien gefunden wurden, vor allem weil ich Malwarebytes vor nicht allzu langer Zeit erst deinstalliert hatte (Testlizenz abgelaufen).
Diese Programme stammen allesamt von chip.de :eek:
Da die Dateien schon einige Zeit auf meinem Rechner sind, frage ich mich wie diese solange unentdeckt geblieben sind ?!

Gruß
Houseman

P.S.: Super Arbeit die Du machst, hoffe ich mache alles soweit richtig.

schrauber 23.10.2013 06:31
Entspann dich, das sind PUP Funde :)

PUP heisst Potenziell unerwünschtes Programm, d.h. der Installer liefert auch andere Sachen wie ne Tolbar mit, meist werden die getarnt mitinstalliert, wie bei Deamon Tools die Deamon Tools Toolbar. Deswegen PUP :)




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Houseman 23.10.2013 11:36
Hallo Schrauber,

Danke für die Antwort.

Hier die Daten der Log-Dateien:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=*****
# engine=15593
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-23 10:02:45
# local_time=2013-10-23 12:02:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=*****
# scanned=714069
# found=0
# cleaned=0
# scan_time=8708
Code:
Results of screen317's Security Check version 0.99.74 
 Windows Vista Service Pack 2 x64 (UAC is disabled!) 
 Internet Explorer 8 Out of date!
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2014 
Microsoft Security Essentials   
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Adobe Flash Player        11.7.700.169 
 Google Chrome 30.0.1599.101 
 Google Chrome 30.0.1599.69 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 AVG avgwdsvc.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2013
Ran by ***** (administrator) on ***** on 23-10-2013 12:15:28
Running from C:\Users\*****\Downloads
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-16] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKU\*****\...\Run: [Facebook Update] - C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-13] (Facebook Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe (Samsung Electronics.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {45FCC686-4F75-4346-BDB4-694FE282A28B} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {45FCC686-4F75-4346-BDB4-694FE282A28B} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\*****\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\*****\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (InoViewer Plugin) - C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\*****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\*****\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S4 Backup Service Home-Dienst; C:\Program Files (x86)\Alexosoft\Backup Service Home 3\BSHService.exe [17920 2012-12-04] (Alexander Seeliger Software)
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2006-11-02] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2009-04-11] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
S3 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2013-09-15] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] ()
R3 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [441344 2009-04-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-03-05] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 Beep; No ImagePath
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [34704 2010-02-05] (CSR, plc)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-03-05] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [49256 2011-05-10] (Yamaha Corporation)
S3 7ByteIo; \??\C:\Program Files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [x]
S3 ALSysIO; \??\C:\Users\*****\AppData\Local\Temp\ALSysIO64.sys [x]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S3 GenericMount; system32\DRIVERS\GenericMount.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U2 V2iMount;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-23 09:36 - 2013-10-23 09:36 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_enu (1).exe
2013-10-23 09:36 - 2013-10-23 09:36 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-23 00:26 - 2013-10-23 00:26 - 00891167 _____ C:\Users\*****\Desktop\SecurityCheck.exe
2013-10-22 20:16 - 2013-10-22 20:16 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_enu.exe
2013-10-22 15:27 - 2013-10-22 15:27 - 00018434 _____ C:\Users\*****\Downloads\Addition.txt
2013-10-22 15:24 - 2013-10-22 15:24 - 01954682 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2013-10-22 15:06 - 2013-10-22 15:06 - 00000912 _____ C:\Users\*****\Desktop\JRT.txt
2013-10-22 15:02 - 2013-10-22 15:02 - 00000000 ____D C:\Windows\ERUNT
2013-10-22 14:54 - 2013-10-22 14:57 - 00000000 ____D C:\AdwCleaner
2013-10-22 14:44 - 2013-10-22 14:44 - 00000919 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-22 14:44 - 2013-10-22 14:44 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-10-22 14:44 - 2013-10-22 14:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-22 14:44 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-22 14:43 - 2013-10-22 14:43 - 01060070 _____ C:\Users\*****\Downloads\adwcleaner.exe
2013-10-22 14:43 - 2013-10-22 14:43 - 01033335 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe
2013-10-22 14:42 - 2013-10-22 14:42 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\*****\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-21 20:41 - 2013-10-21 20:42 - 00012604 _____ C:\Users\*****\Desktop\combofix.txt
2013-10-21 20:39 - 2013-10-21 20:39 - 00012618 _____ C:\ComboFix.txt
2013-10-21 20:13 - 2013-10-21 20:13 - 00013391 _____ C:\combofine.txt
2013-10-21 17:09 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-21 17:09 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-21 17:09 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-21 17:09 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-21 17:09 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-21 17:09 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-21 17:09 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-21 17:09 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-21 17:08 - 2013-10-21 20:39 - 00000000 ____D C:\Qoobox
2013-10-21 17:08 - 2013-10-21 19:56 - 00000000 ____D C:\Windows\erdnt
2013-10-21 17:06 - 2013-10-21 17:07 - 05136138 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2013-10-21 13:29 - 2013-10-23 12:14 - 00000000 ____D C:\Users\*****\Desktop\Trojaner-Board
2013-10-21 12:57 - 2013-10-21 12:57 - 00377856 _____ C:\Users\*****\Downloads\gmer_2.1.19163.exe
2013-10-21 11:49 - 2013-10-21 11:49 - 00000000 ____D C:\FRST
2013-10-21 11:47 - 2013-10-21 11:47 - 00050477 _____ C:\Users\*****\Downloads\Defogger.exe
2013-10-21 11:47 - 2013-10-21 11:47 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-10-14 20:57 - 2013-10-14 20:57 - 00317160 _____ C:\Users\*****\Downloads\worldguard-5.7.5.zip
2013-10-14 20:42 - 2013-10-14 20:42 - 00320559 _____ C:\Users\*****\Downloads\worldguard-5.8.zip
2013-10-14 17:51 - 2013-10-14 17:51 - 00000000 ____D C:\Users\*****\Downloads\Legend of Taleth
2013-10-14 17:49 - 2013-10-14 17:50 - 18581277 _____ C:\Users\*****\Downloads\Legend of Taleth.zip
2013-10-14 17:49 - 2013-10-14 17:49 - 00000000 ____D C:\Users\*****\Downloads\Dragon Tribes (2)
2013-10-14 17:40 - 2013-10-14 17:43 - 63512548 _____ C:\Users\*****\Downloads\Dragon Tribes (2).zip
2013-10-13 21:30 - 2013-10-17 00:15 - 00000510 _____ C:\Windows\WORDPAD.INI
2013-10-13 00:12 - 2013-10-13 00:12 - 00000000 ____D C:\Users\*****\Downloads\teamspeak3-server_win64-3.0.7.1
2013-10-13 00:11 - 2013-10-13 00:11 - 05273235 _____ C:\Users\*****\Downloads\teamspeak3-server_win64-3.0.7.1.zip
2013-10-09 21:30 - 2013-10-09 21:30 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVG2014
2013-10-09 21:30 - 2013-10-09 21:30 - 00000000 ____D C:\Users\*****\AppData\Local\Avg2014
2013-10-09 10:22 - 2013-10-09 12:52 - 00030761 _____ C:\Users\*****\Documents\Heizverbrauch2013-2014.ods
2013-10-09 10:00 - 2013-09-23 14:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 10:00 - 2013-09-23 14:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 10:00 - 2013-09-23 14:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-09 10:00 - 2013-09-23 14:55 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-10-09 10:00 - 2013-09-23 14:53 - 00611840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2013-10-09 10:00 - 2013-09-23 14:52 - 06017024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 10:00 - 2013-09-23 14:52 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 10:00 - 2013-09-23 14:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-09 10:00 - 2013-09-23 14:52 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 11111936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 02005504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 01469440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-09 10:00 - 2013-09-23 14:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-10-09 10:00 - 2013-09-23 14:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 10:00 - 2013-09-23 14:50 - 00387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-10-09 10:00 - 2013-09-23 14:49 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll
2013-10-09 10:00 - 2013-09-23 13:14 - 00385024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-10-09 10:00 - 2013-09-23 12:51 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 10:00 - 2013-09-23 12:50 - 01489920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 10:00 - 2013-09-23 12:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-09 10:00 - 2013-09-23 12:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-10-09 10:00 - 2013-09-23 12:47 - 09342464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 10:00 - 2013-09-23 12:47 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-10-09 10:00 - 2013-09-23 12:47 - 00742912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 10:00 - 2013-09-23 12:47 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-09 10:00 - 2013-09-23 12:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 12510208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 02357760 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-09 10:00 - 2013-09-23 12:46 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-10-09 10:00 - 2013-09-23 12:46 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 10:00 - 2013-09-23 12:44 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-10-09 10:00 - 2013-09-23 11:29 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-10-09 10:00 - 2013-09-23 11:29 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-09 10:00 - 2013-09-23 11:27 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 10:00 - 2013-09-23 11:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-10-09 10:00 - 2013-09-23 11:26 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-10-09 10:00 - 2013-09-23 09:44 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-09 10:00 - 2013-09-23 09:43 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 10:00 - 2013-09-23 09:40 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-10-09 10:00 - 2013-09-23 09:39 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 10:00 - 2013-08-29 09:48 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 10:00 - 2013-08-27 05:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-09 10:00 - 2013-08-27 05:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-09 10:00 - 2013-08-27 05:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-09 10:00 - 2013-08-27 05:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-09 10:00 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-09 10:00 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-09 10:00 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-09 10:00 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-09 10:00 - 2013-08-27 04:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-09 10:00 - 2013-08-27 04:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-09 10:00 - 2013-08-27 04:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-09 10:00 - 2013-08-27 04:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-09 10:00 - 2013-08-27 04:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-09 10:00 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-09 10:00 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-09 10:00 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-09 10:00 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-10-09 10:00 - 2013-08-01 06:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 10:00 - 2013-08-01 05:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-09 10:00 - 2013-07-20 12:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 10:00 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 10:00 - 2013-07-12 11:19 - 00099200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 10:00 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 10:00 - 2013-07-04 06:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 10:00 - 2013-07-03 04:55 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 10:00 - 2013-07-03 04:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 10:00 - 2013-06-29 04:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 10:00 - 2013-06-29 04:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 10:00 - 2013-06-29 04:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 10:00 - 2013-06-29 04:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 10:00 - 2013-06-27 01:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 10:00 - 2013-06-04 06:16 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 10:00 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 10:00 - 2013-06-04 04:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 10:00 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 10:00 - 2011-05-05 16:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 09:58 - 2013-10-09 09:58 - 00039732 _____ C:\Users\*****\Documents\Heizverbrauch2012-2013.ods
2013-10-06 19:12 - 2013-10-06 19:12 - 00000000 ____D C:\Users\*****\Desktop\MC_Bukkit - Kreativ
2013-10-05 11:38 - 2013-10-05 11:38 - 00421267 _____ C:\Users\*****\Downloads\OptiFine_1.6.4_HD_U_C5.jar
2013-10-05 11:30 - 2013-10-05 11:30 - 00263186 _____ C:\Users\*****\Downloads\Minecraft (2).exe
2013-10-03 13:37 - 2013-10-03 13:37 - 00797183 _____ C:\Users\*****\Downloads\worldedit-5.5.6.zip
2013-10-03 11:35 - 2013-10-03 11:35 - 00000050 _____ C:\Users\*****\run.bat
2013-10-03 11:34 - 2013-10-06 03:56 - 00000000 ____D C:\Users\*****\Desktop\MC_Bukkit
2013-10-03 10:29 - 2013-10-03 10:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVG2014
2013-10-03 10:27 - 2013-10-11 11:20 - 00000859 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-03 10:27 - 2013-10-03 10:29 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-27 19:05 - 2013-10-03 11:32 - 00000000 ____D C:\Users\*****\AppData\Local\Avg2014
2013-09-25 21:07 - 2013-09-25 21:07 - 00148792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2013-09-24 14:57 - 2013-09-24 14:57 - 00421387 _____ C:\Users\*****\Downloads\OptiFine_1.6.4_HD_U_C4 (1).jar
2013-09-24 14:56 - 2013-09-24 14:56 - 00421387 _____ C:\Users\*****\Downloads\OptiFine_1.6.4_HD_U_C4.jar
2013-09-24 11:08 - 2013-09-24 11:08 - 00675988 _____ C:\Users\*****\Downloads\Minecraft (1).exe

==================== One Month Modified Files and Folders =======

2013-10-23 12:14 - 2013-10-21 13:29 - 00000000 ____D C:\Users\*****\Desktop\Trojaner-Board
2013-10-23 11:28 - 2013-09-05 22:18 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1109511523-3860671390-4157341050-1000UA.job
2013-10-23 11:20 - 2006-11-02 17:22 - 00004576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-23 11:20 - 2006-11-02 17:22 - 00004576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-23 09:36 - 2013-10-23 09:36 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_enu (1).exe
2013-10-23 09:36 - 2013-10-23 09:36 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-23 09:31 - 2013-08-16 23:01 - 01180920 _____ C:\Windows\WindowsUpdate.log
2013-10-23 09:25 - 2013-07-06 19:50 - 00000000 ____D C:\ProgramData\MFAData
2013-10-23 09:24 - 2008-01-21 13:10 - 00753858 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-23 09:24 - 2008-01-21 13:09 - 00628742 _____ C:\Windows\system32\perfh007.dat
2013-10-23 09:24 - 2008-01-21 13:09 - 00126486 _____ C:\Windows\system32\perfc007.dat
2013-10-23 09:21 - 2012-03-07 15:38 - 00000000 ____D C:\Users\*****\AppData\Roaming\Nitro PDF
2013-10-23 09:20 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-23 03:20 - 2012-07-31 17:08 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-10-23 03:20 - 2012-03-05 00:11 - 00000000 ____D C:\Users\*****\AppData\Roaming\TS3Client
2013-10-23 03:20 - 2006-11-02 17:42 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-23 01:28 - 2013-09-05 22:18 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1109511523-3860671390-4157341050-1000Core.job
2013-10-23 00:39 - 2012-10-01 18:15 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-23 00:26 - 2013-10-23 00:26 - 00891167 _____ C:\Users\*****\Desktop\SecurityCheck.exe
2013-10-22 20:16 - 2013-10-22 20:16 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_enu.exe
2013-10-22 15:27 - 2013-10-22 15:27 - 00018434 _____ C:\Users\*****\Downloads\Addition.txt
2013-10-22 15:24 - 2013-10-22 15:24 - 01954682 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2013-10-22 15:06 - 2013-10-22 15:06 - 00000912 _____ C:\Users\*****\Desktop\JRT.txt
2013-10-22 15:02 - 2013-10-22 15:02 - 00000000 ____D C:\Windows\ERUNT
2013-10-22 14:57 - 2013-10-22 14:54 - 00000000 ____D C:\AdwCleaner
2013-10-22 14:44 - 2013-10-22 14:44 - 00000919 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-22 14:44 - 2013-10-22 14:44 - 00000000 ____D C:\Users\*****\AppData\Roaming\Malwarebytes
2013-10-22 14:44 - 2013-10-22 14:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-22 14:43 - 2013-10-22 14:43 - 01060070 _____ C:\Users\*****\Downloads\adwcleaner.exe
2013-10-22 14:43 - 2013-10-22 14:43 - 01033335 _____ (Thisisu) C:\Users\*****\Downloads\JRT.exe
2013-10-22 14:42 - 2013-10-22 14:42 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\*****\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-22 09:21 - 2013-08-07 09:21 - 00000000 ____D C:\Users\*****\AppData\Roaming\.minecraft
2013-10-21 20:42 - 2013-10-21 20:41 - 00012604 _____ C:\Users\*****\Desktop\combofix.txt
2013-10-21 20:39 - 2013-10-21 20:39 - 00012618 _____ C:\ComboFix.txt
2013-10-21 20:39 - 2013-10-21 17:08 - 00000000 ____D C:\Qoobox
2013-10-21 20:37 - 2006-11-02 14:34 - 00000215 _____ C:\Windows\system.ini
2013-10-21 20:13 - 2013-10-21 20:13 - 00013391 _____ C:\combofine.txt
2013-10-21 20:03 - 2006-11-02 15:33 - 00000000 __RHD C:\Users\Default
2013-10-21 19:56 - 2013-10-21 17:08 - 00000000 ____D C:\Windows\erdnt
2013-10-21 17:15 - 2006-11-02 14:33 - 65798144 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-10-21 17:15 - 2006-11-02 14:33 - 57933824 _____ C:\Windows\system32\config\COMPONENTS.bak
2013-10-21 17:15 - 2006-11-02 14:33 - 43515904 _____ C:\Windows\system32\config\SYSTEM.bak
2013-10-21 17:15 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-10-21 17:15 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-10-21 17:15 - 2006-11-02 14:33 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak
2013-10-21 17:07 - 2013-10-21 17:06 - 05136138 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2013-10-21 13:14 - 2012-12-26 17:14 - 00000000 ____D C:\Users\*****\AppData\Local\Paint.NET
2013-10-21 12:57 - 2013-10-21 12:57 - 00377856 _____ C:\Users\*****\Downloads\gmer_2.1.19163.exe
2013-10-21 11:49 - 2013-10-21 11:49 - 00000000 ____D C:\FRST
2013-10-21 11:47 - 2013-10-21 11:47 - 00050477 _____ C:\Users\*****\Downloads\Defogger.exe
2013-10-21 11:47 - 2013-10-21 11:47 - 00000000 _____ C:\Users\*****\defogger_reenable
2013-10-21 11:47 - 2012-03-04 00:03 - 00000000 ____D C:\Users\*****
2013-10-20 23:32 - 2012-03-04 01:25 - 00000000 ____D C:\Users\*****\Documents\Kabel Deutschland
2013-10-20 19:54 - 2012-03-05 01:02 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc
2013-10-20 01:19 - 2012-03-04 05:20 - 00156672 _____ C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-19 17:47 - 2013-03-19 00:08 - 00000000 ____D C:\Users\*****\AppData\Local\Procaster
2013-10-18 01:23 - 2013-09-05 22:18 - 00004094 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1109511523-3860671390-4157341050-1000UA
2013-10-18 01:23 - 2013-09-05 22:18 - 00003698 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1109511523-3860671390-4157341050-1000Core
2013-10-17 14:22 - 2012-12-17 21:29 - 00000000 ____D C:\Fraps
2013-10-17 00:15 - 2013-10-13 21:30 - 00000510 _____ C:\Windows\WORDPAD.INI
2013-10-16 01:44 - 2012-11-08 12:31 - 00001912 _____ C:\Windows\epplauncher.mif
2013-10-16 01:44 - 2012-11-08 12:29 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-16 01:44 - 2012-11-08 12:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-14 20:57 - 2013-10-14 20:57 - 00317160 _____ C:\Users\*****\Downloads\worldguard-5.7.5.zip
2013-10-14 20:42 - 2013-10-14 20:42 - 00320559 _____ C:\Users\*****\Downloads\worldguard-5.8.zip
2013-10-14 17:51 - 2013-10-14 17:51 - 00000000 ____D C:\Users\*****\Downloads\Legend of Taleth
2013-10-14 17:50 - 2013-10-14 17:49 - 18581277 _____ C:\Users\*****\Downloads\Legend of Taleth.zip
2013-10-14 17:49 - 2013-10-14 17:49 - 00000000 ____D C:\Users\*****\Downloads\Dragon Tribes (2)
2013-10-14 17:43 - 2013-10-14 17:40 - 63512548 _____ C:\Users\*****\Downloads\Dragon Tribes (2).zip
2013-10-13 00:12 - 2013-10-13 00:12 - 00000000 ____D C:\Users\*****\Downloads\teamspeak3-server_win64-3.0.7.1
2013-10-13 00:11 - 2013-10-13 00:11 - 05273235 _____ C:\Users\*****\Downloads\teamspeak3-server_win64-3.0.7.1.zip
2013-10-11 11:20 - 2013-10-03 10:27 - 00000859 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-11 11:20 - 2013-07-06 19:51 - 00000000 ____D C:\$AVG
2013-10-09 21:30 - 2013-10-09 21:30 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVG2014
2013-10-09 21:30 - 2013-10-09 21:30 - 00000000 ____D C:\Users\*****\AppData\Local\Avg2014
2013-10-09 15:11 - 2006-11-02 17:21 - 02049032 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 12:54 - 2013-07-15 23:26 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 12:53 - 2006-11-02 14:35 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-09 12:52 - 2013-10-09 10:22 - 00030761 _____ C:\Users\*****\Documents\Heizverbrauch2013-2014.ods
2013-10-09 09:58 - 2013-10-09 09:58 - 00039732 _____ C:\Users\*****\Documents\Heizverbrauch2012-2013.ods
2013-10-08 17:20 - 2013-01-18 14:30 - 00000000 ____D C:\Users\*****\AppData\Roaming\Canon
2013-10-08 17:20 - 2012-03-05 00:54 - 00000000 ____D C:\Program Files (x86)\Paint Shop Pro 6
2013-10-08 17:20 - 2012-03-04 01:22 - 00000000 ____D C:\Users\*****\Desktop\Scanner
2013-10-06 19:12 - 2013-10-06 19:12 - 00000000 ____D C:\Users\*****\Desktop\MC_Bukkit - Kreativ
2013-10-06 03:56 - 2013-10-03 11:34 - 00000000 ____D C:\Users\*****\Desktop\MC_Bukkit
2013-10-05 11:38 - 2013-10-05 11:38 - 00421267 _____ C:\Users\*****\Downloads\OptiFine_1.6.4_HD_U_C5.jar
2013-10-05 11:30 - 2013-10-05 11:30 - 00263186 _____ C:\Users\*****\Downloads\Minecraft (2).exe
2013-10-03 13:37 - 2013-10-03 13:37 - 00797183 _____ C:\Users\*****\Downloads\worldedit-5.5.6.zip
2013-10-03 11:35 - 2013-10-03 11:35 - 00000050 _____ C:\Users\*****\run.bat
2013-10-03 11:32 - 2013-09-27 19:05 - 00000000 ____D C:\Users\*****\AppData\Local\Avg2014
2013-10-03 10:29 - 2013-10-03 10:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\AVG2014
2013-10-03 10:29 - 2013-10-03 10:27 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-03 10:29 - 2013-07-06 19:51 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-02 21:52 - 2012-12-29 00:52 - 00000000 ____D C:\Users\*****\Desktop\Minecraft Server
2013-10-02 21:28 - 2010-02-17 23:35 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-10-02 10:01 - 2013-06-13 17:28 - 00000000 ____D C:\Users\*****\Desktop\Minecraft Server - kreativ
2013-09-30 12:56 - 2013-06-16 10:30 - 00000000 ____D C:\Program Files (x86)\Planetary Annihilation
2013-09-29 10:28 - 2013-05-27 00:49 - 00000000 ____D C:\Users\*****\AppData\Roaming\ts3overlay
2013-09-25 21:07 - 2013-09-25 21:07 - 00148792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2013-09-25 16:51 - 2013-03-31 23:36 - 00000000 ____D C:\Users\*****\AppData\Local\Microsoft Games
2013-09-25 04:54 - 2012-11-20 17:27 - 00000000 ____D C:\Users\*****\Desktop\Motor-Talk
2013-09-24 14:57 - 2013-09-24 14:57 - 00421387 _____ C:\Users\*****\Downloads\OptiFine_1.6.4_HD_U_C4 (1).jar
2013-09-24 14:56 - 2013-09-24 14:56 - 00421387 _____ C:\Users\*****\Downloads\OptiFine_1.6.4_HD_U_C4.jar
2013-09-24 11:08 - 2013-09-24 11:08 - 00675988 _____ C:\Users\*****\Downloads\Minecraft (1).exe
2013-09-23 14:57 - 2013-10-09 10:00 - 01212928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 14:57 - 2013-10-09 10:00 - 00916992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 14:57 - 2013-10-09 10:00 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-23 14:55 - 2013-10-09 10:00 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-09-23 14:53 - 2013-10-09 10:00 - 00611840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2013-09-23 14:52 - 2013-10-09 10:00 - 06017024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 14:52 - 2013-10-09 10:00 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 14:52 - 2013-10-09 10:00 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-23 14:52 - 2013-10-09 10:00 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 11111936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 02005504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 01469440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-23 14:51 - 2013-10-09 10:00 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-09-23 14:51 - 2013-10-09 10:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 14:50 - 2013-10-09 10:00 - 00387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-09-23 14:49 - 2013-10-09 10:00 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll
2013-09-23 13:14 - 2013-10-09 10:00 - 00385024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-09-23 12:51 - 2013-10-09 10:00 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 12:50 - 2013-10-09 10:00 - 01489920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 12:50 - 2013-10-09 10:00 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-23 12:49 - 2013-10-09 10:00 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-09-23 12:47 - 2013-10-09 10:00 - 09342464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 12:47 - 2013-10-09 10:00 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-09-23 12:47 - 2013-10-09 10:00 - 00742912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 12:47 - 2013-10-09 10:00 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-23 12:47 - 2013-10-09 10:00 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 12510208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 02357760 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-23 12:46 - 2013-10-09 10:00 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-09-23 12:46 - 2013-10-09 10:00 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 12:44 - 2013-10-09 10:00 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2013-09-23 11:29 - 2013-10-09 10:00 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-09-23 11:29 - 2013-10-09 10:00 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-23 11:27 - 2013-10-09 10:00 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-23 11:27 - 2013-10-09 10:00 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-09-23 11:26 - 2013-10-09 10:00 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-09-23 09:44 - 2013-10-09 10:00 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-23 09:43 - 2013-10-09 10:00 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 09:40 - 2013-10-09 10:00 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-09-23 09:39 - 2013-10-09 10:00 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

Files to move or delete:
====================
C:\Users\*****\run.bat


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-23 09:25

==================== End Of Log ============================
--- --- ---


Probleme hatte ich bisher weniger, aber nicht verschwunden.
Ich werde es beobachten und gegebenenfalls hier noch mal antworten.

Könnte es sein das dieses AVG Antivir das System ausbremst wenn es arbeitet ?
Mein System ist eigentlich ein Hochleistungs-Computer, aber verhält sich derzeit sehr komisch.
Nunja, vielleicht auch ein Hardware Defekt, oder das InteliMouse von Microsoft, macht Probleme.

Ich danke Dir für Deine Mühe. Falls Dir noch etwas einfällt was man machen könnte, immer her damit.
Sollte ich nach den Funden, vorsichtshalber das System neu aufsetzen (gruselt mir jetzt schon vor, weil das System seit Jahren Problemlos läuft), oder sind die Befunde nicht so gravierend ?

Gruß
Houseman

:daumenhoc
:dankeschoen:

schrauber 23.10.2013 15:14
Deinstallier AVG und teste :)

Houseman 23.10.2013 16:11
Wäre eine Möglichkeit. Und was benutze ich stattdessen ?
Habe schon so einiges durch von dem ich nicht so begeistert war.

Ein Tipp Deinerseits ? :aufsmaul: hehe

Was sagst Du zu der Neuinstallation ?

Gruß
Houseman

schrauber 24.10.2013 08:33
Emsisoft :)

Nö, neuaufsetzen brauchst nit, änder die Passwörter und gut is.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:17 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132