Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Vieles laggt = Virus (https://www.trojaner-board.de/147318-vieles-laggt-virus.html)

Malysch 04.01.2014 19:15
Vieles laggt = Virus
 
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Shitface :: SHITFACE-HP [Administrator]

04.01.2014 18:44:42
mbam-log-2014-01-04 (18-44-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 206448
Laufzeit: 8 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Shitface\Downloads\FlashPlayer__4369_i193842620_il14.exe (PUP.Optional.InstallMonetizer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Shitface\Downloads\FlashPlayer__4369_i193842877_il14.exe (PUP.Optional.InstallMonetizer) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Und ich habe versucht den Laptop zu bereinigen aber es wurde mir angzeigt das es ein Systemfehler gab.

mfg Malysch

schrauber 04.01.2014 20:16
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Malysch 04.01.2014 20:25
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by Shitface (administrator) on SHITFACE-HP on 04-01-2014 20:22:51
Running from C:\Users\Shitface\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Program Files (x86)\TorrentExpress\TorrentExpress.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(APN LLC.) C:\Users\Shitface\AppData\Local\VNT\vntldr.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-29] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [202192 2013-12-20] (APN LLC.)
HKLM-x32\...\Run: [4StoryPrePatch] - C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe [327680 2013-01-08] (Zemi Interactive Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKCU\...\Run: [TorrentExpress] - C:\Program Files (x86)\TorrentExpress\TorrentExpress.exe [667648 2013-06-19] ()
AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll [ ] ()
BootExecute: autocheck autochk /p \??\C:autocheck autochk *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=8c03e0fe000000000000e02a825d6f3a
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.claro-search.com/?q={searchTerms}&affID=120133&babsrc=SP_ss&mntrId=8c03e0fe000000000000e02a825d6f3a
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb203?a=6OzaPyGGSB&search={searchTerms}&i=26
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms}
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - C:\Program Files (x86)\Tiny Media Player\Applon_ie.dll (Applon)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome:
=======
CHR DefaultSearchKeyword:
CHR DefaultSearchProvider:
CHR DefaultSearchURL:
CHR DefaultNewTabURL:
CHR Extension: (Skype Click to Call) - C:\Users\Shitface\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Google Wallet) - C:\Users\Shitface\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Shitface\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm\30.1_0
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [dijpoieccemifpgijppmfkdhdjgggclg] - C:\Users\Shitface\AppData\Local\Google\Chrome\\User Data\\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\dijpoieccemifpgijppmfkdhdjgggclg.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [pcoohmdcpejoeggdnihdfhohjgdbllgm] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\ToolbarCR.crx

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
S3 npggsvc; C:\windows\SysWow64\GameMon.des [3955824 2012-10-16] (INCA Internet Co., Ltd.)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [244736 2010-01-29] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 BTMNET; C:\Windows\System32\DRIVERS\btmnet.sys [28672 2010-06-17] (Motorola, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [96384 2010-05-21] (Realtek Semiconductor Corp.)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]
S3 X6va011; \??\C:\windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\windows\SysWOW64\Drivers\X6va012 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-04 20:22 - 2014-01-04 20:23 - 00014577 _____ C:\Users\Shitface\Downloads\FRST.txt
2014-01-04 20:22 - 2014-01-04 20:22 - 01931368 _____ (Farbar) C:\Users\Shitface\Downloads\FRST64.exe
2014-01-04 20:22 - 2014-01-04 20:22 - 00000000 ____D C:\FRST
2014-01-04 20:16 - 2014-01-04 20:16 - 00001461 _____ C:\Users\Shitface\Downloads\Download (4)
2014-01-04 20:15 - 2014-01-04 20:15 - 00001461 _____ C:\Users\Shitface\Downloads\Download (3)
2014-01-04 20:15 - 2014-01-04 20:15 - 00001461 _____ C:\Users\Shitface\Downloads\Download (2)
2014-01-04 20:15 - 2014-01-04 20:15 - 00001461 _____ C:\Users\Shitface\Downloads\Download (1)
2014-01-04 20:14 - 2014-01-04 20:14 - 00001461 _____ C:\Users\Shitface\Downloads\Download
2014-01-04 18:46 - 2014-01-04 20:06 - 00000000 ____D C:\Program Files (x86)\Opera
2014-01-04 18:46 - 2014-01-04 20:05 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Opera Software
2014-01-04 18:46 - 2014-01-04 20:05 - 00000000 ____D C:\Users\Shitface\AppData\Local\Opera Software
2014-01-04 18:44 - 2014-01-04 18:45 - 33803296 _____ (Opera Software ASA) C:\Users\Shitface\Downloads\Opera_18.0.1284.68_Setup.exe
2014-01-04 16:29 - 2014-01-04 16:29 - 00000222 _____ C:\Users\Shitface\Desktop\Rust.url
2014-01-04 16:29 - 2014-01-04 16:29 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-03 17:31 - 2014-01-04 18:35 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-03 17:31 - 2014-01-03 17:31 - 01133552 _____ C:\Users\Shitface\Downloads\SteamSetup.exe
2014-01-03 17:31 - 2014-01-03 17:31 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2014-01-02 19:25 - 2014-01-02 19:25 - 00356352 _____ C:\Users\Shitface\Desktop\Minecraft.exe
2014-01-02 19:25 - 2014-01-02 19:25 - 00009142 _____ C:\Users\Shitface\Desktop\MineCraft.zip
2014-01-01 03:39 - 2014-01-01 03:48 - 00000084 _____ C:\Users\Shitface\Downloads\MOL_Properties.properties
2014-01-01 03:39 - 2014-01-01 03:48 - 00000000 ____D C:\Users\Shitface\minecraft
2014-01-01 03:39 - 2014-01-01 03:39 - 00473416 _____ C:\Users\Shitface\Downloads\MinecraftSMP cracked Launcher.jar
2014-01-01 03:39 - 2014-01-01 03:39 - 00473416 _____ C:\Users\Shitface\Downloads\MinecraftSMP cracked Launcher (1).jar
2013-12-31 21:41 - 2013-12-31 21:41 - 00000992 _____ C:\Users\Shitface\Desktop\Bandicam.lnk
2013-12-31 17:41 - 2013-12-31 17:41 - 00000000 ____D C:\Program Files (x86)\Gameforge4D
2013-12-31 16:47 - 2013-12-31 17:33 - 1652170224 _____ (Gameforge4D                                                ) C:\Users\Shitface\Downloads\4Story_DE_4.2.1.exe
2013-12-31 00:49 - 2013-12-31 00:50 - 1283496964 _____ C:\Users\Shitface\Downloads\Lavanda2.rar
2013-12-30 01:54 - 2013-12-30 01:54 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\BANDISOFT
2013-12-30 01:53 - 2014-01-01 22:41 - 00000000 ____D C:\Users\Shitface\Documents\Bandicam
2013-12-30 01:53 - 2013-12-31 21:41 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2013-12-30 01:53 - 2013-12-31 21:41 - 00000000 ____D C:\Program Files (x86)\Bandicam
2013-12-30 01:53 - 2013-12-30 01:53 - 07374512 _____ (Bandisoft) C:\Users\Shitface\Downloads\bdcamsetup192.exe
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Users\Shitface\AppData\Local\VNT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Program Files (x86)\VNT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-12-28 17:23 - 2013-12-28 17:23 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Avira
2013-12-28 17:23 - 2013-12-28 17:23 - 00000000 ____D C:\ProgramData\APN
2013-12-28 17:22 - 2013-12-28 17:22 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\ProgramData\Avira
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-28 17:22 - 2013-12-09 11:37 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-12-28 17:22 - 2013-12-09 11:37 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-12-28 17:22 - 2013-12-09 11:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-12-28 17:22 - 2013-12-09 11:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-12-28 17:16 - 2013-12-28 17:19 - 129598176 _____ C:\Users\Shitface\Downloads\avira_free_antivirus_de_14.0.2.286.exe
2013-12-28 16:23 - 2013-12-28 16:24 - 02547000 _____ (Eximion B.V.) C:\Users\Shitface\Downloads\KalydoPlayer_5.09.05.exe
2013-12-27 19:34 - 2013-12-27 19:34 - 00000540 _____ C:\Users\Shitface\Desktop\Neues Textdokument (3).txt
2013-12-23 14:10 - 2014-01-01 14:58 - 00000000 ____D C:\Users\Shitface\Desktop\Fusion-Network
2013-12-23 13:45 - 2013-12-23 14:10 - 1015453079 _____ C:\Users\Shitface\Downloads\Fusion-Network_15_11.2013.rar
2013-12-12 06:40 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-12 06:40 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-12 06:40 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-12 06:40 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-12 06:39 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-12 06:39 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-12 06:39 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-12 06:39 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-12 06:39 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-12 06:39 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-12 06:39 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-12 06:39 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-12 06:39 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-12 06:39 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-12 06:39 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-12 06:39 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-12 06:39 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-12 06:39 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-12 06:39 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-12 06:39 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-12 06:39 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-12 06:39 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-12 06:39 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-12 06:39 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-12 06:39 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-12 06:39 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-12 06:39 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-12 06:39 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-12 06:39 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-12 06:39 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-12 06:39 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-12 06:39 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-12 06:39 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-12 06:39 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-12 06:39 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-12 06:31 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-12 06:31 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-12 06:31 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-12 06:31 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-12 06:31 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-12 06:31 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-12 06:31 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-12 06:31 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-12 06:31 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-12 06:31 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-12 06:31 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-12 06:31 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-12 06:31 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-12 06:31 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-12 06:31 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-12 06:31 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-12 06:31 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-12 06:31 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-12 06:31 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-11 11:40 - 2013-12-11 11:40 - 09293192 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-08 19:02 - 2014-01-04 18:22 - 00000000 ___RD C:\SHITFACE-HP
2013-12-08 19:02 - 2013-12-08 19:02 - 00000528 ____R C:\MediaID.bin

==================== One Month Modified Files and Folders =======

2014-01-04 20:23 - 2014-01-04 20:22 - 00014577 _____ C:\Users\Shitface\Downloads\FRST.txt
2014-01-04 20:22 - 2014-01-04 20:22 - 01931368 _____ (Farbar) C:\Users\Shitface\Downloads\FRST64.exe
2014-01-04 20:22 - 2014-01-04 20:22 - 00000000 ____D C:\FRST
2014-01-04 20:21 - 2012-11-19 20:29 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Skype
2014-01-04 20:19 - 2012-11-19 17:42 - 02003761 _____ C:\windows\WindowsUpdate.log
2014-01-04 20:16 - 2014-01-04 20:16 - 00001461 _____ C:\Users\Shitface\Downloads\Download (4)
2014-01-04 20:15 - 2014-01-04 20:15 - 00001461 _____ C:\Users\Shitface\Downloads\Download (3)
2014-01-04 20:15 - 2014-01-04 20:15 - 00001461 _____ C:\Users\Shitface\Downloads\Download (2)
2014-01-04 20:15 - 2014-01-04 20:15 - 00001461 _____ C:\Users\Shitface\Downloads\Download (1)
2014-01-04 20:14 - 2014-01-04 20:14 - 00001461 _____ C:\Users\Shitface\Downloads\Download
2014-01-04 20:14 - 2013-02-20 20:00 - 00000952 ___SH C:\ProgramData\KGyGaAvL.sys
2014-01-04 20:06 - 2014-01-04 18:46 - 00000000 ____D C:\Program Files (x86)\Opera
2014-01-04 20:05 - 2014-01-04 18:46 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Opera Software
2014-01-04 20:05 - 2014-01-04 18:46 - 00000000 ____D C:\Users\Shitface\AppData\Local\Opera Software
2014-01-04 20:05 - 2013-05-15 19:37 - 00001425 _____ C:\Users\Shitface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-04 19:40 - 2013-12-04 17:35 - 00001114 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-04 19:40 - 2013-02-07 14:43 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-04 19:12 - 2009-07-14 05:45 - 00019536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-04 19:12 - 2009-07-14 05:45 - 00019536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-04 18:45 - 2014-01-04 18:44 - 33803296 _____ (Opera Software ASA) C:\Users\Shitface\Downloads\Opera_18.0.1284.68_Setup.exe
2014-01-04 18:35 - 2014-01-03 17:31 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-04 18:22 - 2013-12-08 19:02 - 00000000 ___RD C:\SHITFACE-HP
2014-01-04 18:05 - 2012-12-15 19:38 - 00000000 ____D C:\Users\Shitface\AppData\Local\CrashDumps
2014-01-04 18:05 - 2012-11-20 17:57 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\TS3Client
2014-01-04 18:05 - 2009-07-27 16:04 - 00000000 ____D C:\windows\Panther
2014-01-04 17:40 - 2013-12-04 17:35 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-04 16:29 - 2014-01-04 16:29 - 00000222 _____ C:\Users\Shitface\Desktop\Rust.url
2014-01-04 16:29 - 2014-01-04 16:29 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-04 12:33 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-04 03:29 - 2012-11-25 22:45 - 01527912 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2014-01-04 03:29 - 2010-12-10 04:42 - 00654852 _____ C:\windows\system32\perfh007.dat
2014-01-04 03:29 - 2010-12-10 04:42 - 00130434 _____ C:\windows\system32\perfc007.dat
2014-01-03 17:31 - 2014-01-03 17:31 - 01133552 _____ C:\Users\Shitface\Downloads\SteamSetup.exe
2014-01-03 17:31 - 2014-01-03 17:31 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2014-01-02 19:44 - 2013-03-10 15:17 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\.minecraft
2014-01-02 19:25 - 2014-01-02 19:25 - 00356352 _____ C:\Users\Shitface\Desktop\Minecraft.exe
2014-01-02 19:25 - 2014-01-02 19:25 - 00009142 _____ C:\Users\Shitface\Desktop\MineCraft.zip
2014-01-01 22:41 - 2013-12-30 01:53 - 00000000 ____D C:\Users\Shitface\Documents\Bandicam
2014-01-01 19:42 - 2013-04-09 19:36 - 00003204 _____ C:\windows\System32\Tasks\HPCeeScheduleForShitface
2014-01-01 19:42 - 2013-04-09 19:36 - 00000344 _____ C:\windows\Tasks\HPCeeScheduleForShitface.job
2014-01-01 14:58 - 2013-12-23 14:10 - 00000000 ____D C:\Users\Shitface\Desktop\Fusion-Network
2014-01-01 03:48 - 2014-01-01 03:39 - 00000084 _____ C:\Users\Shitface\Downloads\MOL_Properties.properties
2014-01-01 03:48 - 2014-01-01 03:39 - 00000000 ____D C:\Users\Shitface\minecraft
2014-01-01 03:39 - 2014-01-01 03:39 - 00473416 _____ C:\Users\Shitface\Downloads\MinecraftSMP cracked Launcher.jar
2014-01-01 03:39 - 2014-01-01 03:39 - 00473416 _____ C:\Users\Shitface\Downloads\MinecraftSMP cracked Launcher (1).jar
2014-01-01 03:39 - 2012-11-19 17:46 - 00000000 ____D C:\Users\Shitface
2013-12-31 21:41 - 2013-12-31 21:41 - 00000992 _____ C:\Users\Shitface\Desktop\Bandicam.lnk
2013-12-31 21:41 - 2013-12-30 01:53 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2013-12-31 21:41 - 2013-12-30 01:53 - 00000000 ____D C:\Program Files (x86)\Bandicam
2013-12-31 17:41 - 2013-12-31 17:41 - 00000000 ____D C:\Program Files (x86)\Gameforge4D
2013-12-31 17:33 - 2013-12-31 16:47 - 1652170224 _____ (Gameforge4D                                                ) C:\Users\Shitface\Downloads\4Story_DE_4.2.1.exe
2013-12-31 16:52 - 2013-11-21 20:22 - 00000000 __SHD C:\windows\SysWOW64\AI_RecycleBin
2013-12-31 00:50 - 2013-12-31 00:49 - 1283496964 _____ C:\Users\Shitface\Downloads\Lavanda2.rar
2013-12-30 14:13 - 2009-07-14 06:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-12-30 01:54 - 2013-12-30 01:54 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\BANDISOFT
2013-12-30 01:53 - 2013-12-30 01:53 - 07374512 _____ (Bandisoft) C:\Users\Shitface\Downloads\bdcamsetup192.exe
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Users\Shitface\AppData\Local\VNT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Program Files (x86)\VNT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-12-28 17:23 - 2013-12-28 17:23 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Avira
2013-12-28 17:23 - 2013-12-28 17:23 - 00000000 ____D C:\ProgramData\APN
2013-12-28 17:22 - 2013-12-28 17:22 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\ProgramData\Avira
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-28 17:19 - 2013-12-28 17:16 - 129598176 _____ C:\Users\Shitface\Downloads\avira_free_antivirus_de_14.0.2.286.exe
2013-12-28 16:24 - 2013-12-28 16:23 - 02547000 _____ (Eximion B.V.) C:\Users\Shitface\Downloads\KalydoPlayer_5.09.05.exe
2013-12-27 19:34 - 2013-12-27 19:34 - 00000540 _____ C:\Users\Shitface\Desktop\Neues Textdokument (3).txt
2013-12-24 17:27 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF
2013-12-23 14:10 - 2013-12-23 13:45 - 1015453079 _____ C:\Users\Shitface\Downloads\Fusion-Network_15_11.2013.rar
2013-12-23 09:04 - 2013-04-09 19:02 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2013-12-22 21:15 - 2012-11-19 17:46 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\hpqLog
2013-12-22 21:15 - 2010-12-10 04:44 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-12-22 21:15 - 2009-07-27 17:14 - 00000000 ____D C:\swsetup
2013-12-22 20:30 - 2013-04-28 15:54 - 00000000 _____ C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-22 20:15 - 2012-11-25 22:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-12-22 20:15 - 2012-11-19 17:47 - 00000000 ____D C:\ProgramData\FLEXnet
2013-12-22 20:15 - 2009-07-14 04:20 - 00000000 ____D C:\windows\registration
2013-12-21 20:11 - 2012-11-20 17:57 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-12-15 11:16 - 2012-11-20 02:38 - 00000000 ____D C:\windows\rescache
2013-12-14 11:32 - 2013-09-22 17:31 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-14 11:32 - 2013-09-22 17:31 - 00000000 ____D C:\windows\system32\MRT
2013-12-12 10:53 - 2009-07-14 06:13 - 01500294 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-12 10:47 - 2009-07-14 05:45 - 00277640 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-11 11:40 - 2013-12-11 11:40 - 09293192 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-11 11:40 - 2013-02-07 14:43 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 11:40 - 2013-02-07 14:43 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 11:40 - 2013-02-07 14:43 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-12-09 11:37 - 2013-12-28 17:22 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-12-09 11:37 - 2013-12-28 17:22 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-12-09 11:37 - 2013-12-28 17:22 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-12-09 11:37 - 2013-12-28 17:22 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-12-08 19:02 - 2013-12-08 19:02 - 00000528 ____R C:\MediaID.bin

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Shitface\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-04 16:16

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2014
Ran by Shitface at 2014-01-04 20:23:44
Running from C:\Users\Shitface\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 10 ActiveX (x32 Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
AnotherLife Client Version 1.3 (x32 Version: 1.3 - Tim Witschel Serververmietung)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar (x32 Version: 12.10.0.2951 - APN, LLC)
Bandicam (x32 Version: 1.9.2.454 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (x32 Version:  - Bandisoft.com)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
CCleaner (Version: 4.01 - Piriform)
Corel Home Office - CS Templates (x32 Version: 5.6 - 公司名称) Hidden
Corel Home Office - CT Templates (x32 Version: 5.6 - 您的公司名稱) Hidden
Corel Home Office - IPM (x32 Version: 5.6 - Corel Corporation) Hidden
Corel Home Office - JP Templates (x32 Version: 5.6 - 会社名) Hidden
Corel Home Office - KR Templates (x32 Version: 5.6 - 회사명) Hidden
Corel Home Office - Launcher (x32 Version: 5.6 - Corel Corporation) Hidden
Corel Home Office - Templates RU (x32 Version: 5.6 - Название организации) Hidden
Corel Home Office - Templates1 (x32 Version: 5.6 - Your Company Name) Hidden
Corel Home Office (x32 Version: 5.0.85.588 - Corel Corporation)
Corel Home Office (x32 Version: 5.6 - Corel Corporation) Hidden
Energy Star Digital Logo (x32 Version: 1.0.1 - Hewlett-Packard)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (x32 Version: 1.5.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (x32 Version: 1.1.8.1 - Hewlett-Packard Company)
HP HotKey Support (Version: 4.0.3.1 - Hewlett-Packard Company)
HP Setup (x32 Version: 8.5.4371.3505 - Hewlett-Packard Company)
HP SoftPaq Download Manager (x32 Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (x32 Version: 4.0.51.1 - Hewlett-Packard Company)
HP Software Setup (x32 Version: 7.0.1.6 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 7.0.39.15 - Hewlett-Packard Company)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (x32 Version: 1.0.25.0 - Roxio)
HP Webcam Driver (x32 Version: 6.1.7600.0049 - Realtek Semiconductor Corp.)
HP Wireless Assistant (x32 Version: 3.50.10.1 - Hewlett-Packard)
IDT Audio (x32 Version: 1.0.6268.0 - IDT)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2057 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014 - Intel Corporation)
Java 7 Update 9 (x32 Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
LightScribe System Software (x32 Version: 1.18.11.1 - LightScribe)
LSI HDA Modem (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Pando Media Booster (x32 Version: 2.6.0.7 - Pando Networks Inc.)
Ralink Motorola BC4 Bluetooth 3.0+HS Adapter (Version: 3.0.41.262 - Motorola, Inc.)
Ralink RT3090 802.11b/g/n WiFi Adapter (x32 Version: 1.2.0.27 - Ralink)
Realtek Ethernet Controller All-In-One Windows Driver (x32 Version: 1.12.0011 - Realtek)
Rust (x32 Version:  - Facepunch Studios)
Skype Click to Call (x32 Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Steam (x32 Version:  - Valve Corporation)
TeamSpeak 3 Client (x32 Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TeamViewer 8 (x32 Version: 8.0.16642 - TeamViewer)
Tiny Media Player v1.0 (x32 Version: 1.0.0.0 - )
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Windows 7 Default Setting (x32 Version: 1.0.1.6 - Hewlett-Packard Company)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0 - win.rar GmbH)
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
WinZip 14.5 (x32 Version: 14.5.9095 - WinZip Computing, S.L. )

==================== Restore Points  =========================

03-01-2014 03:50:17 Windows Update
04-01-2014 02:00:18 Windows Update
04-01-2014 02:29:18 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1DEF630F-8853-4C6E-81A8-344DA867ABA6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {3059CCA3-2473-4546-A623-13781287BB50} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-09-23] (Hewlett-Packard Company)
Task: {40374CB7-986B-487B-B128-A7E0D4CF977C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {63010A0A-626A-48CA-A7EF-D2AE6F26C601} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.)
Task: {736BA112-658C-46F6-8684-22CA4D621095} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-12-12] (Microsoft)
Task: {C8E6094B-F3B3-4DE3-8205-7558ED683E4D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {CCE4DAC8-3C7C-4DD3-A78E-31F4B6324D23} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {ED2593FD-3D77-429C-99E0-EDD240BD71B1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {F0383CF6-714D-48DA-AAEA-0B9F492AD49F} - System32\Tasks\HPCeeScheduleForShitface => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {F2897158-5475-4FB5-B77A-A47603124BCF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForShitface.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-12-28 17:22 - 2013-12-09 11:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2010-01-22 19:29 - 2010-01-22 19:29 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-01-22 19:30 - 2010-01-22 19:30 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-01-22 19:29 - 2010-01-22 19:29 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-06-05 09:52 - 2013-06-05 09:52 - 00279955 _____ () C:\Program Files (x86)\TorrentExpress\libidn-11.dll
2013-08-15 19:11 - 2013-08-15 19:11 - 00170496 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\44bfa824a3b8a6f789fda79a2e01a8db\IsdiInterop.ni.dll
2010-12-10 04:49 - 2010-03-04 05:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-01-03 17:36 - 2013-11-06 22:48 - 00691200 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-01-03 17:36 - 2013-12-11 20:40 - 01135016 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-01-03 17:36 - 2013-11-06 22:48 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-01-03 17:36 - 2013-06-15 00:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2014-01-03 17:36 - 2013-06-15 00:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2014-01-03 17:36 - 2013-06-15 00:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-12-11 11:40 - 2013-12-11 11:40 - 16242056 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
2013-12-04 17:36 - 2013-12-04 03:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-04 17:36 - 2013-12-04 03:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-04 17:36 - 2013-12-04 03:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-04 17:36 - 2013-12-04 03:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-04 17:36 - 2013-12-04 03:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Ralink Motorola BC4 Bluetooth 3.0+HS Adapter
Description: Ralink Motorola BC4 Bluetooth 3.0+HS Adapter
Class Guid: {a173b237-6a34-4bb5-aa63-2561160fa200}
Manufacturer: Motorola, Inc.
Service: BTMUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2014 00:39:28 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed

Error: (01/04/2014 00:36:26 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Too many failures while downloading ranges: 2

Error: (01/04/2014 03:29:36 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office Klick-und-Los 2010 - Update "Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (01/04/2014 03:02:24 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office Klick-und-Los 2010 - Update "Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (01/03/2014 03:08:15 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed

Error: (01/03/2014 03:06:08 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Too many failures while downloading ranges: 2

Error: (01/03/2014 03:05:15 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/03/2014 02:49:51 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed

Error: (01/03/2014 02:47:52 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: AUSNAHMEFEHLER beim Aufruf der Funktion IThread(ProtocolSrvConThread)::run() für die Datei
unknown
[ACCESS_VIOLATION Exception!! EIP = 0x73236ffb]
Bitte Avira informieren und die obige Datei übersenden!

Error: (01/03/2014 02:44:48 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Too many failures while downloading ranges: 2


System errors:
=============
Error: (01/04/2014 03:29:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Office 2010 (KB2598285) 32-Bit-Edition

Error: (01/04/2014 03:03:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Office 2010 (KB2598285) 32-Bit-Edition

Error: (01/03/2014 05:37:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/03/2014 05:37:02 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (01/03/2014 03:02:28 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎03.‎01.‎2014 um 15:00:53 unerwartet heruntergefahren.

Error: (01/03/2014 04:50:46 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Office 2010 (KB2598285) 32-Bit-Edition

Error: (01/03/2014 03:03:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Office 2010 (KB2598285) 32-Bit-Edition

Error: (01/02/2014 04:46:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Office 2010 (KB2598285) 32-Bit-Edition

Error: (01/02/2014 03:03:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Office 2010 (KB2598285) 32-Bit-Edition

Error: (01/01/2014 05:17:57 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Office 2010 (KB2598285) 32-Bit-Edition


Microsoft Office Sessions:
=========================
Error: (01/04/2014 00:39:28 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (01/04/2014 00:36:26 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (01/04/2014 03:29:36 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Microsoft Office Klick-und-Los 2010Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition1603(NULL)(NULL)(NULL)

Error: (01/04/2014 03:02:24 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Microsoft Office Klick-und-Los 2010Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition1603(NULL)(NULL)(NULL)

Error: (01/03/2014 03:08:15 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (01/03/2014 03:06:08 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (01/03/2014 03:05:15 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (01/03/2014 02:49:51 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (01/03/2014 02:47:52 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: unknownACCESS_VIOLATION0x73236ffbIThread(ProtocolSrvConThread)::run()

Error: (01/03/2014 02:44:48 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2


==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 3996.27 MB
Available physical RAM: 1909.83 MB
Total Pagefile: 7990.71 MB
Available Pagefile: 5238.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.79 GB) (Free:214.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 3AE5595A)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================

schrauber 05.01.2014 16:26
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Malysch 05.01.2014 19:13
Code:
Suche nach infizierten Dateien....
Dies dauert normalerweise nicht l„nger als 10 Minuten.
Die Scanzeit fr stark infizierte Rechner kann sich leicht verdoppeln.

Fertiggestellt Stufe_1
Fertiggestellt Stufe_2
Fertiggestellt Stufe_3
Fertiggestellt Stufe_4
Fertiggestellt Stufe_5
Fertiggestellt Stufe_6
Fertiggestellt Stufe_6A
Fertiggestellt Stufe_7
Fertiggestellt Stufe_8
Fertiggestellt Stufe_9
Fertiggestellt Stufe_10
Fertiggestellt Stufe_11
Fertiggestellt Stufe_12
Fertiggestellt Stufe_13
Fertiggestellt Stufe_14
Fertiggestellt Stufe_15
Fertiggestellt Stufe_16
Fertiggestellt Stufe_17
Fertiggestellt Stufe_18
Fertiggestellt Stufe_19
Fertiggestellt Stufe_19B
Fertiggestellt Stufe_20
Fertiggestellt Stufe_21
Fertiggestellt Stufe_22
Fertiggestellt Stufe_23
Fertiggestellt Stufe_24
Fertiggestellt Stufe_25
Fertiggestellt Stufe_26
Fertiggestellt Stufe_27
Fertiggestellt Stufe_28
Fertiggestellt Stufe_29
Fertiggestellt Stufe_30
Fertiggestellt Stufe_31
Fertiggestellt Stufe_32
Fertiggestellt Stufe_32A
Fertiggestellt Stufe_33
Fertiggestellt Stufe_34
Fertiggestellt Stufe_35
Fertiggestellt Stufe_36
Fertiggestellt Stufe_37
Fertiggestellt Stufe_38
Fertiggestellt Stufe_39
Fertiggestellt Stufe_40
Fertiggestellt Stufe_41
Fertiggestellt Stufe_42
Fertiggestellt Stufe_43
Fertiggestellt Stufe_44
Fertiggestellt Stufe_45
Fertiggestellt Stufe_46
Fertiggestellt Stufe_47
Fertiggestellt Stufe_48
Fertiggestellt Stufe_49
Fertiggestellt Stufe_50


L”sche Dateien

C:\Thumbs.db
C:\Users\Shitface\AppData\Roaming\technic-launcher.jar
C:\windows\IsUn0407.exe

L”sche Ordner

C:\CFLog
Seit dem wird mir die ganze Zeit ne Datensicherung angeboten...

schrauber 06.01.2014 16:26
Ist das der Inhalt der Combofix.txt?

Malysch 06.01.2014 17:28
Joa es kam keine txt datei nur das

schrauber 07.01.2014 10:10
poste bitte mal ein frisches FRST log.

Malysch 07.01.2014 15:24

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by Shitface (administrator) on SHITFACE-HP on 07-01-2014 15:21:41
Running from C:\Users\Shitface\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Program Files (x86)\TorrentExpress\TorrentExpress.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(APN LLC.) C:\Users\Shitface\AppData\Local\VNT\vntldr.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-29] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [202192 2013-12-20] (APN LLC.)
HKLM-x32\...\Run: [4StoryPrePatch] - C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe [327680 2013-01-08] (Zemi Interactive Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKCU\...\Run: [TorrentExpress] - C:\Program Files (x86)\TorrentExpress\TorrentExpress.exe [667648 2013-06-19] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=8c03e0fe000000000000e02a825d6f3a
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.claro-search.com/?q={searchTerms}&affID=120133&babsrc=SP_ss&mntrId=8c03e0fe000000000000e02a825d6f3a
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb203?a=6OzaPyGGSB&search={searchTerms}&i=26
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms}
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Applon - {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} - C:\Program Files (x86)\Tiny Media Player\Applon_ie.dll (Applon)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome:
=======
CHR DefaultSearchKeyword:
CHR DefaultSearchProvider:
CHR DefaultSearchURL:
CHR DefaultNewTabURL:
CHR Extension: (BetterTTV) - C:\Users\Shitface\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped\6.6_0
CHR Extension: (Skype Click to Call) - C:\Users\Shitface\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Google Wallet) - C:\Users\Shitface\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Shitface\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm\30.1_0
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [dijpoieccemifpgijppmfkdhdjgggclg] - C:\Users\Shitface\AppData\Local\Google\Chrome\\User Data\\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\dijpoieccemifpgijppmfkdhdjgggclg.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [pcoohmdcpejoeggdnihdfhohjgdbllgm] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\ToolbarCR.crx

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
S3 npggsvc; C:\windows\SysWow64\GameMon.des [3955824 2012-10-16] (INCA Internet Co., Ltd.)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [244736 2010-01-29] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 BTMNET; C:\Windows\System32\DRIVERS\btmnet.sys [28672 2010-06-17] (Motorola, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [96384 2010-05-21] (Realtek Semiconductor Corp.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]
S3 X6va011; \??\C:\windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\windows\SysWOW64\Drivers\X6va012 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-07 15:21 - 2014-01-07 15:21 - 00014418 _____ C:\Users\Shitface\Desktop\FRST.txt
2014-01-07 15:21 - 2014-01-07 15:21 - 00000000 ____D C:\Users\Shitface\Desktop\FRST-OlderVersion
2014-01-07 15:20 - 2014-01-07 15:20 - 01931762 _____ (Farbar) C:\Users\Shitface\Downloads\FRST64 (1).exe
2014-01-06 16:42 - 2014-01-06 16:42 - 00007605 _____ C:\Users\Shitface\AppData\Local\Resmon.ResmonCfg
2014-01-06 15:29 - 2014-01-06 15:29 - 00000000 ____D C:\Users\Shitface\AppData\Local\fabi.me
2014-01-06 14:17 - 2014-01-06 14:17 - 00094899 _____ C:\Users\Shitface\Downloads\SpeedAutoClicker.zip
2014-01-06 01:43 - 2014-01-06 01:43 - 00001948 _____ C:\Users\Public\Desktop\Metin2.lnk
2014-01-06 01:12 - 2014-01-06 01:13 - 00000000 ____D C:\Users\Shitface\Downloads\Gameforge Live
2014-01-06 01:12 - 2014-01-06 01:12 - 00001071 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2014-01-06 01:11 - 2014-01-06 01:12 - 19394136 _____ (Gameforge                                                  ) C:\Users\Shitface\Downloads\Metin2_GameforgeLiveSetup.exe
2014-01-05 23:48 - 2014-01-05 23:49 - 00850449 _____ C:\Users\Shitface\Downloads\terraria-server-122.zip
2014-01-05 20:01 - 2014-01-05 20:01 - 00000000 ____D C:\Program Files\Synaptics
2014-01-05 20:00 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-01-05 20:00 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2014-01-05 20:00 - 2012-08-23 15:07 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-01-05 20:00 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-01-05 20:00 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-01-05 20:00 - 2012-08-23 14:41 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-05 20:00 - 2012-08-23 14:40 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-05 20:00 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-01-05 20:00 - 2012-08-23 14:20 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-01-05 20:00 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-01-05 20:00 - 2012-08-23 14:17 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-01-05 20:00 - 2012-08-23 14:06 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-01-05 20:00 - 2012-08-23 13:52 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-01-05 20:00 - 2012-08-23 12:20 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-01-05 20:00 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-01-05 20:00 - 2012-08-23 12:14 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-01-05 20:00 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2014-01-05 20:00 - 2012-08-23 11:54 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-01-05 20:00 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2014-01-05 20:00 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-01-05 20:00 - 2012-08-23 11:22 - 01123840 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-01-05 20:00 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-01-05 20:00 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-01-05 20:00 - 2012-08-23 09:13 - 05773824 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-01-05 19:59 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-01-05 19:59 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-01-05 19:16 - 2014-01-05 19:16 - 00280204 _____ C:\Users\Shitface\Downloads\WindowsUpdateDiagnostic.diagcab
2014-01-05 18:37 - 2014-01-05 18:46 - 00000000 ___SD C:\ComboFix
2014-01-05 18:37 - 2014-01-05 18:37 - 00000000 ___SD C:\32788R22FWJFW
2014-01-05 17:58 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2014-01-05 17:58 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2014-01-05 17:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-01-05 17:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-01-05 17:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-01-05 17:58 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2014-01-05 17:58 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2014-01-05 17:58 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2014-01-05 17:57 - 2014-01-05 17:57 - 00000000 ____D C:\windows\erdnt
2014-01-05 17:57 - 2014-01-05 17:57 - 00000000 ____D C:\Qoobox
2014-01-05 12:16 - 2014-01-05 12:16 - 00000000 ____D C:\Program Files (x86)\3DO
2014-01-04 22:08 - 2014-01-04 22:08 - 00001071 _____ C:\Users\Public\Desktop\Corel Home Office.lnk
2014-01-04 22:04 - 2014-01-04 22:04 - 00985600 _____ C:\Users\Shitface\Downloads\MicrosoftFixit50123 (2).msi
2014-01-04 22:03 - 2014-01-04 22:03 - 00985600 _____ C:\Users\Shitface\Downloads\MicrosoftFixit50123 (1).msi
2014-01-04 22:02 - 2014-01-04 22:02 - 00985600 _____ C:\Users\Shitface\Downloads\MicrosoftFixit50123.msi
2014-01-04 21:41 - 2014-01-04 21:41 - 04285072 _____ (LionSea Software                                            ) C:\Users\Shitface\Downloads\setup.exe
2014-01-04 21:12 - 2014-01-07 09:59 - 00000859 _____ C:\windows\setupact.log
2014-01-04 21:12 - 2014-01-06 09:01 - 00117118 _____ C:\windows\PFRO.log
2014-01-04 21:12 - 2014-01-04 21:12 - 00000000 _____ C:\windows\setuperr.log
2014-01-04 20:23 - 2014-01-04 20:24 - 00021411 _____ C:\Users\Shitface\Downloads\Addition.txt
2014-01-04 20:22 - 2014-01-07 15:21 - 01931762 _____ (Farbar) C:\Users\Shitface\Desktop\FRST64.exe
2014-01-04 20:22 - 2014-01-07 15:21 - 00000000 ____D C:\FRST
2014-01-04 20:22 - 2014-01-04 20:24 - 00036151 _____ C:\Users\Shitface\Downloads\FRST.txt
2014-01-04 20:16 - 2014-01-04 20:16 - 00001461 _____ C:\Users\Shitface\Downloads\Download (4)
2014-01-04 20:15 - 2014-01-04 20:15 - 00001461 _____ C:\Users\Shitface\Downloads\Download (3)
2014-01-04 20:15 - 2014-01-04 20:15 - 00001461 _____ C:\Users\Shitface\Downloads\Download (2)
2014-01-04 20:15 - 2014-01-04 20:15 - 00001461 _____ C:\Users\Shitface\Downloads\Download (1)
2014-01-04 20:14 - 2014-01-04 20:14 - 00001461 _____ C:\Users\Shitface\Downloads\Download
2014-01-04 18:46 - 2014-01-04 20:06 - 00000000 ____D C:\Program Files (x86)\Opera
2014-01-04 18:46 - 2014-01-04 20:05 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Opera Software
2014-01-04 18:46 - 2014-01-04 20:05 - 00000000 ____D C:\Users\Shitface\AppData\Local\Opera Software
2014-01-04 18:44 - 2014-01-04 18:45 - 33803296 _____ (Opera Software ASA) C:\Users\Shitface\Downloads\Opera_18.0.1284.68_Setup.exe
2014-01-04 16:29 - 2014-01-04 16:29 - 00000222 _____ C:\Users\Shitface\Desktop\Rust.url
2014-01-04 16:29 - 2014-01-04 16:29 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-03 17:31 - 2014-01-05 18:59 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-03 17:31 - 2014-01-03 17:31 - 01133552 _____ C:\Users\Shitface\Downloads\SteamSetup.exe
2014-01-03 17:31 - 2014-01-03 17:31 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2014-01-01 03:39 - 2014-01-01 03:48 - 00000084 _____ C:\Users\Shitface\Downloads\MOL_Properties.properties
2014-01-01 03:39 - 2014-01-01 03:48 - 00000000 ____D C:\Users\Shitface\minecraft
2014-01-01 03:39 - 2014-01-01 03:39 - 00473416 _____ C:\Users\Shitface\Downloads\MinecraftSMP cracked Launcher.jar
2014-01-01 03:39 - 2014-01-01 03:39 - 00473416 _____ C:\Users\Shitface\Downloads\MinecraftSMP cracked Launcher (1).jar
2013-12-31 21:41 - 2013-12-31 21:41 - 00000992 _____ C:\Users\Shitface\Desktop\Bandicam.lnk
2013-12-31 17:41 - 2013-12-31 17:41 - 00000000 ____D C:\Program Files (x86)\Gameforge4D
2013-12-31 16:47 - 2013-12-31 17:33 - 1652170224 _____ (Gameforge4D                                                ) C:\Users\Shitface\Downloads\4Story_DE_4.2.1.exe
2013-12-31 00:49 - 2013-12-31 00:50 - 1283496964 _____ C:\Users\Shitface\Downloads\Lavanda2.rar
2013-12-30 01:54 - 2013-12-30 01:54 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\BANDISOFT
2013-12-30 01:53 - 2014-01-01 22:41 - 00000000 ____D C:\Users\Shitface\Documents\Bandicam
2013-12-30 01:53 - 2013-12-31 21:41 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2013-12-30 01:53 - 2013-12-31 21:41 - 00000000 ____D C:\Program Files (x86)\Bandicam
2013-12-30 01:53 - 2013-12-30 01:53 - 07374512 _____ (Bandisoft) C:\Users\Shitface\Downloads\bdcamsetup192.exe
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Users\Shitface\AppData\Local\VNT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Program Files (x86)\VNT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-12-28 17:23 - 2013-12-28 17:23 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Avira
2013-12-28 17:23 - 2013-12-28 17:23 - 00000000 ____D C:\ProgramData\APN
2013-12-28 17:22 - 2013-12-28 17:22 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\ProgramData\Avira
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-28 17:22 - 2013-12-09 11:37 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-12-28 17:22 - 2013-12-09 11:37 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-12-28 17:22 - 2013-12-09 11:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-12-28 17:22 - 2013-12-09 11:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-12-28 17:16 - 2013-12-28 17:19 - 129598176 _____ C:\Users\Shitface\Downloads\avira_free_antivirus_de_14.0.2.286.exe
2013-12-28 16:23 - 2013-12-28 16:24 - 02547000 _____ (Eximion B.V.) C:\Users\Shitface\Downloads\KalydoPlayer_5.09.05.exe
2013-12-27 19:34 - 2013-12-27 19:34 - 00000540 _____ C:\Users\Shitface\Desktop\Neues Textdokument (3).txt
2013-12-23 14:10 - 2014-01-01 14:58 - 00000000 ____D C:\Users\Shitface\Desktop\Fusion-Network
2013-12-23 13:45 - 2013-12-23 14:10 - 1015453079 _____ C:\Users\Shitface\Downloads\Fusion-Network_15_11.2013.rar
2013-12-12 06:40 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-12 06:40 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-12 06:40 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-12 06:40 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-12 06:39 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-12 06:39 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-12 06:39 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-12 06:39 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-12 06:39 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-12 06:39 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-12 06:39 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-12 06:39 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-12 06:39 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-12 06:39 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-12 06:39 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-12 06:39 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-12 06:39 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-12 06:39 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-12 06:39 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-12 06:39 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-12 06:39 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-12 06:39 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-12 06:39 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-12 06:39 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-12 06:39 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-12 06:39 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-12 06:39 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-12 06:39 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-12 06:39 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-12 06:39 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-12 06:39 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-12 06:39 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-12 06:39 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-12 06:39 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-12 06:39 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-12 06:31 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-12 06:31 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-12 06:31 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-12 06:31 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-12 06:31 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-12 06:31 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-12 06:31 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-12 06:31 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-12 06:31 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-12 06:31 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-12 06:31 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-12 06:31 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-12 06:31 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-12 06:31 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-12 06:31 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-12 06:31 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-12 06:31 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-12 06:31 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-12 06:31 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-11 11:40 - 2013-12-11 11:40 - 09293192 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-08 19:02 - 2014-01-04 18:22 - 00000000 ___RD C:\SHITFACE-HP
2013-12-08 19:02 - 2013-12-08 19:02 - 00000528 ____R C:\MediaID.bin

==================== One Month Modified Files and Folders =======

2014-01-07 15:22 - 2014-01-07 15:21 - 00014418 _____ C:\Users\Shitface\Desktop\FRST.txt
2014-01-07 15:21 - 2014-01-07 15:21 - 00000000 ____D C:\Users\Shitface\Desktop\FRST-OlderVersion
2014-01-07 15:21 - 2014-01-04 20:22 - 01931762 _____ (Farbar) C:\Users\Shitface\Desktop\FRST64.exe
2014-01-07 15:21 - 2014-01-04 20:22 - 00000000 ____D C:\FRST
2014-01-07 15:20 - 2014-01-07 15:20 - 01931762 _____ (Farbar) C:\Users\Shitface\Downloads\FRST64 (1).exe
2014-01-07 15:12 - 2012-11-19 20:29 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Skype
2014-01-07 14:40 - 2013-12-04 17:35 - 00001114 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-07 14:40 - 2013-02-07 14:43 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-07 10:45 - 2012-11-19 17:42 - 01563115 _____ C:\windows\WindowsUpdate.log
2014-01-07 10:42 - 2012-11-20 02:38 - 00000000 ____D C:\windows\rescache
2014-01-07 10:07 - 2009-07-14 05:45 - 00019536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-07 10:07 - 2009-07-14 05:45 - 00019536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-07 09:59 - 2014-01-04 21:12 - 00000859 _____ C:\windows\setupact.log
2014-01-07 09:59 - 2013-12-04 17:35 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-07 09:59 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-06 22:57 - 2012-11-25 22:45 - 01649854 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2014-01-06 22:57 - 2010-12-10 04:42 - 00700134 _____ C:\windows\system32\perfh007.dat
2014-01-06 22:57 - 2010-12-10 04:42 - 00149984 _____ C:\windows\system32\perfc007.dat
2014-01-06 16:42 - 2014-01-06 16:42 - 00007605 _____ C:\Users\Shitface\AppData\Local\Resmon.ResmonCfg
2014-01-06 15:29 - 2014-01-06 15:29 - 00000000 ____D C:\Users\Shitface\AppData\Local\fabi.me
2014-01-06 14:17 - 2014-01-06 14:17 - 00094899 _____ C:\Users\Shitface\Downloads\SpeedAutoClicker.zip
2014-01-06 09:01 - 2014-01-04 21:12 - 00117118 _____ C:\windows\PFRO.log
2014-01-06 01:43 - 2014-01-06 01:43 - 00001948 _____ C:\Users\Public\Desktop\Metin2.lnk
2014-01-06 01:13 - 2014-01-06 01:12 - 00000000 ____D C:\Users\Shitface\Downloads\Gameforge Live
2014-01-06 01:12 - 2014-01-06 01:12 - 00001071 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2014-01-06 01:12 - 2014-01-06 01:11 - 19394136 _____ (Gameforge                                                  ) C:\Users\Shitface\Downloads\Metin2_GameforgeLiveSetup.exe
2014-01-06 01:12 - 2012-12-09 13:44 - 00000000 ____D C:\Program Files (x86)\GameforgeLive
2014-01-05 23:49 - 2014-01-05 23:48 - 00850449 _____ C:\Users\Shitface\Downloads\terraria-server-122.zip
2014-01-05 23:49 - 2012-12-15 19:38 - 00000000 ____D C:\Users\Shitface\AppData\Local\CrashDumps
2014-01-05 20:03 - 2009-07-14 04:20 - 00000000 ____D C:\windows\PolicyDefinitions
2014-01-05 20:02 - 2012-11-19 17:51 - 00005735 _____ C:\windows\system32\RaCoInst.log
2014-01-05 20:01 - 2014-01-05 20:01 - 00000000 ____D C:\Program Files\Synaptics
2014-01-05 19:43 - 2009-07-14 06:13 - 01644054 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-05 19:42 - 2013-04-09 19:36 - 00003204 _____ C:\windows\System32\Tasks\HPCeeScheduleForShitface
2014-01-05 19:42 - 2013-04-09 19:36 - 00000344 _____ C:\windows\Tasks\HPCeeScheduleForShitface.job
2014-01-05 19:16 - 2014-01-05 19:16 - 00280204 _____ C:\Users\Shitface\Downloads\WindowsUpdateDiagnostic.diagcab
2014-01-05 18:59 - 2014-01-03 17:31 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-05 18:46 - 2014-01-05 18:37 - 00000000 ___SD C:\ComboFix
2014-01-05 18:37 - 2014-01-05 18:37 - 00000000 ___SD C:\32788R22FWJFW
2014-01-05 17:57 - 2014-01-05 17:57 - 00000000 ____D C:\windows\erdnt
2014-01-05 17:57 - 2014-01-05 17:57 - 00000000 ____D C:\Qoobox
2014-01-05 12:18 - 2013-02-16 15:22 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-05 12:16 - 2014-01-05 12:16 - 00000000 ____D C:\Program Files (x86)\3DO
2014-01-04 22:08 - 2014-01-04 22:08 - 00001071 _____ C:\Users\Public\Desktop\Corel Home Office.lnk
2014-01-04 22:04 - 2014-01-04 22:04 - 00985600 _____ C:\Users\Shitface\Downloads\MicrosoftFixit50123 (2).msi
2014-01-04 22:03 - 2014-01-04 22:03 - 00985600 _____ C:\Users\Shitface\Downloads\MicrosoftFixit50123 (1).msi
2014-01-04 22:02 - 2014-01-04 22:02 - 00985600 _____ C:\Users\Shitface\Downloads\MicrosoftFixit50123.msi
2014-01-04 21:41 - 2014-01-04 21:41 - 04285072 _____ (LionSea Software                                            ) C:\Users\Shitface\Downloads\setup.exe
2014-01-04 21:12 - 2014-01-04 21:12 - 00000000 _____ C:\windows\setuperr.log
2014-01-04 20:24 - 2014-01-04 20:23 - 00021411 _____ C:\Users\Shitface\Downloads\Addition.txt
2014-01-04 20:24 - 2014-01-04 20:22 - 00036151 _____ C:\Users\Shitface\Downloads\FRST.txt
2014-01-04 20:16 - 2014-01-04 20:16 - 00001461 _____ C:\Users\Shitface\Downloads\Download (4)
2014-01-04 20:15 - 2014-01-04 20:15 - 00001461 _____ C:\Users\Shitface\Downloads\Download (3)
2014-01-04 20:15 - 2014-01-04 20:15 - 00001461 _____ C:\Users\Shitface\Downloads\Download (2)
2014-01-04 20:15 - 2014-01-04 20:15 - 00001461 _____ C:\Users\Shitface\Downloads\Download (1)
2014-01-04 20:14 - 2014-01-04 20:14 - 00001461 _____ C:\Users\Shitface\Downloads\Download
2014-01-04 20:14 - 2013-02-20 20:00 - 00000952 ___SH C:\ProgramData\KGyGaAvL.sys
2014-01-04 20:06 - 2014-01-04 18:46 - 00000000 ____D C:\Program Files (x86)\Opera
2014-01-04 20:05 - 2014-01-04 18:46 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Opera Software
2014-01-04 20:05 - 2014-01-04 18:46 - 00000000 ____D C:\Users\Shitface\AppData\Local\Opera Software
2014-01-04 20:05 - 2013-05-15 19:37 - 00001425 _____ C:\Users\Shitface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-04 18:45 - 2014-01-04 18:44 - 33803296 _____ (Opera Software ASA) C:\Users\Shitface\Downloads\Opera_18.0.1284.68_Setup.exe
2014-01-04 18:22 - 2013-12-08 19:02 - 00000000 ___RD C:\SHITFACE-HP
2014-01-04 18:05 - 2012-11-20 17:57 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\TS3Client
2014-01-04 18:05 - 2009-07-27 16:04 - 00000000 ____D C:\windows\Panther
2014-01-04 16:29 - 2014-01-04 16:29 - 00000222 _____ C:\Users\Shitface\Desktop\Rust.url
2014-01-04 16:29 - 2014-01-04 16:29 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-03 17:31 - 2014-01-03 17:31 - 01133552 _____ C:\Users\Shitface\Downloads\SteamSetup.exe
2014-01-03 17:31 - 2014-01-03 17:31 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2014-01-02 19:44 - 2013-03-10 15:17 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\.minecraft
2014-01-01 22:41 - 2013-12-30 01:53 - 00000000 ____D C:\Users\Shitface\Documents\Bandicam
2014-01-01 14:58 - 2013-12-23 14:10 - 00000000 ____D C:\Users\Shitface\Desktop\Fusion-Network
2014-01-01 03:48 - 2014-01-01 03:39 - 00000084 _____ C:\Users\Shitface\Downloads\MOL_Properties.properties
2014-01-01 03:48 - 2014-01-01 03:39 - 00000000 ____D C:\Users\Shitface\minecraft
2014-01-01 03:39 - 2014-01-01 03:39 - 00473416 _____ C:\Users\Shitface\Downloads\MinecraftSMP cracked Launcher.jar
2014-01-01 03:39 - 2014-01-01 03:39 - 00473416 _____ C:\Users\Shitface\Downloads\MinecraftSMP cracked Launcher (1).jar
2014-01-01 03:39 - 2012-11-19 17:46 - 00000000 ____D C:\Users\Shitface
2013-12-31 21:41 - 2013-12-31 21:41 - 00000992 _____ C:\Users\Shitface\Desktop\Bandicam.lnk
2013-12-31 21:41 - 2013-12-30 01:53 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2013-12-31 21:41 - 2013-12-30 01:53 - 00000000 ____D C:\Program Files (x86)\Bandicam
2013-12-31 17:41 - 2013-12-31 17:41 - 00000000 ____D C:\Program Files (x86)\Gameforge4D
2013-12-31 17:33 - 2013-12-31 16:47 - 1652170224 _____ (Gameforge4D                                                ) C:\Users\Shitface\Downloads\4Story_DE_4.2.1.exe
2013-12-31 16:52 - 2013-11-21 20:22 - 00000000 __SHD C:\windows\SysWOW64\AI_RecycleBin
2013-12-31 00:50 - 2013-12-31 00:49 - 1283496964 _____ C:\Users\Shitface\Downloads\Lavanda2.rar
2013-12-30 14:13 - 2009-07-14 06:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-12-30 01:54 - 2013-12-30 01:54 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\BANDISOFT
2013-12-30 01:53 - 2013-12-30 01:53 - 07374512 _____ (Bandisoft) C:\Users\Shitface\Downloads\bdcamsetup192.exe
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Users\Shitface\AppData\Local\VNT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Program Files (x86)\VNT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-12-28 17:23 - 2013-12-28 17:23 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Avira
2013-12-28 17:23 - 2013-12-28 17:23 - 00000000 ____D C:\ProgramData\APN
2013-12-28 17:22 - 2013-12-28 17:22 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\ProgramData\Avira
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-28 17:19 - 2013-12-28 17:16 - 129598176 _____ C:\Users\Shitface\Downloads\avira_free_antivirus_de_14.0.2.286.exe
2013-12-28 16:24 - 2013-12-28 16:23 - 02547000 _____ (Eximion B.V.) C:\Users\Shitface\Downloads\KalydoPlayer_5.09.05.exe
2013-12-27 19:34 - 2013-12-27 19:34 - 00000540 _____ C:\Users\Shitface\Desktop\Neues Textdokument (3).txt
2013-12-24 17:27 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF
2013-12-23 14:10 - 2013-12-23 13:45 - 1015453079 _____ C:\Users\Shitface\Downloads\Fusion-Network_15_11.2013.rar
2013-12-23 09:04 - 2013-04-09 19:02 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2013-12-22 21:15 - 2012-11-19 17:46 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\hpqLog
2013-12-22 21:15 - 2010-12-10 04:44 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-12-22 21:15 - 2009-07-27 17:14 - 00000000 ____D C:\swsetup
2013-12-22 20:30 - 2013-04-28 15:54 - 00000000 _____ C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-22 20:15 - 2012-11-25 22:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-12-22 20:15 - 2012-11-19 17:47 - 00000000 ____D C:\ProgramData\FLEXnet
2013-12-22 20:15 - 2009-07-14 04:20 - 00000000 ____D C:\windows\registration
2013-12-21 20:11 - 2012-11-20 17:57 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-12-14 11:32 - 2013-09-22 17:31 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-14 11:32 - 2013-09-22 17:31 - 00000000 ____D C:\windows\system32\MRT
2013-12-12 10:47 - 2009-07-14 05:45 - 00277640 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-11 11:40 - 2013-12-11 11:40 - 09293192 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-11 11:40 - 2013-02-07 14:43 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 11:40 - 2013-02-07 14:43 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 11:40 - 2013-02-07 14:43 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-12-09 11:37 - 2013-12-28 17:22 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-12-09 11:37 - 2013-12-28 17:22 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-12-09 11:37 - 2013-12-28 17:22 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-12-09 11:37 - 2013-12-28 17:22 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-12-08 19:02 - 2013-12-08 19:02 - 00000528 ____R C:\MediaID.bin

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Shitface\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-04 16:16

==================== End Of Log ============================
--- --- ---


Addition txt ist keine gekommen

schrauber 08.01.2014 09:23
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Malysch 08.01.2014 14:27
Code:
# AdwCleaner v3.016 - Bericht erstellt am 08/01/2014 um 14:03:34
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Shitface - SHITFACE-HP
# Gestartet von : C:\Users\Shitface\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Program Files (x86)\Mail.Ru
Ordner Gelöscht : C:\windows\SysWOW64\ARFC
Ordner Gelöscht : C:\windows\SysWOW64\jmdp
Ordner Gelöscht : C:\windows\SysWOW64\WNLT
Ordner Gelöscht : C:\windows\System32\ARFC
Ordner Gelöscht : C:\windows\System32\ljkb
Ordner Gelöscht : C:\Users\Shitface\AppData\Local\Mail.Ru
Ordner Gelöscht : C:\Users\Shitface\AppData\Local\savings explorer
Ordner Gelöscht : C:\Users\Shitface\AppData\LocalLow\Claro LTD
Ordner Gelöscht : C:\Users\Shitface\AppData\LocalLow\incredibar.com
Ordner Gelöscht : C:\Users\Shitface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mail.Ru
Datei Gelöscht : C:\windows\System32\dmwu.exe
Datei Gelöscht : C:\windows\System32\ImhxxpComm.dll
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKCU\Software\5355dedae13cba14
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\IB Updater
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\wnlt

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\Shitface\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5784 octets] - [08/01/2014 14:02:42]
AdwCleaner[S0].txt - [5148 octets] - [08/01/2014 14:03:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5208 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Shitface on 08.01.2014 at 14:16:21,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2858964347-2214279784-1929045205-1000\Software\ib updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2858964347-2214279784-1929045205-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_02042013_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_02042013_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_02042013_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_02042013_RASMANCS



~~~ Files

Successfully deleted: [File] "C:\Users\Shitface\appdata\locallow\SkwConfig.bin"
Successfully deleted: [File] C:\windows\syswow64\sho13DE.tmp
Successfully deleted: [File] C:\windows\syswow64\sho4F8D.tmp
Successfully deleted: [File] C:\windows\syswow64\sho87C1.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.01.2014 at 14:23:50,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014
Ran by Shitface (administrator) on SHITFACE-HP on 08-01-2014 14:25:57
Running from C:\Users\Shitface\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Program Files (x86)\TorrentExpress\TorrentExpress.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(APN LLC.) C:\Users\Shitface\AppData\Local\VNT\vntldr.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-29] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [202192 2013-12-20] (APN LLC.)
HKLM-x32\...\Run: [4StoryPrePatch] - C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe [327680 2013-01-08] (Zemi Interactive Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKCU\...\Run: [TorrentExpress] - C:\Program Files (x86)\TorrentExpress\TorrentExpress.exe [667648 2013-06-19] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome:
=======
CHR DefaultSearchKeyword:
CHR DefaultSearchProvider:
CHR DefaultSearchURL:
CHR DefaultNewTabURL:
CHR Extension: (BetterTTV) - C:\Users\Shitface\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped\6.6_0
CHR Extension: (Skype Click to Call) - C:\Users\Shitface\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Google Wallet) - C:\Users\Shitface\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Shitface\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm\30.1_0
CHR HKLM-x32\...\Chrome\Extension: [dijpoieccemifpgijppmfkdhdjgggclg] - C:\Users\Shitface\AppData\Local\Google\Chrome\\User Data\\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\dijpoieccemifpgijppmfkdhdjgggclg.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [pcoohmdcpejoeggdnihdfhohjgdbllgm] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\ToolbarCR.crx

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
S3 npggsvc; C:\windows\SysWow64\GameMon.des [3955824 2012-10-16] (INCA Internet Co., Ltd.)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [244736 2010-01-29] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 BTMNET; C:\Windows\System32\DRIVERS\btmnet.sys [28672 2010-06-17] (Motorola, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [96384 2010-05-21] (Realtek Semiconductor Corp.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]
S3 X6va011; \??\C:\windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\windows\SysWOW64\Drivers\X6va012 [x]
S3 X6va016; \??\C:\windows\SysWOW64\Drivers\X6va016 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-08 14:25 - 2014-01-08 14:25 - 01932624 _____ (Farbar) C:\Users\Shitface\Desktop\FRST64.exe
2014-01-08 14:25 - 2014-01-08 14:25 - 00012609 _____ C:\Users\Shitface\Desktop\FRST.txt
2014-01-08 14:23 - 2014-01-08 14:23 - 00002064 _____ C:\Users\Shitface\Desktop\JRT.txt
2014-01-08 14:16 - 2014-01-08 14:16 - 00000000 ____D C:\windows\ERUNT
2014-01-08 14:15 - 2014-01-08 14:16 - 01037068 _____ (Thisisu) C:\Users\Shitface\Downloads\JRT.exe
2014-01-08 14:02 - 2014-01-08 14:03 - 00000000 ____D C:\AdwCleaner
2014-01-08 13:59 - 2014-01-08 13:59 - 01233962 _____ C:\Users\Shitface\Desktop\adwcleaner.exe
2014-01-07 21:11 - 2014-01-07 21:12 - 00000000 ____D C:\Users\Shitface\Documents\CrossFire
2014-01-07 21:11 - 2014-01-07 21:11 - 00000000 ____D C:\CFLog
2014-01-07 20:30 - 2014-01-07 21:19 - 00000000 ____D C:\GamesMailRu
2014-01-07 20:30 - 2014-01-07 20:30 - 04175936 _____ C:\Users\Shitface\Downloads\CrossfireLoader.exe
2014-01-07 19:21 - 2014-01-07 19:21 - 01514209 _____ C:\Users\Shitface\Downloads\ProDamage.rar
2014-01-07 19:20 - 2014-01-07 19:20 - 00000064 _____ C:\Users\Shitface\Downloads\down-links.txt
2014-01-07 16:42 - 2014-01-07 16:42 - 00195432 _____ C:\Users\Shitface\Downloads\m2kmod_client.zip
2014-01-07 16:07 - 2014-01-07 16:07 - 00000000 ____D C:\Users\Shitface\Downloads\Gameforge Live
2014-01-06 16:42 - 2014-01-06 16:42 - 00007605 _____ C:\Users\Shitface\AppData\Local\Resmon.ResmonCfg
2014-01-06 15:29 - 2014-01-06 15:29 - 00000000 ____D C:\Users\Shitface\AppData\Local\fabi.me
2014-01-06 01:43 - 2014-01-06 01:43 - 00001948 _____ C:\Users\Public\Desktop\Metin2.lnk
2014-01-06 01:12 - 2014-01-06 01:12 - 00001071 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2014-01-05 20:01 - 2014-01-05 20:01 - 00000000 ____D C:\Program Files\Synaptics
2014-01-05 20:00 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-01-05 20:00 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2014-01-05 20:00 - 2012-08-23 15:07 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-01-05 20:00 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-01-05 20:00 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-01-05 20:00 - 2012-08-23 14:41 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-05 20:00 - 2012-08-23 14:40 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-05 20:00 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-01-05 20:00 - 2012-08-23 14:20 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-01-05 20:00 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-01-05 20:00 - 2012-08-23 14:17 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-01-05 20:00 - 2012-08-23 14:06 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-01-05 20:00 - 2012-08-23 13:52 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-01-05 20:00 - 2012-08-23 12:20 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-01-05 20:00 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-01-05 20:00 - 2012-08-23 12:14 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-01-05 20:00 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2014-01-05 20:00 - 2012-08-23 11:54 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-01-05 20:00 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2014-01-05 20:00 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-01-05 20:00 - 2012-08-23 11:22 - 01123840 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-01-05 20:00 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-01-05 20:00 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-01-05 20:00 - 2012-08-23 09:13 - 05773824 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-01-05 19:59 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-01-05 19:59 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-01-05 18:37 - 2014-01-05 18:46 - 00000000 ___SD C:\ComboFix
2014-01-05 18:37 - 2014-01-05 18:37 - 00000000 ___SD C:\32788R22FWJFW
2014-01-05 17:58 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2014-01-05 17:58 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2014-01-05 17:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-01-05 17:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-01-05 17:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-01-05 17:58 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2014-01-05 17:58 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2014-01-05 17:58 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2014-01-05 17:57 - 2014-01-05 17:57 - 00000000 ____D C:\windows\erdnt
2014-01-05 17:57 - 2014-01-05 17:57 - 00000000 ____D C:\Qoobox
2014-01-05 12:16 - 2014-01-05 12:16 - 00000000 ____D C:\Program Files (x86)\3DO
2014-01-04 22:08 - 2014-01-04 22:08 - 00001071 _____ C:\Users\Public\Desktop\Corel Home Office.lnk
2014-01-04 21:12 - 2014-01-08 14:10 - 00001027 _____ C:\windows\setupact.log
2014-01-04 21:12 - 2014-01-07 19:31 - 00130884 _____ C:\windows\PFRO.log
2014-01-04 21:12 - 2014-01-04 21:12 - 00000000 _____ C:\windows\setuperr.log
2014-01-04 20:22 - 2014-01-07 15:21 - 00000000 ____D C:\FRST
2014-01-04 18:46 - 2014-01-04 20:06 - 00000000 ____D C:\Program Files (x86)\Opera
2014-01-04 18:46 - 2014-01-04 20:05 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Opera Software
2014-01-04 18:46 - 2014-01-04 20:05 - 00000000 ____D C:\Users\Shitface\AppData\Local\Opera Software
2014-01-04 16:29 - 2014-01-04 16:29 - 00000222 _____ C:\Users\Shitface\Desktop\Rust.url
2014-01-04 16:29 - 2014-01-04 16:29 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-03 17:31 - 2014-01-05 18:59 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-03 17:31 - 2014-01-03 17:31 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2014-01-01 03:39 - 2014-01-01 03:48 - 00000000 ____D C:\Users\Shitface\minecraft
2013-12-31 21:41 - 2013-12-31 21:41 - 00000992 _____ C:\Users\Shitface\Desktop\Bandicam.lnk
2013-12-31 17:41 - 2013-12-31 17:41 - 00000000 ____D C:\Program Files (x86)\Gameforge4D
2013-12-30 01:54 - 2013-12-30 01:54 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\BANDISOFT
2013-12-30 01:53 - 2014-01-01 22:41 - 00000000 ____D C:\Users\Shitface\Documents\Bandicam
2013-12-30 01:53 - 2013-12-31 21:41 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2013-12-30 01:53 - 2013-12-31 21:41 - 00000000 ____D C:\Program Files (x86)\Bandicam
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Users\Shitface\AppData\Local\VNT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Program Files (x86)\VNT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-12-28 17:23 - 2013-12-28 17:23 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Avira
2013-12-28 17:22 - 2013-12-28 17:22 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\ProgramData\Avira
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-28 17:22 - 2013-12-09 11:37 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-12-28 17:22 - 2013-12-09 11:37 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-12-28 17:22 - 2013-12-09 11:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-12-28 17:22 - 2013-12-09 11:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-12-27 19:34 - 2013-12-27 19:34 - 00000540 _____ C:\Users\Shitface\Desktop\Neues Textdokument (3).txt
2013-12-23 14:10 - 2014-01-07 19:32 - 00000000 ____D C:\Users\Shitface\Desktop\Fusion-Network
2013-12-12 06:40 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-12 06:40 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-12 06:40 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-12 06:40 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-12 06:39 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-12 06:39 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-12 06:39 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-12 06:39 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-12 06:39 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-12 06:39 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-12 06:39 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-12 06:39 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-12 06:39 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-12 06:39 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-12 06:39 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-12 06:39 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-12 06:39 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-12 06:39 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-12 06:39 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-12 06:39 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-12 06:39 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-12 06:39 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-12 06:39 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-12 06:39 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-12 06:39 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-12 06:39 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-12 06:39 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-12 06:39 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-12 06:39 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-12 06:39 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-12 06:39 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-12 06:39 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-12 06:39 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-12 06:39 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-12 06:39 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-12 06:31 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-12 06:31 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-12 06:31 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-12 06:31 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-12 06:31 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-12 06:31 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-12 06:31 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-12 06:31 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-12 06:31 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-12 06:31 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-12 06:31 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-12 06:31 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-12 06:31 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-12 06:31 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-12 06:31 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-12 06:31 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-12 06:31 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-12 06:31 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-12 06:31 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-11 11:40 - 2013-12-11 11:40 - 09293192 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

2014-01-08 14:27 - 2014-01-08 14:25 - 00012609 _____ C:\Users\Shitface\Desktop\FRST.txt
2014-01-08 14:25 - 2014-01-08 14:25 - 01932624 _____ (Farbar) C:\Users\Shitface\Desktop\FRST64.exe
2014-01-08 14:23 - 2014-01-08 14:23 - 00002064 _____ C:\Users\Shitface\Desktop\JRT.txt
2014-01-08 14:18 - 2009-07-14 05:45 - 00019536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-08 14:18 - 2009-07-14 05:45 - 00019536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-08 14:16 - 2014-01-08 14:16 - 00000000 ____D C:\windows\ERUNT
2014-01-08 14:16 - 2014-01-08 14:15 - 01037068 _____ (Thisisu) C:\Users\Shitface\Downloads\JRT.exe
2014-01-08 14:14 - 2012-11-19 17:42 - 01623357 _____ C:\windows\WindowsUpdate.log
2014-01-08 14:10 - 2014-01-04 21:12 - 00001027 _____ C:\windows\setupact.log
2014-01-08 14:10 - 2013-12-04 17:35 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-08 14:10 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-08 14:03 - 2014-01-08 14:02 - 00000000 ____D C:\AdwCleaner
2014-01-08 14:03 - 2012-12-02 13:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-08 13:59 - 2014-01-08 13:59 - 01233962 _____ C:\Users\Shitface\Desktop\adwcleaner.exe
2014-01-08 13:58 - 2012-11-19 20:29 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Skype
2014-01-07 23:25 - 2012-11-25 22:45 - 01649854 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2014-01-07 23:25 - 2010-12-10 04:42 - 00700134 _____ C:\windows\system32\perfh007.dat
2014-01-07 23:25 - 2010-12-10 04:42 - 00149984 _____ C:\windows\system32\perfc007.dat
2014-01-07 22:40 - 2013-12-04 17:35 - 00001114 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-07 22:40 - 2013-02-07 14:43 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-07 21:19 - 2014-01-07 20:30 - 00000000 ____D C:\GamesMailRu
2014-01-07 21:12 - 2014-01-07 21:11 - 00000000 ____D C:\Users\Shitface\Documents\CrossFire
2014-01-07 21:11 - 2014-01-07 21:11 - 00000000 ____D C:\CFLog
2014-01-07 20:30 - 2014-01-07 20:30 - 04175936 _____ C:\Users\Shitface\Downloads\CrossfireLoader.exe
2014-01-07 19:32 - 2013-12-23 14:10 - 00000000 ____D C:\Users\Shitface\Desktop\Fusion-Network
2014-01-07 19:31 - 2014-01-04 21:12 - 00130884 _____ C:\windows\PFRO.log
2014-01-07 19:21 - 2014-01-07 19:21 - 01514209 _____ C:\Users\Shitface\Downloads\ProDamage.rar
2014-01-07 19:20 - 2014-01-07 19:20 - 00000064 _____ C:\Users\Shitface\Downloads\down-links.txt
2014-01-07 16:42 - 2014-01-07 16:42 - 00195432 _____ C:\Users\Shitface\Downloads\m2kmod_client.zip
2014-01-07 16:07 - 2014-01-07 16:07 - 00000000 ____D C:\Users\Shitface\Downloads\Gameforge Live
2014-01-07 15:21 - 2014-01-04 20:22 - 00000000 ____D C:\FRST
2014-01-07 10:42 - 2012-11-20 02:38 - 00000000 ____D C:\windows\rescache
2014-01-06 16:42 - 2014-01-06 16:42 - 00007605 _____ C:\Users\Shitface\AppData\Local\Resmon.ResmonCfg
2014-01-06 15:29 - 2014-01-06 15:29 - 00000000 ____D C:\Users\Shitface\AppData\Local\fabi.me
2014-01-06 01:43 - 2014-01-06 01:43 - 00001948 _____ C:\Users\Public\Desktop\Metin2.lnk
2014-01-06 01:12 - 2014-01-06 01:12 - 00001071 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2014-01-06 01:12 - 2012-12-09 13:44 - 00000000 ____D C:\Program Files (x86)\GameforgeLive
2014-01-05 23:49 - 2012-12-15 19:38 - 00000000 ____D C:\Users\Shitface\AppData\Local\CrashDumps
2014-01-05 20:03 - 2009-07-14 04:20 - 00000000 ____D C:\windows\PolicyDefinitions
2014-01-05 20:02 - 2012-11-19 17:51 - 00005735 _____ C:\windows\system32\RaCoInst.log
2014-01-05 20:01 - 2014-01-05 20:01 - 00000000 ____D C:\Program Files\Synaptics
2014-01-05 19:43 - 2009-07-14 06:13 - 01644054 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-05 19:42 - 2013-04-09 19:36 - 00003204 _____ C:\windows\System32\Tasks\HPCeeScheduleForShitface
2014-01-05 19:42 - 2013-04-09 19:36 - 00000344 _____ C:\windows\Tasks\HPCeeScheduleForShitface.job
2014-01-05 18:59 - 2014-01-03 17:31 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-05 18:46 - 2014-01-05 18:37 - 00000000 ___SD C:\ComboFix
2014-01-05 18:37 - 2014-01-05 18:37 - 00000000 ___SD C:\32788R22FWJFW
2014-01-05 17:57 - 2014-01-05 17:57 - 00000000 ____D C:\windows\erdnt
2014-01-05 17:57 - 2014-01-05 17:57 - 00000000 ____D C:\Qoobox
2014-01-05 12:18 - 2013-02-16 15:22 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-05 12:16 - 2014-01-05 12:16 - 00000000 ____D C:\Program Files (x86)\3DO
2014-01-04 22:08 - 2014-01-04 22:08 - 00001071 _____ C:\Users\Public\Desktop\Corel Home Office.lnk
2014-01-04 21:12 - 2014-01-04 21:12 - 00000000 _____ C:\windows\setuperr.log
2014-01-04 20:14 - 2013-02-20 20:00 - 00000952 ___SH C:\ProgramData\KGyGaAvL.sys
2014-01-04 20:06 - 2014-01-04 18:46 - 00000000 ____D C:\Program Files (x86)\Opera
2014-01-04 20:05 - 2014-01-04 18:46 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Opera Software
2014-01-04 20:05 - 2014-01-04 18:46 - 00000000 ____D C:\Users\Shitface\AppData\Local\Opera Software
2014-01-04 20:05 - 2013-05-15 19:37 - 00001425 _____ C:\Users\Shitface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-04 18:22 - 2013-12-08 19:02 - 00000000 ___RD C:\SHITFACE-HP
2014-01-04 18:05 - 2012-11-20 17:57 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\TS3Client
2014-01-04 18:05 - 2009-07-27 16:04 - 00000000 ____D C:\windows\Panther
2014-01-04 16:29 - 2014-01-04 16:29 - 00000222 _____ C:\Users\Shitface\Desktop\Rust.url
2014-01-04 16:29 - 2014-01-04 16:29 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-03 17:31 - 2014-01-03 17:31 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2014-01-02 19:44 - 2013-03-10 15:17 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\.minecraft
2014-01-01 22:41 - 2013-12-30 01:53 - 00000000 ____D C:\Users\Shitface\Documents\Bandicam
2014-01-01 03:48 - 2014-01-01 03:39 - 00000000 ____D C:\Users\Shitface\minecraft
2014-01-01 03:39 - 2012-11-19 17:46 - 00000000 ____D C:\Users\Shitface
2013-12-31 21:41 - 2013-12-31 21:41 - 00000992 _____ C:\Users\Shitface\Desktop\Bandicam.lnk
2013-12-31 21:41 - 2013-12-30 01:53 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2013-12-31 21:41 - 2013-12-30 01:53 - 00000000 ____D C:\Program Files (x86)\Bandicam
2013-12-31 17:41 - 2013-12-31 17:41 - 00000000 ____D C:\Program Files (x86)\Gameforge4D
2013-12-30 14:13 - 2009-07-14 06:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-12-30 01:54 - 2013-12-30 01:54 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\BANDISOFT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Users\Shitface\AppData\Local\VNT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Program Files (x86)\VNT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-12-28 17:23 - 2013-12-28 17:23 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Avira
2013-12-28 17:22 - 2013-12-28 17:22 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\ProgramData\Avira
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-27 19:34 - 2013-12-27 19:34 - 00000540 _____ C:\Users\Shitface\Desktop\Neues Textdokument (3).txt
2013-12-24 17:27 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF
2013-12-23 09:04 - 2013-04-09 19:02 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2013-12-22 21:15 - 2012-11-19 17:46 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\hpqLog
2013-12-22 21:15 - 2010-12-10 04:44 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-12-22 21:15 - 2009-07-27 17:14 - 00000000 ____D C:\swsetup
2013-12-22 20:30 - 2013-04-28 15:54 - 00000000 _____ C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-22 20:15 - 2012-11-25 22:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-12-22 20:15 - 2012-11-19 17:47 - 00000000 ____D C:\ProgramData\FLEXnet
2013-12-22 20:15 - 2009-07-14 04:20 - 00000000 ____D C:\windows\registration
2013-12-21 20:11 - 2012-11-20 17:57 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-12-14 11:32 - 2013-09-22 17:31 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-14 11:32 - 2013-09-22 17:31 - 00000000 ____D C:\windows\system32\MRT
2013-12-12 10:47 - 2009-07-14 05:45 - 00277640 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-11 11:40 - 2013-12-11 11:40 - 09293192 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-11 11:40 - 2013-02-07 14:43 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 11:40 - 2013-02-07 14:43 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 11:40 - 2013-02-07 14:43 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-12-09 11:37 - 2013-12-28 17:22 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-12-09 11:37 - 2013-12-28 17:22 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-12-09 11:37 - 2013-12-28 17:22 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-12-09 11:37 - 2013-12-28 17:22 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Shitface\AppData\Local\Temp\avgnt.exe
C:\Users\Shitface\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-04 16:16

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 09.01.2014 11:00

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Malysch 09.01.2014 20:28
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=34b95a0e5da85a4a826085eea522b785
# engine=16589
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-09 06:44:59
# local_time=2014-01-09 07:44:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 26454 2711261 19170 0
# compatibility_mode=5893 16776573 100 94 105838 140922949 0 0
# scanned=207837
# found=0
# cleaned=0
# scan_time=7588
Code:
Results of screen317's Security Check version 0.99.78 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java 7 Update 9 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player 11.9.900.170 
 Google Chrome 31.0.1650.63 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014 01
Ran by Shitface (administrator) on SHITFACE-HP on 09-01-2014 20:01:02
Running from C:\Users\Shitface\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Program Files (x86)\TorrentExpress\TorrentExpress.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN LLC.) C:\Users\Shitface\AppData\Local\VNT\vntldr.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Users\Shitface\Downloads\chromeinstall-7u45.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-29] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [202192 2013-12-20] (APN LLC.)
HKLM-x32\...\Run: [4StoryPrePatch] - C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe [327680 2013-01-08] (Zemi Interactive Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKCU\...\Run: [TorrentExpress] - C:\Program Files (x86)\TorrentExpress\TorrentExpress.exe [667648 2013-06-19] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome:
=======
CHR DefaultSearchKeyword:
CHR DefaultSearchProvider:
CHR DefaultSearchURL:
CHR DefaultNewTabURL:
CHR Extension: (BetterTTV) - C:\Users\Shitface\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped\6.6_0
CHR Extension: (Skype Click to Call) - C:\Users\Shitface\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Google Wallet) - C:\Users\Shitface\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Shitface\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm\30.1_0
CHR HKLM-x32\...\Chrome\Extension: [dijpoieccemifpgijppmfkdhdjgggclg] - C:\Users\Shitface\AppData\Local\Google\Chrome\\User Data\\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\dijpoieccemifpgijppmfkdhdjgggclg.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [pcoohmdcpejoeggdnihdfhohjgdbllgm] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\ToolbarCR.crx

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
S3 npggsvc; C:\windows\SysWow64\GameMon.des [3955824 2012-10-16] (INCA Internet Co., Ltd.)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [244736 2010-01-29] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 BTMNET; C:\Windows\System32\DRIVERS\btmnet.sys [28672 2010-06-17] (Motorola, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [96384 2010-05-21] (Realtek Semiconductor Corp.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]
S3 X6va011; \??\C:\windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\windows\SysWOW64\Drivers\X6va012 [x]
S3 X6va016; \??\C:\windows\SysWOW64\Drivers\X6va016 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-09 20:01 - 2014-01-09 20:01 - 00013011 _____ C:\Users\Shitface\Desktop\FRST.txt
2014-01-09 20:00 - 2014-01-09 20:00 - 00915368 _____ (Oracle Corporation) C:\Users\Shitface\Downloads\chromeinstall-7u45.exe
2014-01-09 19:59 - 2014-01-09 19:59 - 01931770 _____ (Farbar) C:\Users\Shitface\Desktop\FRST64.exe
2014-01-09 19:59 - 2014-01-09 19:59 - 00000000 ____D C:\ProgramData\Oracle
2014-01-09 19:58 - 2014-01-09 19:58 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-09 19:58 - 2014-01-09 19:58 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-09 19:58 - 2014-01-09 19:58 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-09 19:58 - 2014-01-09 19:58 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-09 19:58 - 2014-01-09 19:58 - 00000000 ____D C:\Users\Shitface\AppData\Local\Adobe
2014-01-09 19:50 - 2014-01-09 19:50 - 00987410 _____ C:\Users\Shitface\Desktop\SecurityCheck.exe
2014-01-09 17:35 - 2014-01-09 17:35 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-08 14:16 - 2014-01-08 14:16 - 00000000 ____D C:\windows\ERUNT
2014-01-08 14:15 - 2014-01-08 14:16 - 01037068 _____ (Thisisu) C:\Users\Shitface\Downloads\JRT.exe
2014-01-08 14:02 - 2014-01-08 14:03 - 00000000 ____D C:\AdwCleaner
2014-01-07 21:11 - 2014-01-07 21:12 - 00000000 ____D C:\Users\Shitface\Documents\CrossFire
2014-01-07 21:11 - 2014-01-07 21:11 - 00000000 ____D C:\CFLog
2014-01-07 20:30 - 2014-01-07 21:19 - 00000000 ____D C:\GamesMailRu
2014-01-07 20:30 - 2014-01-07 20:30 - 04175936 _____ C:\Users\Shitface\Downloads\CrossfireLoader.exe
2014-01-07 19:21 - 2014-01-07 19:21 - 01514209 _____ C:\Users\Shitface\Downloads\ProDamage.rar
2014-01-07 19:20 - 2014-01-07 19:20 - 00000064 _____ C:\Users\Shitface\Downloads\down-links.txt
2014-01-07 16:42 - 2014-01-07 16:42 - 00195432 _____ C:\Users\Shitface\Downloads\m2kmod_client.zip
2014-01-07 16:07 - 2014-01-07 16:07 - 00000000 ____D C:\Users\Shitface\Downloads\Gameforge Live
2014-01-06 16:42 - 2014-01-06 16:42 - 00007605 _____ C:\Users\Shitface\AppData\Local\Resmon.ResmonCfg
2014-01-06 15:29 - 2014-01-06 15:29 - 00000000 ____D C:\Users\Shitface\AppData\Local\fabi.me
2014-01-06 01:43 - 2014-01-06 01:43 - 00001948 _____ C:\Users\Public\Desktop\Metin2.lnk
2014-01-06 01:12 - 2014-01-06 01:12 - 00001071 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2014-01-05 20:01 - 2014-01-05 20:01 - 00000000 ____D C:\Program Files\Synaptics
2014-01-05 20:00 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-01-05 20:00 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2014-01-05 20:00 - 2012-08-23 15:07 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-01-05 20:00 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-01-05 20:00 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-01-05 20:00 - 2012-08-23 14:41 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-05 20:00 - 2012-08-23 14:40 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-05 20:00 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-01-05 20:00 - 2012-08-23 14:20 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-01-05 20:00 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-01-05 20:00 - 2012-08-23 14:17 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-01-05 20:00 - 2012-08-23 14:06 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-01-05 20:00 - 2012-08-23 13:52 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-01-05 20:00 - 2012-08-23 12:20 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-01-05 20:00 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-01-05 20:00 - 2012-08-23 12:14 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-01-05 20:00 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2014-01-05 20:00 - 2012-08-23 11:54 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-01-05 20:00 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2014-01-05 20:00 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-01-05 20:00 - 2012-08-23 11:22 - 01123840 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-01-05 20:00 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-01-05 20:00 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-01-05 20:00 - 2012-08-23 09:13 - 05773824 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-01-05 19:59 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-01-05 19:59 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-01-05 18:37 - 2014-01-05 18:46 - 00000000 ___SD C:\ComboFix
2014-01-05 18:37 - 2014-01-05 18:37 - 00000000 ___SD C:\32788R22FWJFW
2014-01-05 17:58 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2014-01-05 17:58 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2014-01-05 17:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-01-05 17:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-01-05 17:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-01-05 17:58 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2014-01-05 17:58 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2014-01-05 17:58 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2014-01-05 17:57 - 2014-01-05 17:57 - 00000000 ____D C:\windows\erdnt
2014-01-05 17:57 - 2014-01-05 17:57 - 00000000 ____D C:\Qoobox
2014-01-05 12:16 - 2014-01-05 12:16 - 00000000 ____D C:\Program Files (x86)\3DO
2014-01-04 22:08 - 2014-01-04 22:08 - 00001071 _____ C:\Users\Public\Desktop\Corel Home Office.lnk
2014-01-04 21:12 - 2014-01-09 13:18 - 00132710 _____ C:\windows\PFRO.log
2014-01-04 21:12 - 2014-01-09 13:18 - 00001139 _____ C:\windows\setupact.log
2014-01-04 21:12 - 2014-01-04 21:12 - 00000000 _____ C:\windows\setuperr.log
2014-01-04 20:22 - 2014-01-07 15:21 - 00000000 ____D C:\FRST
2014-01-04 18:46 - 2014-01-04 20:06 - 00000000 ____D C:\Program Files (x86)\Opera
2014-01-04 18:46 - 2014-01-04 20:05 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Opera Software
2014-01-04 18:46 - 2014-01-04 20:05 - 00000000 ____D C:\Users\Shitface\AppData\Local\Opera Software
2014-01-04 16:29 - 2014-01-04 16:29 - 00000222 _____ C:\Users\Shitface\Desktop\Rust.url
2014-01-04 16:29 - 2014-01-04 16:29 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-03 17:31 - 2014-01-05 18:59 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-03 17:31 - 2014-01-03 17:31 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2014-01-01 03:39 - 2014-01-01 03:48 - 00000000 ____D C:\Users\Shitface\minecraft
2013-12-31 21:41 - 2013-12-31 21:41 - 00000992 _____ C:\Users\Shitface\Desktop\Bandicam.lnk
2013-12-31 17:41 - 2013-12-31 17:41 - 00000000 ____D C:\Program Files (x86)\Gameforge4D
2013-12-30 01:54 - 2013-12-30 01:54 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\BANDISOFT
2013-12-30 01:53 - 2014-01-01 22:41 - 00000000 ____D C:\Users\Shitface\Documents\Bandicam
2013-12-30 01:53 - 2013-12-31 21:41 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2013-12-30 01:53 - 2013-12-31 21:41 - 00000000 ____D C:\Program Files (x86)\Bandicam
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Users\Shitface\AppData\Local\VNT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Program Files (x86)\VNT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-12-28 17:23 - 2013-12-28 17:23 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Avira
2013-12-28 17:22 - 2013-12-28 17:22 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\ProgramData\Avira
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-28 17:22 - 2013-12-09 11:37 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-12-28 17:22 - 2013-12-09 11:37 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-12-28 17:22 - 2013-12-09 11:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-12-28 17:22 - 2013-12-09 11:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-12-27 19:34 - 2013-12-27 19:34 - 00000540 _____ C:\Users\Shitface\Desktop\Neues Textdokument (3).txt
2013-12-23 14:10 - 2014-01-07 19:32 - 00000000 ____D C:\Users\Shitface\Desktop\Fusion-Network
2013-12-12 06:40 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-12 06:40 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-12 06:40 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-12 06:40 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-12 06:39 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-12 06:39 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-12 06:39 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-12-12 06:39 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-12 06:39 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-12 06:39 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-12-12 06:39 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-12 06:39 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-12 06:39 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-12 06:39 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-12 06:39 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-12 06:39 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-12-12 06:39 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-12-12 06:39 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-12-12 06:39 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-12 06:39 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-12 06:39 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-12 06:39 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-12 06:39 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-12 06:39 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-12-12 06:39 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-12 06:39 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-12-12 06:39 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-12 06:39 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-12-12 06:39 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-12 06:39 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-12 06:39 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-12 06:39 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-12-12 06:39 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-12-12 06:39 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-12 06:39 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-12 06:31 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-12 06:31 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-12 06:31 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-12 06:31 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-12 06:31 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-12 06:31 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-12 06:31 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-12 06:31 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-12 06:31 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-12 06:31 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-12 06:31 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-12 06:31 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-12 06:31 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-12 06:31 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-12 06:31 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-12 06:31 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-12 06:31 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-12 06:31 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-12 06:31 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-11 11:40 - 2013-12-11 11:40 - 09293192 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

2014-01-09 20:02 - 2014-01-09 20:01 - 00013011 _____ C:\Users\Shitface\Desktop\FRST.txt
2014-01-09 20:01 - 2012-11-19 20:29 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Skype
2014-01-09 20:00 - 2014-01-09 20:00 - 00915368 _____ (Oracle Corporation) C:\Users\Shitface\Downloads\chromeinstall-7u45.exe
2014-01-09 20:00 - 2014-01-09 19:58 - 00000000 ____D C:\Users\Shitface\AppData\Local\Adobe
2014-01-09 19:59 - 2014-01-09 19:59 - 01931770 _____ (Farbar) C:\Users\Shitface\Desktop\FRST64.exe
2014-01-09 19:59 - 2014-01-09 19:59 - 00000000 ____D C:\ProgramData\Oracle
2014-01-09 19:59 - 2013-02-07 14:43 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 19:59 - 2013-02-07 14:43 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-09 19:59 - 2013-02-07 14:43 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-01-09 19:59 - 2013-02-07 14:43 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-09 19:58 - 2014-01-09 19:58 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-09 19:58 - 2014-01-09 19:58 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-09 19:58 - 2014-01-09 19:58 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-09 19:58 - 2014-01-09 19:58 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-09 19:50 - 2014-01-09 19:50 - 00987410 _____ C:\Users\Shitface\Desktop\SecurityCheck.exe
2014-01-09 19:42 - 2013-04-09 19:36 - 00003204 _____ C:\windows\System32\Tasks\HPCeeScheduleForShitface
2014-01-09 19:42 - 2013-04-09 19:36 - 00000344 _____ C:\windows\Tasks\HPCeeScheduleForShitface.job
2014-01-09 19:40 - 2013-12-04 17:35 - 00001114 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-09 19:11 - 2012-11-19 17:42 - 01722377 _____ C:\windows\WindowsUpdate.log
2014-01-09 17:40 - 2013-12-04 17:35 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-09 17:35 - 2014-01-09 17:35 - 00000000 ____D C:\Program Files (x86)\ESET
2014-01-09 13:27 - 2009-07-14 05:45 - 00019536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-09 13:27 - 2009-07-14 05:45 - 00019536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-09 13:18 - 2014-01-04 21:12 - 00132710 _____ C:\windows\PFRO.log
2014-01-09 13:18 - 2014-01-04 21:12 - 00001139 _____ C:\windows\setupact.log
2014-01-09 13:18 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-08 21:53 - 2012-11-25 22:45 - 01649854 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2014-01-08 21:53 - 2010-12-10 04:42 - 00700134 _____ C:\windows\system32\perfh007.dat
2014-01-08 21:53 - 2010-12-10 04:42 - 00149984 _____ C:\windows\system32\perfc007.dat
2014-01-08 14:16 - 2014-01-08 14:16 - 00000000 ____D C:\windows\ERUNT
2014-01-08 14:16 - 2014-01-08 14:15 - 01037068 _____ (Thisisu) C:\Users\Shitface\Downloads\JRT.exe
2014-01-08 14:03 - 2014-01-08 14:02 - 00000000 ____D C:\AdwCleaner
2014-01-08 14:03 - 2012-12-02 13:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-07 21:19 - 2014-01-07 20:30 - 00000000 ____D C:\GamesMailRu
2014-01-07 21:12 - 2014-01-07 21:11 - 00000000 ____D C:\Users\Shitface\Documents\CrossFire
2014-01-07 21:11 - 2014-01-07 21:11 - 00000000 ____D C:\CFLog
2014-01-07 20:30 - 2014-01-07 20:30 - 04175936 _____ C:\Users\Shitface\Downloads\CrossfireLoader.exe
2014-01-07 19:32 - 2013-12-23 14:10 - 00000000 ____D C:\Users\Shitface\Desktop\Fusion-Network
2014-01-07 19:21 - 2014-01-07 19:21 - 01514209 _____ C:\Users\Shitface\Downloads\ProDamage.rar
2014-01-07 19:20 - 2014-01-07 19:20 - 00000064 _____ C:\Users\Shitface\Downloads\down-links.txt
2014-01-07 16:42 - 2014-01-07 16:42 - 00195432 _____ C:\Users\Shitface\Downloads\m2kmod_client.zip
2014-01-07 16:07 - 2014-01-07 16:07 - 00000000 ____D C:\Users\Shitface\Downloads\Gameforge Live
2014-01-07 15:21 - 2014-01-04 20:22 - 00000000 ____D C:\FRST
2014-01-07 10:42 - 2012-11-20 02:38 - 00000000 ____D C:\windows\rescache
2014-01-06 16:42 - 2014-01-06 16:42 - 00007605 _____ C:\Users\Shitface\AppData\Local\Resmon.ResmonCfg
2014-01-06 15:29 - 2014-01-06 15:29 - 00000000 ____D C:\Users\Shitface\AppData\Local\fabi.me
2014-01-06 01:43 - 2014-01-06 01:43 - 00001948 _____ C:\Users\Public\Desktop\Metin2.lnk
2014-01-06 01:12 - 2014-01-06 01:12 - 00001071 _____ C:\Users\Public\Desktop\Gameforge Live.lnk
2014-01-06 01:12 - 2012-12-09 13:44 - 00000000 ____D C:\Program Files (x86)\GameforgeLive
2014-01-05 23:49 - 2012-12-15 19:38 - 00000000 ____D C:\Users\Shitface\AppData\Local\CrashDumps
2014-01-05 20:03 - 2009-07-14 04:20 - 00000000 ____D C:\windows\PolicyDefinitions
2014-01-05 20:02 - 2012-11-19 17:51 - 00005735 _____ C:\windows\system32\RaCoInst.log
2014-01-05 20:01 - 2014-01-05 20:01 - 00000000 ____D C:\Program Files\Synaptics
2014-01-05 19:43 - 2009-07-14 06:13 - 01644054 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-05 18:59 - 2014-01-03 17:31 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-05 18:46 - 2014-01-05 18:37 - 00000000 ___SD C:\ComboFix
2014-01-05 18:37 - 2014-01-05 18:37 - 00000000 ___SD C:\32788R22FWJFW
2014-01-05 17:57 - 2014-01-05 17:57 - 00000000 ____D C:\windows\erdnt
2014-01-05 17:57 - 2014-01-05 17:57 - 00000000 ____D C:\Qoobox
2014-01-05 12:18 - 2013-02-16 15:22 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-05 12:16 - 2014-01-05 12:16 - 00000000 ____D C:\Program Files (x86)\3DO
2014-01-04 22:08 - 2014-01-04 22:08 - 00001071 _____ C:\Users\Public\Desktop\Corel Home Office.lnk
2014-01-04 21:12 - 2014-01-04 21:12 - 00000000 _____ C:\windows\setuperr.log
2014-01-04 20:14 - 2013-02-20 20:00 - 00000952 ___SH C:\ProgramData\KGyGaAvL.sys
2014-01-04 20:06 - 2014-01-04 18:46 - 00000000 ____D C:\Program Files (x86)\Opera
2014-01-04 20:05 - 2014-01-04 18:46 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Opera Software
2014-01-04 20:05 - 2014-01-04 18:46 - 00000000 ____D C:\Users\Shitface\AppData\Local\Opera Software
2014-01-04 20:05 - 2013-05-15 19:37 - 00001425 _____ C:\Users\Shitface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-04 18:22 - 2013-12-08 19:02 - 00000000 ___RD C:\SHITFACE-HP
2014-01-04 18:05 - 2012-11-20 17:57 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\TS3Client
2014-01-04 18:05 - 2009-07-27 16:04 - 00000000 ____D C:\windows\Panther
2014-01-04 16:29 - 2014-01-04 16:29 - 00000222 _____ C:\Users\Shitface\Desktop\Rust.url
2014-01-04 16:29 - 2014-01-04 16:29 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-03 17:31 - 2014-01-03 17:31 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2014-01-02 19:44 - 2013-03-10 15:17 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\.minecraft
2014-01-01 22:41 - 2013-12-30 01:53 - 00000000 ____D C:\Users\Shitface\Documents\Bandicam
2014-01-01 03:48 - 2014-01-01 03:39 - 00000000 ____D C:\Users\Shitface\minecraft
2014-01-01 03:39 - 2012-11-19 17:46 - 00000000 ____D C:\Users\Shitface
2013-12-31 21:41 - 2013-12-31 21:41 - 00000992 _____ C:\Users\Shitface\Desktop\Bandicam.lnk
2013-12-31 21:41 - 2013-12-30 01:53 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2013-12-31 21:41 - 2013-12-30 01:53 - 00000000 ____D C:\Program Files (x86)\Bandicam
2013-12-31 17:41 - 2013-12-31 17:41 - 00000000 ____D C:\Program Files (x86)\Gameforge4D
2013-12-30 14:13 - 2009-07-14 06:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-12-30 01:54 - 2013-12-30 01:54 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\BANDISOFT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Users\Shitface\AppData\Local\VNT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Program Files (x86)\VNT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-12-28 17:23 - 2013-12-28 17:23 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Avira
2013-12-28 17:22 - 2013-12-28 17:22 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\ProgramData\Avira
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-27 19:34 - 2013-12-27 19:34 - 00000540 _____ C:\Users\Shitface\Desktop\Neues Textdokument (3).txt
2013-12-24 17:27 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF
2013-12-23 09:04 - 2013-04-09 19:02 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2013-12-22 21:15 - 2012-11-19 17:46 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\hpqLog
2013-12-22 21:15 - 2010-12-10 04:44 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-12-22 21:15 - 2009-07-27 17:14 - 00000000 ____D C:\swsetup
2013-12-22 20:30 - 2013-04-28 15:54 - 00000000 _____ C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-22 20:15 - 2012-11-25 22:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-12-22 20:15 - 2012-11-19 17:47 - 00000000 ____D C:\ProgramData\FLEXnet
2013-12-22 20:15 - 2009-07-14 04:20 - 00000000 ____D C:\windows\registration
2013-12-21 20:11 - 2012-11-20 17:57 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-12-14 11:32 - 2013-09-22 17:31 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-14 11:32 - 2013-09-22 17:31 - 00000000 ____D C:\windows\system32\MRT
2013-12-12 10:47 - 2009-07-14 05:45 - 00277640 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-11 11:40 - 2013-12-11 11:40 - 09293192 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Shitface\AppData\Local\Temp\avgnt.exe
C:\Users\Shitface\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Shitface\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-04 16:16

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Und nein läuft immer noch nicht.
Ich versuche "Rust" zu Spielen aber es hält es einfach nicht aus da sind einfach nur unter 5 FPS da ...

schrauber 10.01.2014 12:08
Router mal 30 min vom Stron nehmen.

Malysch 10.01.2014 12:39
Versuch ich dann mall gleich : ))

Hilft auch nicht ..

schrauber 11.01.2014 11:58
Dein PC an einem anderen Internetanschluss bzw ein anderer Rechner an deinem Anschluss tut aber wunderbar?

Malysch 11.01.2014 21:41
Jopp auf meinem PC ging alles Perfekt aber auf dem Laptop geht jetzt so gut wie garnichts ^^

schrauber 12.01.2014 09:05
ging oder geht? ;)

Frisches FRST log bitte.

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.





Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool

Setze einen Haken bei folgenden Einträgen
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
  • List Minidump Files
Klicke Go und poste den Inhalt der Result.txt.

Malysch 12.01.2014 16:01
Code:
Farbar Service Scanner Version: 08-01-2014
Ran by Shitface (administrator) on 12-01-2014 at 15:51:40
Running from "C:\Users\Shitface\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
Code:
MiniToolBox by Farbar  Version: 18-12-2013
Ran by Shitface (administrator) on 12-01-2014 at 15:54:03
Running from "C:\Users\Shitface\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Ralink RT3090 802.11b/g/n WiFi Adapter = Drahtlosnetzwerkverbindung (Connected)
Realtek PCIe FE Family Controller = LAN-Verbindung (Media disconnected)


# ----------------------------------
# IPv4-Konfiguration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# Ende der IPv4-Konfiguration



Windows-IP-Konfiguration

  Hostname  . . . . . . . . . . . . : Shitface-HP
  Prim„res DNS-Suffix . . . . . . . :
  Knotentyp . . . . . . . . . . . . : Hybrid
  IP-Routing aktiviert  . . . . . . : Nein
  WINS-Proxy aktiviert  . . . . . . : Nein
  DNS-Suffixsuchliste . . . . . . . : fritz.box

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung:

  Verbindungsspezifisches DNS-Suffix: fritz.box
  Beschreibung. . . . . . . . . . . : Ralink RT3090 802.11b/g/n WiFi Adapter
  Physikalische Adresse . . . . . . : E0-2A-82-5D-6F-3A
  DHCP aktiviert. . . . . . . . . . : Ja
  Autokonfiguration aktiviert . . . : Ja
  Verbindungslokale IPv6-Adresse  . : fe80::78d8:6aab:6e10:8106%11(Bevorzugt)
  IPv4-Adresse  . . . . . . . . . . : 192.168.178.20(Bevorzugt)
  Subnetzmaske  . . . . . . . . . . : 255.255.255.0
  Lease erhalten. . . . . . . . . . : Sonntag, 12. Januar 2014 12:17:47
  Lease l„uft ab. . . . . . . . . . : Mittwoch, 22. Januar 2014 12:17:58
  Standardgateway . . . . . . . . . : 192.168.178.1
  DHCP-Server . . . . . . . . . . . : 192.168.178.1
  DHCPv6-IAID . . . . . . . . . . . : 232794754
  DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-18-3C-96-9C-64-31-50-7B-19-36
  DNS-Server  . . . . . . . . . . . : 192.168.178.1
  NetBIOS ber TCP/IP . . . . . . . : Aktiviert

Ethernet-Adapter LAN-Verbindung:

  Medienstatus. . . . . . . . . . . : Medium getrennt
  Verbindungsspezifisches DNS-Suffix:
  Beschreibung. . . . . . . . . . . : Realtek PCIe FE Family Controller
  Physikalische Adresse . . . . . . : 64-31-50-7B-19-36
  DHCP aktiviert. . . . . . . . . . : Ja
  Autokonfiguration aktiviert . . . : Ja

Tunneladapter isatap.fritz.box:

  Medienstatus. . . . . . . . . . . : Medium getrennt
  Verbindungsspezifisches DNS-Suffix:
  Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter
  Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP aktiviert. . . . . . . . . . : Nein
  Autokonfiguration aktiviert . . . : Ja

Tunneladapter LAN-Verbindung* 9:

  Verbindungsspezifisches DNS-Suffix:
  Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
  Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP aktiviert. . . . . . . . . . : Nein
  Autokonfiguration aktiviert . . . : Ja
  IPv6-Adresse. . . . . . . . . . . : 2001:0:5ef5:79fd:2066:37c4:a7bb:e74f(Bevorzugt)
  Verbindungslokale IPv6-Adresse  . : fe80::2066:37c4:a7bb:e74f%17(Bevorzugt)
  Standardgateway . . . . . . . . . : ::
  NetBIOS ber TCP/IP . . . . . . . : Deaktiviert

Tunneladapter LAN-Verbindung* 17:

  Medienstatus. . . . . . . . . . . : Medium getrennt
  Verbindungsspezifisches DNS-Suffix: fritz.box
  Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #6
  Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP aktiviert. . . . . . . . . . : Nein
  Autokonfiguration aktiviert . . . : Ja

Tunneladapter isatap.{E8AB71E4-96A7-423A-983F-56BBF99E9E85}:

  Medienstatus. . . . . . . . . . . : Medium getrennt
  Verbindungsspezifisches DNS-Suffix:
  Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #7
  Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP aktiviert. . . . . . . . . . : Nein
  Autokonfiguration aktiviert . . . : Ja
Server:  fritz.box
Address:  192.168.178.1

Name:    google.com
Addresses:  2a00:1450:4016:801::1006
          173.194.35.160
          173.194.35.161
          173.194.35.162
          173.194.35.163
          173.194.35.164
          173.194.35.165
          173.194.35.166
          173.194.35.167
          173.194.35.168
          173.194.35.169
          173.194.35.174


Ping wird ausgefhrt fr google.com [173.194.35.160] mit 32 Bytes Daten:
Antwort von 173.194.35.160: Bytes=32 Zeit=31ms TTL=54
Antwort von 173.194.35.160: Bytes=32 Zeit=32ms TTL=54

Ping-Statistik fr 173.194.35.160:
    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 31ms, Maximum = 32ms, Mittelwert = 31ms
Server:  fritz.box
Address:  192.168.178.1

Name:    yahoo.com
Addresses:  206.190.36.45
          98.138.253.109
          98.139.183.24


Ping wird ausgefhrt fr yahoo.com [206.190.36.45] mit 32 Bytes Daten:
Antwort von 206.190.36.45: Bytes=32 Zeit=224ms TTL=35
Antwort von 206.190.36.45: Bytes=32 Zeit=192ms TTL=35

Ping-Statistik fr 206.190.36.45:
    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 192ms, Maximum = 224ms, Mittelwert = 208ms

Ping wird ausgefhrt fr 127.0.0.1 mit 32 Bytes Daten:
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128

Ping-Statistik fr 127.0.0.1:
    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms
===========================================================================
Schnittstellenliste
 11...e0 2a 82 5d 6f 3a ......Ralink RT3090 802.11b/g/n WiFi Adapter
 10...64 31 50 7b 19 36 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 18...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 26...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #6
 25...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #7
===========================================================================

IPv4-Routentabelle
===========================================================================
Aktive Routen:
    Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
          0.0.0.0          0.0.0.0    192.168.178.1  192.168.178.20    25
        127.0.0.0        255.0.0.0  Auf Verbindung        127.0.0.1    306
        127.0.0.1  255.255.255.255  Auf Verbindung        127.0.0.1    306
  127.255.255.255  255.255.255.255  Auf Verbindung        127.0.0.1    306
    192.168.178.0    255.255.255.0  Auf Verbindung    192.168.178.20    281
  192.168.178.20  255.255.255.255  Auf Verbindung    192.168.178.20    281
  192.168.178.255  255.255.255.255  Auf Verbindung    192.168.178.20    281
        224.0.0.0        240.0.0.0  Auf Verbindung        127.0.0.1    306
        224.0.0.0        240.0.0.0  Auf Verbindung    192.168.178.20    281
  255.255.255.255  255.255.255.255  Auf Verbindung        127.0.0.1    306
  255.255.255.255  255.255.255.255  Auf Verbindung    192.168.178.20    281
===========================================================================
Ständige Routen:
  Keine

IPv6-Routentabelle
===========================================================================
Aktive Routen:
 If Metrik Netzwerkziel            Gateway
 17    58 ::/0                    Auf Verbindung
  1    306 ::1/128                  Auf Verbindung
 17    58 2001::/32                Auf Verbindung
 17    306 2001:0:5ef5:79fd:2066:37c4:a7bb:e74f/128
                                    Auf Verbindung
 11    281 fe80::/64                Auf Verbindung
 17    306 fe80::/64                Auf Verbindung
 17    306 fe80::2066:37c4:a7bb:e74f/128
                                    Auf Verbindung
 11    281 fe80::78d8:6aab:6e10:8106/128
                                    Auf Verbindung
  1    306 ff00::/8                Auf Verbindung
 17    306 ff00::/8                Auf Verbindung
 11    281 ff00::/8                Auf Verbindung
===========================================================================
Ständige Routen:
 If Metrik Netzwerkziel            Gateway
  0 4294967295 2620:9b::/96            Auf Verbindung
  0  9000 ::/0                    2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 09 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/12/2014 00:21:54 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed

Error: (01/12/2014 00:20:22 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Too many failures while downloading ranges: 2

Error: (01/12/2014 02:01:50 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office Klick-und-Los 2010 - Update "Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\windows\TEMP\MSI519b1.LOG enthalten.

Error: (01/11/2014 04:59:13 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed

Error: (01/11/2014 04:57:16 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Too many failures while downloading ranges: 2

Error: (01/11/2014 01:16:43 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office Klick-und-Los 2010 - Update "Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\windows\TEMP\MSIc7724.LOG enthalten.

Error: (01/11/2014 01:15:52 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Stream product id=0x0066): Streaming Failed

Error: (01/11/2014 01:15:49 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (01/11/2014 11:23:34 AM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Too many failures while downloading ranges: 2

Error: (01/11/2014 11:23:29 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft Office Klick-und-Los 2010 - Update "Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\windows\TEMP\MSI4bde1.LOG enthalten.


System errors:
=============
Error: (01/12/2014 00:21:19 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (01/12/2014 02:01:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Office 2010 (KB2598285) 32-Bit-Edition

Error: (01/11/2014 01:16:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Office 2010 (KB2598285) 32-Bit-Edition

Error: (01/11/2014 01:15:40 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (01/11/2014 11:23:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Office 2010 (KB2598285) 32-Bit-Edition

Error: (01/11/2014 01:16:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Office 2010 (KB2598285) 32-Bit-Edition

Error: (01/09/2014 11:40:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Office 2010 (KB2598285) 32-Bit-Edition

Error: (01/09/2014 08:15:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (01/09/2014 08:15:22 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (01/08/2014 09:53:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Office 2010 (KB2598285) 32-Bit-Edition


Microsoft Office Sessions:
=========================
Error: (01/12/2014 00:21:54 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (01/12/2014 00:20:22 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (01/12/2014 02:01:50 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Microsoft Office Klick-und-Los 2010Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition1603C:\windows\TEMP\MSI519b1.LOG(NULL)(NULL)

Error: (01/11/2014 04:59:13 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (01/11/2014 04:57:16 PM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (01/11/2014 01:16:43 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Microsoft Office Klick-und-Los 2010Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition1603C:\windows\TEMP\MSIc7724.LOG(NULL)(NULL)

Error: (01/11/2014 01:15:52 PM) (Source: CVHSVC)(User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (01/11/2014 01:15:49 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (01/11/2014 11:23:34 AM) (Source: CVHSVC)(User: )
Description: Too many failures while downloading ranges: 2

Error: (01/11/2014 11:23:29 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: Microsoft Office Klick-und-Los 2010Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition1603C:\windows\TEMP\MSI4bde1.LOG(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2014-01-05 18:27:12.424
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-01-05 18:27:11.862
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
AnotherLife Client Version 1.3 (Version: 1.3)
Avira Free Antivirus (Version: 14.0.2.286)
Avira SearchFree Toolbar (Version: 12.10.0.2951)
Bandicam (Version: 1.9.2.454)
Bandisoft MPEG-1 Decoder
Bing Rewards Client Installer (Version: 16.0.345.0)
CCleaner (Version: 4.01)
Corel Home Office - CS Templates (Version: 5.6)
Corel Home Office - CT Templates (Version: 5.6)
Corel Home Office - IPM (Version: 5.6)
Corel Home Office - JP Templates (Version: 5.6)
Corel Home Office - KR Templates (Version: 5.6)
Corel Home Office - Launcher (Version: 5.6)
Corel Home Office - Templates RU (Version: 5.6)
Corel Home Office - Templates1 (Version: 5.6)
Corel Home Office (Version: 5.0.85.588)
Corel Home Office (Version: 5.6)
Energy Star Digital Logo (Version: 1.0.1)
Gameforge Live 1.9.0 "Legend" (Version: 1.9.0)
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.5.0.0)
HP ESU for Microsoft Windows 7 (Version: 1.1.8.1)
HP HotKey Support (Version: 4.0.3.1)
HP Setup (Version: 8.5.4371.3505)
HP SoftPaq Download Manager (Version: 3.0.5.0)
HP Software Framework (Version: 4.0.51.1)
HP Software Setup (Version: 7.0.1.6)
HP Support Assistant (Version: 7.0.39.15)
HP Web Camera (Version: 1.0.0)
HP Webcam (Version: 1.0.25.0)
HP Webcam Driver (Version: 6.1.7600.0049)
HP Wireless Assistant (Version: 3.50.10.1)
IDT Audio (Version: 1.0.6268.0)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2057)
Intel(R) Rapid Storage Technology (Version: 9.6.0.1014)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
LightScribe System Software (Version: 1.18.11.1)
LSI HDA Modem (Version: 2.2.98)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Metin2
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938)
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Pando Media Booster (Version: 2.6.0.7)
Ralink Motorola BC4 Bluetooth 3.0+HS Adapter (Version: 3.0.41.262)
Ralink RT3090 802.11b/g/n WiFi Adapter (Version: 1.2.0.27)
Realtek Ethernet Controller All-In-One Windows Driver (Version: 1.12.0011)
Rust
Skype Click to Call (Version: 6.3.11079)
Skype™ 6.11 (Version: 6.11.102)
Steam
Synaptics Pointing Device Driver (Version: 15.0.24.0)
TeamSpeak 3 Client (Version: 3.0.13.1)
TeamViewer 8 (Version: 8.0.16642)
Tiny Media Player v1.0 (Version: 1.0.0.0)
Unity Web Player (Version: )
Windows 7 Default Setting (Version: 1.0.1.6)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
WinZip 14.5 (Version: 14.5.9095)

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 3996.27 MB
Available physical RAM: 2135.74 MB
Total Pagefile: 7990.71 MB
Available Pagefile: 5600.23 MB
Total Virtual: 4095.88 MB
Available Virtual: 3960.47 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:280.79 GB) (Free:211.31 GB) NTFS
2 Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.49 GB) FAT32

========================= Users: ========================================

Benutzerkonten fr \\SHITFACE-HP

Administrator            Gast                    Shitface               
Der Befehl wurde erfolgreich ausgefhrt.

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2014
Ran by Shitface (administrator) on SHITFACE-HP on 12-01-2014 15:56:18
Running from C:\Users\Shitface\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Program Files (x86)\TorrentExpress\TorrentExpress.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN LLC.) C:\Users\Shitface\AppData\Local\VNT\vntldr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BTMTrayAgent] - C:\Program Files\Motorola\Bluetooth\btmshell.dll [24783624 2010-06-10] (Motorola, Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-29] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [202192 2013-12-20] (APN LLC.)
HKLM-x32\...\Run: [4StoryPrePatch] - C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe [327680 2013-01-08] (Zemi Interactive Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKCU\...\Run: [TorrentExpress] - C:\Program Files (x86)\TorrentExpress\TorrentExpress.exe [667648 2013-06-19] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome:
=======
CHR DefaultSearchKeyword:
CHR DefaultSearchProvider:
CHR DefaultSearchURL:
CHR DefaultNewTabURL:
CHR Extension: (BetterTTV) - C:\Users\Shitface\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped\6.6_0 [2014-01-05]
CHR Extension: (Skype Click to Call) - C:\Users\Shitface\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0 [2013-12-04]
CHR Extension: (Google Wallet) - C:\Users\Shitface\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-19]
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Shitface\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm\30.1_0 [2013-12-28]
CHR HKLM-x32\...\Chrome\Extension: [dijpoieccemifpgijppmfkdhdjgggclg] - C:\Users\Shitface\AppData\Local\Google\Chrome\\User Data\\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\dijpoieccemifpgijppmfkdhdjgggclg.crx [2013-12-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02]
CHR HKLM-x32\...\Chrome\Extension: [pcoohmdcpejoeggdnihdfhohjgdbllgm] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\ToolbarCR.crx [2013-12-20]

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [3955824 2012-10-16] (INCA Internet Co., Ltd.)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [244736 2010-01-29] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 BTMNET; C:\Windows\System32\DRIVERS\btmnet.sys [28672 2010-06-17] (Motorola, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [96384 2010-05-21] (Realtek Semiconductor Corp.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]
S3 X6va011; \??\C:\windows\SysWOW64\Drivers\X6va011 [x]
S3 X6va012; \??\C:\windows\SysWOW64\Drivers\X6va012 [x]
S3 X6va016; \??\C:\windows\SysWOW64\Drivers\X6va016 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-12 15:56 - 2014-01-12 15:56 - 00012922 _____ C:\Users\Shitface\Desktop\FRST.txt
2014-01-12 15:55 - 2014-01-12 15:55 - 02075136 _____ (Farbar) C:\Users\Shitface\Desktop\FRST64.exe
2014-01-12 15:54 - 2014-01-12 15:54 - 00024988 _____ C:\Users\Shitface\Desktop\Result.txt
2014-01-12 15:52 - 2014-01-12 15:52 - 00760063 _____ (Farbar) C:\Users\Shitface\Desktop\MiniToolBox.exe
2014-01-12 15:51 - 2014-01-12 15:51 - 00361185 _____ (Farbar) C:\Users\Shitface\Downloads\FSS.exe
2014-01-12 15:51 - 2014-01-12 15:51 - 00002090 _____ C:\Users\Shitface\Downloads\FSS.txt
2014-01-09 20:00 - 2014-01-09 20:00 - 00915368 _____ (Oracle Corporation) C:\Users\Shitface\Downloads\chromeinstall-7u45.exe
2014-01-09 19:59 - 2014-01-09 19:59 - 00000000 ____D C:\ProgramData\Oracle
2014-01-09 19:58 - 2014-01-09 20:00 - 00000000 ____D C:\Users\Shitface\AppData\Local\Adobe
2014-01-09 19:58 - 2014-01-09 19:58 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-09 19:58 - 2014-01-09 19:58 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-09 19:58 - 2014-01-09 19:58 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-09 19:58 - 2014-01-09 19:58 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-08 14:16 - 2014-01-08 14:16 - 00000000 ____D C:\windows\ERUNT
2014-01-08 14:15 - 2014-01-08 14:16 - 01037068 _____ (Thisisu) C:\Users\Shitface\Downloads\JRT.exe
2014-01-08 14:02 - 2014-01-08 14:03 - 00000000 ____D C:\AdwCleaner
2014-01-07 21:11 - 2014-01-07 21:12 - 00000000 ____D C:\Users\Shitface\Documents\CrossFire
2014-01-07 21:11 - 2014-01-07 21:11 - 00000000 ____D C:\CFLog
2014-01-07 20:30 - 2014-01-07 21:19 - 00000000 ____D C:\GamesMailRu
2014-01-07 20:30 - 2014-01-07 20:30 - 04175936 _____ C:\Users\Shitface\Downloads\CrossfireLoader.exe
2014-01-07 19:21 - 2014-01-07 19:21 - 01514209 _____ C:\Users\Shitface\Downloads\ProDamage.rar
2014-01-07 19:20 - 2014-01-07 19:20 - 00000064 _____ C:\Users\Shitface\Downloads\down-links.txt
2014-01-07 16:42 - 2014-01-07 16:42 - 00195432 _____ C:\Users\Shitface\Downloads\m2kmod_client.zip
2014-01-07 16:07 - 2014-01-07 16:07 - 00000000 ____D C:\Users\Shitface\Downloads\Gameforge Live
2014-01-06 16:42 - 2014-01-06 16:42 - 00007605 _____ C:\Users\Shitface\AppData\Local\Resmon.ResmonCfg
2014-01-06 15:29 - 2014-01-06 15:29 - 00000000 ____D C:\Users\Shitface\AppData\Local\fabi.me
2014-01-06 01:43 - 2014-01-06 01:43 - 00001948 _____ C:\Users\Public\Desktop\Metin2.lnk
2014-01-05 20:01 - 2014-01-05 20:01 - 00000000 ____D C:\Program Files\Synaptics
2014-01-05 20:00 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-01-05 20:00 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2014-01-05 20:00 - 2012-08-23 15:07 - 00057856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-01-05 20:00 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-01-05 20:00 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-01-05 20:00 - 2012-08-23 14:41 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-01-05 20:00 - 2012-08-23 14:40 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-01-05 20:00 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-01-05 20:00 - 2012-08-23 14:20 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-01-05 20:00 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-01-05 20:00 - 2012-08-23 14:17 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-01-05 20:00 - 2012-08-23 14:06 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-01-05 20:00 - 2012-08-23 13:52 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-01-05 20:00 - 2012-08-23 12:20 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-01-05 20:00 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-01-05 20:00 - 2012-08-23 12:14 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-01-05 20:00 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2014-01-05 20:00 - 2012-08-23 11:54 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-01-05 20:00 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2014-01-05 20:00 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-01-05 20:00 - 2012-08-23 11:22 - 01123840 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-01-05 20:00 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-01-05 20:00 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-01-05 20:00 - 2012-08-23 09:13 - 05773824 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-01-05 19:59 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-01-05 19:59 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-01-05 18:37 - 2014-01-05 18:46 - 00000000 ___SD C:\ComboFix
2014-01-05 18:37 - 2014-01-05 18:37 - 00000000 ___SD C:\32788R22FWJFW
2014-01-05 17:58 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2014-01-05 17:58 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2014-01-05 17:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-01-05 17:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-01-05 17:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-01-05 17:58 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2014-01-05 17:58 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2014-01-05 17:58 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2014-01-05 17:57 - 2014-01-05 17:57 - 00000000 ____D C:\windows\erdnt
2014-01-05 17:57 - 2014-01-05 17:57 - 00000000 ____D C:\Qoobox
2014-01-05 12:16 - 2014-01-05 12:16 - 00000000 ____D C:\Program Files (x86)\3DO
2014-01-04 21:12 - 2014-01-12 12:17 - 00001419 _____ C:\windows\setupact.log
2014-01-04 21:12 - 2014-01-09 20:19 - 00139704 _____ C:\windows\PFRO.log
2014-01-04 21:12 - 2014-01-04 21:12 - 00000000 _____ C:\windows\setuperr.log
2014-01-04 20:22 - 2014-01-07 15:21 - 00000000 ____D C:\FRST
2014-01-04 18:46 - 2014-01-04 20:06 - 00000000 ____D C:\Program Files (x86)\Opera
2014-01-04 18:46 - 2014-01-04 20:05 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Opera Software
2014-01-04 18:46 - 2014-01-04 20:05 - 00000000 ____D C:\Users\Shitface\AppData\Local\Opera Software
2014-01-04 16:29 - 2014-01-04 16:29 - 00000222 _____ C:\Users\Shitface\Desktop\Rust.url
2014-01-04 16:29 - 2014-01-04 16:29 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-03 17:31 - 2014-01-10 12:38 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-03 17:31 - 2014-01-03 17:31 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2014-01-01 03:39 - 2014-01-01 03:48 - 00000000 ____D C:\Users\Shitface\minecraft
2013-12-31 21:41 - 2013-12-31 21:41 - 00000992 _____ C:\Users\Shitface\Desktop\Bandicam.lnk
2013-12-31 17:41 - 2013-12-31 17:41 - 00000000 ____D C:\Program Files (x86)\Gameforge4D
2013-12-30 01:54 - 2013-12-30 01:54 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\BANDISOFT
2013-12-30 01:53 - 2014-01-01 22:41 - 00000000 ____D C:\Users\Shitface\Documents\Bandicam
2013-12-30 01:53 - 2013-12-31 21:41 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2013-12-30 01:53 - 2013-12-31 21:41 - 00000000 ____D C:\Program Files (x86)\Bandicam
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Users\Shitface\AppData\Local\VNT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Program Files (x86)\VNT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-12-28 17:23 - 2013-12-28 17:23 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Avira
2013-12-28 17:22 - 2013-12-28 17:22 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\ProgramData\Avira
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-28 17:22 - 2013-12-09 11:37 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-12-28 17:22 - 2013-12-09 11:37 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-12-28 17:22 - 2013-12-09 11:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-12-28 17:22 - 2013-12-09 11:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2013-12-23 14:10 - 2014-01-07 19:32 - 00000000 ____D C:\Users\Shitface\Desktop\Fusion-Network

==================== One Month Modified Files and Folders =======

2014-01-12 15:57 - 2014-01-12 15:56 - 00012922 _____ C:\Users\Shitface\Desktop\FRST.txt
2014-01-12 15:55 - 2014-01-12 15:55 - 02075136 _____ (Farbar) C:\Users\Shitface\Desktop\FRST64.exe
2014-01-12 15:54 - 2014-01-12 15:54 - 00024988 _____ C:\Users\Shitface\Desktop\Result.txt
2014-01-12 15:52 - 2014-01-12 15:52 - 00760063 _____ (Farbar) C:\Users\Shitface\Desktop\MiniToolBox.exe
2014-01-12 15:51 - 2014-01-12 15:51 - 00361185 _____ (Farbar) C:\Users\Shitface\Downloads\FSS.exe
2014-01-12 15:51 - 2014-01-12 15:51 - 00002090 _____ C:\Users\Shitface\Downloads\FSS.txt
2014-01-12 15:47 - 2012-11-19 20:29 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Skype
2014-01-12 15:40 - 2013-12-04 17:35 - 00001114 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-12 15:40 - 2013-02-07 14:43 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-12 12:27 - 2009-07-14 05:45 - 00019536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-12 12:27 - 2009-07-14 05:45 - 00019536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-12 12:17 - 2014-01-04 21:12 - 00001419 _____ C:\windows\setupact.log
2014-01-12 12:17 - 2013-12-04 17:35 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-12 12:17 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-12 02:02 - 2012-11-19 17:42 - 01890411 _____ C:\windows\WindowsUpdate.log
2014-01-12 02:01 - 2012-11-25 22:45 - 01649854 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2014-01-12 02:01 - 2010-12-10 04:42 - 00700134 _____ C:\windows\system32\perfh007.dat
2014-01-12 02:01 - 2010-12-10 04:42 - 00149984 _____ C:\windows\system32\perfc007.dat
2014-01-11 01:16 - 2009-07-14 06:13 - 01596516 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-10 12:38 - 2014-01-03 17:31 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-09 20:19 - 2014-01-04 21:12 - 00139704 _____ C:\windows\PFRO.log
2014-01-09 20:03 - 2012-12-15 19:38 - 00000000 ____D C:\Users\Shitface\AppData\Local\CrashDumps
2014-01-09 20:00 - 2014-01-09 20:00 - 00915368 _____ (Oracle Corporation) C:\Users\Shitface\Downloads\chromeinstall-7u45.exe
2014-01-09 20:00 - 2014-01-09 19:58 - 00000000 ____D C:\Users\Shitface\AppData\Local\Adobe
2014-01-09 19:59 - 2014-01-09 19:59 - 00000000 ____D C:\ProgramData\Oracle
2014-01-09 19:59 - 2013-02-07 14:43 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 19:59 - 2013-02-07 14:43 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-09 19:59 - 2013-02-07 14:43 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-01-09 19:58 - 2014-01-09 19:58 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-09 19:58 - 2014-01-09 19:58 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-09 19:58 - 2014-01-09 19:58 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-09 19:58 - 2014-01-09 19:58 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-09 19:42 - 2013-04-09 19:36 - 00003204 _____ C:\windows\System32\Tasks\HPCeeScheduleForShitface
2014-01-09 19:42 - 2013-04-09 19:36 - 00000344 _____ C:\windows\Tasks\HPCeeScheduleForShitface.job
2014-01-08 14:16 - 2014-01-08 14:16 - 00000000 ____D C:\windows\ERUNT
2014-01-08 14:16 - 2014-01-08 14:15 - 01037068 _____ (Thisisu) C:\Users\Shitface\Downloads\JRT.exe
2014-01-08 14:03 - 2014-01-08 14:02 - 00000000 ____D C:\AdwCleaner
2014-01-08 14:03 - 2012-12-02 13:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-07 21:19 - 2014-01-07 20:30 - 00000000 ____D C:\GamesMailRu
2014-01-07 21:12 - 2014-01-07 21:11 - 00000000 ____D C:\Users\Shitface\Documents\CrossFire
2014-01-07 21:11 - 2014-01-07 21:11 - 00000000 ____D C:\CFLog
2014-01-07 20:30 - 2014-01-07 20:30 - 04175936 _____ C:\Users\Shitface\Downloads\CrossfireLoader.exe
2014-01-07 19:32 - 2013-12-23 14:10 - 00000000 ____D C:\Users\Shitface\Desktop\Fusion-Network
2014-01-07 19:21 - 2014-01-07 19:21 - 01514209 _____ C:\Users\Shitface\Downloads\ProDamage.rar
2014-01-07 19:20 - 2014-01-07 19:20 - 00000064 _____ C:\Users\Shitface\Downloads\down-links.txt
2014-01-07 16:42 - 2014-01-07 16:42 - 00195432 _____ C:\Users\Shitface\Downloads\m2kmod_client.zip
2014-01-07 16:07 - 2014-01-07 16:07 - 00000000 ____D C:\Users\Shitface\Downloads\Gameforge Live
2014-01-07 15:21 - 2014-01-04 20:22 - 00000000 ____D C:\FRST
2014-01-07 10:42 - 2012-11-20 02:38 - 00000000 ____D C:\windows\rescache
2014-01-06 16:42 - 2014-01-06 16:42 - 00007605 _____ C:\Users\Shitface\AppData\Local\Resmon.ResmonCfg
2014-01-06 15:29 - 2014-01-06 15:29 - 00000000 ____D C:\Users\Shitface\AppData\Local\fabi.me
2014-01-06 01:43 - 2014-01-06 01:43 - 00001948 _____ C:\Users\Public\Desktop\Metin2.lnk
2014-01-06 01:12 - 2012-12-09 13:44 - 00000000 ____D C:\Program Files (x86)\GameforgeLive
2014-01-05 20:03 - 2009-07-14 04:20 - 00000000 ____D C:\windows\PolicyDefinitions
2014-01-05 20:02 - 2012-11-19 17:51 - 00005735 _____ C:\windows\system32\RaCoInst.log
2014-01-05 20:01 - 2014-01-05 20:01 - 00000000 ____D C:\Program Files\Synaptics
2014-01-05 18:46 - 2014-01-05 18:37 - 00000000 ___SD C:\ComboFix
2014-01-05 18:37 - 2014-01-05 18:37 - 00000000 ___SD C:\32788R22FWJFW
2014-01-05 17:57 - 2014-01-05 17:57 - 00000000 ____D C:\windows\erdnt
2014-01-05 17:57 - 2014-01-05 17:57 - 00000000 ____D C:\Qoobox
2014-01-05 12:18 - 2013-02-16 15:22 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-05 12:16 - 2014-01-05 12:16 - 00000000 ____D C:\Program Files (x86)\3DO
2014-01-04 21:12 - 2014-01-04 21:12 - 00000000 _____ C:\windows\setuperr.log
2014-01-04 20:14 - 2013-02-20 20:00 - 00000952 ___SH C:\ProgramData\KGyGaAvL.sys
2014-01-04 20:06 - 2014-01-04 18:46 - 00000000 ____D C:\Program Files (x86)\Opera
2014-01-04 20:05 - 2014-01-04 18:46 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Opera Software
2014-01-04 20:05 - 2014-01-04 18:46 - 00000000 ____D C:\Users\Shitface\AppData\Local\Opera Software
2014-01-04 20:05 - 2013-05-15 19:37 - 00001425 _____ C:\Users\Shitface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-04 18:22 - 2013-12-08 19:02 - 00000000 ___RD C:\SHITFACE-HP
2014-01-04 18:05 - 2012-11-20 17:57 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\TS3Client
2014-01-04 18:05 - 2009-07-27 16:04 - 00000000 ____D C:\windows\Panther
2014-01-04 16:29 - 2014-01-04 16:29 - 00000222 _____ C:\Users\Shitface\Desktop\Rust.url
2014-01-04 16:29 - 2014-01-04 16:29 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-03 17:31 - 2014-01-03 17:31 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2014-01-02 19:44 - 2013-03-10 15:17 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\.minecraft
2014-01-01 22:41 - 2013-12-30 01:53 - 00000000 ____D C:\Users\Shitface\Documents\Bandicam
2014-01-01 03:48 - 2014-01-01 03:39 - 00000000 ____D C:\Users\Shitface\minecraft
2014-01-01 03:39 - 2012-11-19 17:46 - 00000000 ____D C:\Users\Shitface
2013-12-31 21:41 - 2013-12-31 21:41 - 00000992 _____ C:\Users\Shitface\Desktop\Bandicam.lnk
2013-12-31 21:41 - 2013-12-30 01:53 - 00000000 ____D C:\Program Files (x86)\BandiMPEG1
2013-12-31 21:41 - 2013-12-30 01:53 - 00000000 ____D C:\Program Files (x86)\Bandicam
2013-12-31 17:41 - 2013-12-31 17:41 - 00000000 ____D C:\Program Files (x86)\Gameforge4D
2013-12-30 14:13 - 2009-07-14 06:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-12-30 01:54 - 2013-12-30 01:54 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\BANDISOFT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Users\Shitface\AppData\Local\VNT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Program Files (x86)\VNT
2013-12-28 17:24 - 2013-12-28 17:24 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-12-28 17:23 - 2013-12-28 17:23 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\Avira
2013-12-28 17:22 - 2013-12-28 17:22 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\ProgramData\Avira
2013-12-28 17:22 - 2013-12-28 17:22 - 00000000 ____D C:\Program Files (x86)\Avira
2013-12-24 17:27 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF
2013-12-23 09:04 - 2013-04-09 19:02 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2013-12-22 21:15 - 2012-11-19 17:46 - 00000000 ____D C:\Users\Shitface\AppData\Roaming\hpqLog
2013-12-22 21:15 - 2010-12-10 04:44 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-12-22 21:15 - 2009-07-27 17:14 - 00000000 ____D C:\swsetup
2013-12-22 20:30 - 2013-04-28 15:54 - 00000000 _____ C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-22 20:15 - 2012-11-25 22:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-12-22 20:15 - 2012-11-19 17:47 - 00000000 ____D C:\ProgramData\FLEXnet
2013-12-22 20:15 - 2009-07-14 04:20 - 00000000 ____D C:\windows\registration
2013-12-21 20:11 - 2012-11-20 17:57 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-12-14 11:32 - 2013-09-22 17:31 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-14 11:32 - 2013-09-22 17:31 - 00000000 ____D C:\windows\system32\MRT

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Shitface\AppData\Local\Temp\avgnt.exe
C:\Users\Shitface\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Shitface\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-04 16:16

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Kann er eventuell daran liegen das es ein hp Laptop ist ?!
Weil mein Bruder sagt das diese nach ner Zeit so Gut wie nichts taugen ^^

schrauber 13.01.2014 10:27
Quatsch.

Deinstalliere bitte mal dein Antivirenprogramm und teste nochmal ohne AV Programm.

Malysch 13.01.2014 14:22
Hat auch nicht geholfen ...

schrauber 14.01.2014 09:48
Ist dein PC LAN oder WLAN verbunden?

Malysch 14.01.2014 19:46
Drahtlose Verbindung ^^
Ist besser wie mit Kabel (weis nicht wieso)
Mit Kabel 100 ohne 54 ...

mb/s

schrauber 15.01.2014 12:29
was 100? Mbit?

Malysch 15.01.2014 14:58
Ja.

schrauber 16.01.2014 09:00
Drahtlos ist besser, aber mit Kabel haste 100Mbit, ohne 54?? Irgendwas past da nit :D

Teste mit Kabel, Durchsatz ist egal, sind die FPS dann besser?

Malysch 16.01.2014 14:29
Nope hilft nicht wie gesagt ^^

schrauber 17.01.2014 12:18
How to perform a clean boot in Windows
Mach das mal und teste.

Malysch 17.01.2014 14:39
Versucht, getestet, funktioniert nicht.

schrauber 18.01.2014 07:33
Daten sichern, komplett formatieren, Windows und Treiber drauf, keine Programme, nochmal testen.

Malysch 18.01.2014 11:55
Formatieren geht nicht.
Da mein Laptop Bildschirm im Arsch ist und beim Formatieren der Bildschirm vom Laptpop angezeigt wird und nicht des angeschlossenen Bildschirms.

schrauber 19.01.2014 09:29
Dann würd ich mal für wwas neues sparen. Zauber kann ich leider noch nit :)

Malysch 19.01.2014 18:14
dann könen wir das hier schliesen ^^

schrauber 20.01.2014 14:45
ok :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:00 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132