Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   loadtbs 3-0 (https://www.trojaner-board.de/150420-loadtbs-3-0-a.html)

AleksorFX 28.02.2014 13:29
loadtbs 3-0
 
Guten Tag,
als ich gestern meinen Laptop etwas entmüllen wollte, bin ich auf
das Programm >loadtbs 3-0< gestoßen.Was ist das?Hab gehört es ist ein Trojaner.
Eben habe ich mit Farbar's Recovery Scan Tool einen Scan gemacht (Whitelist = alles mit einen Häckchen, und als Optional Scan Addition.txt).
FRST Log:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by Aleks (administrator) on ALEKS-PC on 28-02-2014 13:10:05
Running from C:\Users\Aleks\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Skype Technologies S.A.) C:\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12448872 2012-02-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [576376 2012-02-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1021056 2012-03-08] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800896 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-111787264-447541870-3520710339-1001\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-111787264-447541870-3520710339-1001\...\MountPoints2: {198e1f75-8beb-11e2-843d-e840f2c7c612} - G:\OblivionLauncher.exe
HKU\S-1-5-21-111787264-447541870-3520710339-1001\...\MountPoints2: {7e7eb5ae-3bb6-11e2-aa2b-e840f2c7c612} - E:\setup.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll" File Not Found
AppInit_DLLs-x32:  c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yhs.delta-search.com/?affID=119816&tt=030213_yh&babsrc=HP_ss&mntrId=50e4d514000000000000266d5731490c
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0CyB0CyCtCtB0DyDtCyEtN0D0Tzu0CtBzztAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=100008633
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0CyB0CyCtCtB0DyDtCyEtN0D0Tzu0CtBzztAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=100008633
SearchScopes: HKLM-x32 - {04CF9C26-738B-D3C1-E515-58D02E4BD4A7} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={5429DA2C-C9B1-11E1-BF80-E840F2C7C612}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0CyB0CyCtCtB0DyDtCyEtN0D0Tzu0CtBzztAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=100008633
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.yhs.delta-search.com/?q={searchTerms}&affID=119816&tt=030213_yh&babsrc=SP_ss&mntrId=50e4d514000000000000266d5731490c
SearchScopes: HKCU - {04CF9C26-738B-D3C1-E515-58D02E4BD4A7} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.privitize.com/?aff=7&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.yhs.delta-search.com/?q={searchTerms}&affID=119816&tt=030213_yh&babsrc=SP_ss&mntrId=50e4d514000000000000266d5731490c
SearchScopes: HKCU - {3C4109B5-297E-48FE-9A55-12E7477EE4AF} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0CyB0CyCtCtB0DyDtCyEtN0D0Tzu0CtBzztAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=100008633
SearchScopes: HKCU - {40A6F767-17DE-4E57-AEC0-BA7EF233438C} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=0025572F-EB7E-4861-A7D0-551F06A3B565&apn_sauid=0652830F-5E68-4162-AEAA-EE9AFF6C29AF
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={5429DA2C-C9B1-11E1-BF80-E840F2C7C612}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM-x32 - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File

FireFox:
========
FF ProfilePath: C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default
FF user.js: detected! => C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Aleks\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\ascsurfingprotection@iobit.com [2013-11-30]
FF Extension: DownloadHelper - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-08]
FF Extension: youtubereplay - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\jid0-VuYraOOT2NM2AcnQwG4APKol3Vs@jetpack.xpi [2013-04-09]
FF Extension: Better Battlelog (BBLog) - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\jid1-qQSMEVsYTOjgYA@jetpack.xpi [2013-08-28]
FF Extension: NoScript - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-07-04]
FF Extension: Youtube Converter MP3 - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi [2013-08-04]
FF Extension: Adblock Plus - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-17]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome:
=======
CHR HomePage: hxxp://www.yhs.delta-search.com/?affID=119816&tt=030213_yh&babsrc=HP_ss&mntrId=50e4d514000000000000266d5731490c
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Square Enix Secure Launcher) - C:\Users\Aleks\AppData\LocalLow\Square Enix\nprun3d.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2012-11-10]
CHR Extension: (Google Drive) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-10]
CHR Extension: (YouTube) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-10]
CHR Extension: (Google-Suche) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-10]
CHR Extension: (Give Up) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\diippoclinjdbklinhchgedilfncehbi [2013-09-01]
CHR Extension: (CHIP Download Adventskalender 2013) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\eieokkbmdedgencncfbagbcapghlakcg [2013-12-01]
CHR Extension: (AdBlock) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-29]
CHR Extension: (YouRepeat) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpjonelgkpmoamjkigojeifadlhlbna [2014-01-19]
CHR Extension: (Google Play) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-09-01]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-12-13]
CHR Extension: (Google Wallet) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Google Mail) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-10]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Aleks\AppData\Local\funmoods.crx [2012-10-10]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Aleks\AppData\Local\funmoods-speeddial_sf.crx [2012-10-10]
CHR HKCU\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Aleks\AppData\Local\funmoods.crx [2012-10-10]
CHR HKCU\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Aleks\AppData\Local\funmoods-speeddial_sf.crx [2012-10-10]
CHR HKCU\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Aleks\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Aleks\AppData\Local\funmoods.crx [2012-10-10]
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Aleks\AppData\Local\funmoods-speeddial_sf.crx [2012-10-10]
CHR HKLM-x32\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Aleks\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2013-11-30]

==================== Services (Whitelisted) =================

S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-09] (Adobe Systems)
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [878368 2013-10-25] (IObit)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 DCDhcpService; C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe [111776 2012-02-10] (Atheros Communication Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4204272 2012-08-28] (INCA Internet Co., Ltd.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [96184 2013-12-09] (Overwolf)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-29] ()
S4 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)
S4 SkypeUpdate; C:\Skype\Updater\Updater.exe [161536 2013-01-08] (Skype Technologies)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [759192 2013-09-03] (Tunngle.net GmbH)
S4 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros)
R3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-12-02] (DT Soft Ltd)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-28 13:07 - 2014-02-28 13:10 - 00027725 _____ () C:\Users\Aleks\Desktop\FRST.txt
2014-02-28 13:07 - 2014-02-28 13:07 - 00000000 ____D () C:\Users\Aleks\Desktop\FRST-OlderVersion
2014-02-27 21:15 - 2014-02-27 21:18 - 00222147 _____ () C:\Windows\DirectX.log
2014-02-27 20:32 - 2014-02-27 20:32 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\InstallShield
2014-02-24 17:50 - 2014-02-24 17:50 - 01934845 _____ () C:\Users\Aleks\Downloads\CakeDefense2 by disco.zip
2014-02-24 17:46 - 2014-02-27 22:06 - 00000616 _____ () C:\Windows\setupact.log
2014-02-24 17:46 - 2014-02-24 17:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-22 18:03 - 2014-02-22 18:03 - 00001106 _____ () C:\Users\Public\Desktop\The Walking Dead.lnk
2014-02-22 17:35 - 2014-02-22 17:35 - 00347816 _____ (Microsoft Corporation) C:\Users\Aleks\Downloads\MicrosoftFixit.dvd.RNP.196316514133200575.1.1.Run.exe
2014-02-22 17:23 - 2014-02-22 17:23 - 00000000 ___RD () C:\Users\Aleks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-17 21:54 - 2014-02-17 21:55 - 00000000 ____D () C:\Users\Aleks\AppData\Local\{4754A547-AD06-4B9A-A379-35F2B07F2E61}
2014-02-17 17:16 - 2014-02-17 17:31 - 00000000 ____D () C:\Users\Aleks\Documents\DragonNest
2014-02-17 15:52 - 2014-02-17 15:52 - 00038838 _____ () C:\Users\Aleks\Downloads\Addition.txt
2014-02-17 15:50 - 2014-02-28 13:10 - 00000000 ____D () C:\FRST
2014-02-17 15:50 - 2014-02-28 13:07 - 02155520 _____ (Farbar) C:\Users\Aleks\Desktop\FRST64.exe
2014-02-17 15:50 - 2014-02-28 13:00 - 00041095 _____ () C:\Users\Aleks\Downloads\FRST.txt
2014-02-16 15:55 - 2014-02-16 15:55 - 00000613 _____ () C:\Users\Aleks\Documents\Uninstall STAR WARS The Old Republic.log
2014-02-16 15:37 - 2014-02-16 15:37 - 00000000 ____D () C:\Users\Aleks\.appwork
2014-02-16 15:19 - 2014-02-16 15:19 - 00003164 _____ () C:\Windows\System32\Tasks\{D1554531-22D6-4CDA-94E1-3344B3E172EE}
2014-02-15 10:27 - 2014-02-15 10:27 - 01678803 _____ () C:\Users\Aleks\Downloads\15seconds.zip
2014-02-14 19:26 - 2014-02-14 19:26 - 00000000 ____D () C:\Users\Aleks\AppData\Local\Daedalic Entertainment
2014-02-11 16:55 - 2014-02-11 16:55 - 00002205 _____ () C:\Users\Public\Desktop\Chaos auf Deponia.lnk
2014-02-11 16:45 - 2014-02-11 16:45 - 00000000 ____D () C:\Program Files (x86)\Daedalic Entertainment
2014-02-08 14:44 - 2014-02-08 14:45 - 32520760 _____ (TeamSpeak Systems GmbH) C:\Users\Aleks\Downloads\TeamSpeak3-Client-win64-3.0.13.1.exe
2014-02-08 14:39 - 2014-02-28 13:06 - 00425919 _____ () C:\Windows\WindowsUpdate.log
2014-02-05 16:32 - 2014-02-05 16:32 - 00000159 _____ () C:\Users\Aleks\Downloads\AleksorFX.vcf
2014-02-03 18:46 - 2014-02-03 18:46 - 05670237 _____ () C:\Users\Aleks\Downloads\klicker3.1.zip
2014-02-03 18:44 - 2014-02-03 18:44 - 00614784 _____ () C:\Users\Aleks\Downloads\klicker-3-1-2.exe
2014-02-03 17:55 - 2014-02-03 17:55 - 00416311 _____ () C:\Users\Aleks\Downloads\zanMape_5897267.zip
2014-02-03 17:55 - 2014-02-03 17:55 - 00254645 _____ () C:\Users\Aleks\Downloads\[1.7.2]ReiMinimap_v3.4_03beta.zip
2014-02-03 12:35 - 2014-02-03 12:35 - 00000000 ____D () C:\Users\Aleks\AppData\Local\EdgeOfReality
2014-01-31 13:36 - 2014-01-31 13:36 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\NCSOFT
2014-01-31 13:36 - 2014-01-31 13:36 - 00000000 ____D () C:\Users\Aleks\AppData\Local\NCSOFT
2014-01-30 18:57 - 2014-02-27 18:41 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\.minecraft
2014-01-30 17:56 - 2014-01-30 17:56 - 01856304 _____ () C:\Users\Aleks\Downloads\Tekkit Skyblock 4.0.rar
2014-01-29 17:33 - 2014-01-29 17:34 - 00000024 _____ () C:\Users\Aleks\Desktop\Neues Textdokument.txt
2014-01-29 17:19 - 2014-01-29 17:19 - 00999771 _____ () C:\Users\Aleks\Downloads\SinglePlayerCommands-MC1.2.5_V3.2.2.jar

==================== One Month Modified Files and Folders =======

2014-02-28 13:10 - 2014-02-28 13:07 - 00027725 _____ () C:\Users\Aleks\Desktop\FRST.txt
2014-02-28 13:10 - 2014-02-17 15:50 - 00000000 ____D () C:\FRST
2014-02-28 13:08 - 2013-04-27 14:30 - 00000000 ____D () C:\Users\Aleks\Desktop\Graphics Pack
2014-02-28 13:07 - 2014-02-28 13:07 - 00000000 ____D () C:\Users\Aleks\Desktop\FRST-OlderVersion
2014-02-28 13:07 - 2014-02-17 15:50 - 02155520 _____ (Farbar) C:\Users\Aleks\Desktop\FRST64.exe
2014-02-28 13:07 - 2013-06-18 20:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-28 13:07 - 2012-06-23 20:22 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Skype
2014-02-28 13:06 - 2014-02-08 14:39 - 00425919 _____ () C:\Windows\WindowsUpdate.log
2014-02-28 13:05 - 2012-11-10 23:41 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-28 13:00 - 2014-02-17 15:50 - 00041095 _____ () C:\Users\Aleks\Downloads\FRST.txt
2014-02-27 22:06 - 2014-02-24 17:46 - 00000616 _____ () C:\Windows\setupact.log
2014-02-27 21:23 - 2012-07-18 09:42 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Ubisoft
2014-02-27 21:19 - 2012-07-18 09:27 - 00000000 ____D () C:\ProgramData\Ubisoft
2014-02-27 21:18 - 2014-02-27 21:15 - 00222147 _____ () C:\Windows\DirectX.log
2014-02-27 21:15 - 2013-11-21 15:53 - 00000000 ____D () C:\Games
2014-02-27 20:53 - 2012-04-10 12:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-27 20:32 - 2014-02-27 20:32 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\InstallShield
2014-02-27 18:43 - 2012-06-24 10:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-27 18:41 - 2014-01-30 18:57 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\.minecraft
2014-02-27 17:31 - 2012-11-10 23:41 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-25 17:02 - 2012-06-24 20:43 - 00000000 ____D () C:\Users\Aleks\AppData\Local\CrashDumps
2014-02-24 17:50 - 2014-02-24 17:50 - 01934845 _____ () C:\Users\Aleks\Downloads\CakeDefense2 by disco.zip
2014-02-24 17:46 - 2014-02-24 17:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-23 14:39 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-23 14:39 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-22 23:59 - 2013-12-24 21:25 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Samsung
2014-02-22 18:14 - 2013-06-23 20:00 - 00000000 ____D () C:\Users\Aleks\Documents\Telltale Games
2014-02-22 18:03 - 2014-02-22 18:03 - 00001106 _____ () C:\Users\Public\Desktop\The Walking Dead.lnk
2014-02-22 17:35 - 2014-02-22 17:35 - 00347816 _____ (Microsoft Corporation) C:\Users\Aleks\Downloads\MicrosoftFixit.dvd.RNP.196316514133200575.1.1.Run.exe
2014-02-22 17:35 - 2014-01-18 21:47 - 00000000 ____D () C:\Users\Aleks\AppData\Local\NVIDIA
2014-02-22 17:23 - 2014-02-22 17:23 - 00000000 ___RD () C:\Users\Aleks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-22 17:23 - 2013-09-20 21:04 - 00000000 ____D () C:\ProgramData\VMware
2014-02-22 17:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-22 17:21 - 2012-11-21 13:54 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-02-21 20:53 - 2013-08-10 23:34 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\TS3Client
2014-02-21 16:27 - 2012-04-30 02:44 - 00702734 _____ () C:\Windows\system32\perfh007.dat
2014-02-21 16:27 - 2012-04-30 02:44 - 00151110 _____ () C:\Windows\system32\perfc007.dat
2014-02-21 16:27 - 2009-07-14 06:13 - 01629986 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-17 21:55 - 2014-02-17 21:54 - 00000000 ____D () C:\Users\Aleks\AppData\Local\{4754A547-AD06-4B9A-A379-35F2B07F2E61}
2014-02-17 17:31 - 2014-02-17 17:16 - 00000000 ____D () C:\Users\Aleks\Documents\DragonNest
2014-02-17 15:52 - 2014-02-17 15:52 - 00038838 _____ () C:\Users\Aleks\Downloads\Addition.txt
2014-02-16 15:55 - 2014-02-16 15:55 - 00000613 _____ () C:\Users\Aleks\Documents\Uninstall STAR WARS The Old Republic.log
2014-02-16 15:49 - 2012-06-24 19:55 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-16 15:46 - 2012-07-18 09:27 - 00000000 ____D () C:\Users\Aleks\AppData\Local\Ubisoft Game Launcher
2014-02-16 15:43 - 2013-01-15 20:08 - 00000000 ____D () C:\Program Files (x86)\Safari
2014-02-16 15:39 - 2012-07-22 22:53 - 00000000 ____D () C:\Program Files (x86)\Project64 1.6
2014-02-16 15:37 - 2014-02-16 15:37 - 00000000 ____D () C:\Users\Aleks\.appwork
2014-02-16 15:37 - 2012-06-24 18:03 - 00000000 ____D () C:\Users\Aleks
2014-02-16 15:32 - 2013-06-26 15:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-02-16 15:25 - 2012-10-28 15:40 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\loadtbs
2014-02-16 15:23 - 2012-11-10 23:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-16 15:21 - 2013-01-07 15:53 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
2014-02-16 15:21 - 2012-12-30 12:40 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-02-16 15:21 - 2012-06-29 13:11 - 00001593 _____ () C:\Windows\wininit.ini
2014-02-16 15:19 - 2014-02-16 15:19 - 00003164 _____ () C:\Windows\System32\Tasks\{D1554531-22D6-4CDA-94E1-3344B3E172EE}
2014-02-16 14:55 - 2012-11-04 09:46 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-15 16:06 - 2012-04-29 17:24 - 00000032 _____ () C:\ProgramData\PS.log
2014-02-15 16:06 - 2012-04-10 13:19 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-02-15 16:06 - 2012-04-10 12:47 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-02-15 15:54 - 2013-11-30 00:56 - 00000000 ____D () C:\ProgramData\ProductData
2014-02-15 15:54 - 2013-06-18 20:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-15 15:54 - 2012-04-10 13:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-15 15:54 - 2012-04-10 13:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-15 15:36 - 2012-11-04 09:46 - 00000000 ____D () C:\ProgramData\Origin
2014-02-15 10:27 - 2014-02-15 10:27 - 01678803 _____ () C:\Users\Aleks\Downloads\15seconds.zip
2014-02-14 19:26 - 2014-02-14 19:26 - 00000000 ____D () C:\Users\Aleks\AppData\Local\Daedalic Entertainment
2014-02-11 18:47 - 2014-01-19 01:11 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Nidhogg
2014-02-11 16:55 - 2014-02-11 16:55 - 00002205 _____ () C:\Users\Public\Desktop\Chaos auf Deponia.lnk
2014-02-11 16:45 - 2014-02-11 16:45 - 00000000 ____D () C:\Program Files (x86)\Daedalic Entertainment
2014-02-11 16:29 - 2012-11-10 23:41 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 16:29 - 2012-11-10 23:41 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-08 14:46 - 2013-08-10 23:34 - 00000971 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-02-08 14:45 - 2014-02-08 14:44 - 32520760 _____ (TeamSpeak Systems GmbH) C:\Users\Aleks\Downloads\TeamSpeak3-Client-win64-3.0.13.1.exe
2014-02-07 18:41 - 2013-04-22 17:08 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\.technic
2014-02-05 20:54 - 2013-08-24 20:48 - 00000000 ____D () C:\Users\Aleks\Desktop\Games
2014-02-05 16:32 - 2014-02-05 16:32 - 00000159 _____ () C:\Users\Aleks\Downloads\AleksorFX.vcf
2014-02-03 18:46 - 2014-02-03 18:46 - 05670237 _____ () C:\Users\Aleks\Downloads\klicker3.1.zip
2014-02-03 18:44 - 2014-02-03 18:44 - 00614784 _____ () C:\Users\Aleks\Downloads\klicker-3-1-2.exe
2014-02-03 17:55 - 2014-02-03 17:55 - 00416311 _____ () C:\Users\Aleks\Downloads\zanMape_5897267.zip
2014-02-03 17:55 - 2014-02-03 17:55 - 00254645 _____ () C:\Users\Aleks\Downloads\[1.7.2]ReiMinimap_v3.4_03beta.zip
2014-02-03 12:35 - 2014-02-03 12:35 - 00000000 ____D () C:\Users\Aleks\AppData\Local\EdgeOfReality
2014-01-31 13:36 - 2014-01-31 13:36 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\NCSOFT
2014-01-31 13:36 - 2014-01-31 13:36 - 00000000 ____D () C:\Users\Aleks\AppData\Local\NCSOFT
2014-01-30 17:56 - 2014-01-30 17:56 - 01856304 _____ () C:\Users\Aleks\Downloads\Tekkit Skyblock 4.0.rar
2014-01-29 17:34 - 2014-01-29 17:33 - 00000024 _____ () C:\Users\Aleks\Desktop\Neues Textdokument.txt
2014-01-29 17:19 - 2014-01-29 17:19 - 00999771 _____ () C:\Users\Aleks\Downloads\SinglePlayerCommands-MC1.2.5_V3.2.2.jar

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Aleks\AppData\Local\Temp\avgnt.exe
C:\Users\Aleks\AppData\Local\Temp\_is5EEB.exe
C:\Users\Aleks\AppData\Local\Temp\_isA4D1.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 20:37

==================== End Of Log ============================
Additonal.txt:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2014 02
Ran by Aleks at 2014-02-28 13:10:41
Running from C:\Users\Aleks\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2108.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2108.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3508 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{682EC6E8-A300-45FD-8F09-0F3A6EA334D6}) (Version: 1.00.3004 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.5) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.0.6 - IObit)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.109.2020.209 - Alps Electric)
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)
Archeblade (HKLM-x32\...\Steam App 207230) (Version:  - CodeBrush Games)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Assassins Creed IV Black Flag version 1.0.0.0 (HKLM-x32\...\Assassins Creed IV Black Flag_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.126 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.8.8 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira)
AVS Image Converter 2.2.1.209 (HKLM-x32\...\AVS Image Converter_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
BattleForge™ (HKLM-x32\...\{C580908C-B3BA-4C19-BD60-16F02F272201}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.7 - EA Digital Illusions CE AB)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Camtasia Studio 8 (HKLM-x32\...\{8F6F7194-0734-4CDA-8C04-6B766F2241A6}) (Version: 8.0.4.1060 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
Chaos auf Deponia (HKLM-x32\...\Deponia 2) (Version: 1.1 - Daedalic Entertainment)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - )
Cinema 4D version R12 (HKLM-x32\...\{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1) (Version: R12 - Salat Production)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.)
CyberLink MediaEspresso (x32 Version: 6.5.1720_38230 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DLC Quest (HKLM-x32\...\Steam App 230050) (Version:  - Going Loud Studios)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dragon Nest Europe (HKLM-x32\...\Steam App 258700) (Version:  - Eyedentity Games)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Electronic Super Joy (HKLM-x32\...\Steam App 244870) (Version:  - Michael Todd Games)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
FINAL FANTASY XIV - A Realm Reborn (Beta Version) (HKLM-x32\...\{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}) (Version: 0.9.1000 - SQUARE ENIX CO., LTD.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube Download version 3.2.13.925 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.13.925 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.17.1127 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1127 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.11 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.0.4.1083 - IObit)
Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.1.5 - Kobo Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.)
Launchpad Enhanced (HKLM-x32\...\{BAA11826-70EF-4E44-9E97-8476793E022F}) (Version: 0.05.000 - SWGEmu)
Legend of Dungeon (HKLM-x32\...\Steam App 238280) (Version:  - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.109 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.) Hidden
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{cde5fd82-4a8f-483e-adf0-ca7343d00433}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Minecraft Skin Stealer (HKCU\...\620454269c4462e1) (Version: 1.0.0.1 - Minecraft Skin Stealer)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
My Game Long Name (HKLM\...\UDK-acce918b-ee84-4b23-b29a-325e63a8468e) (Version:  - Epic Games, Inc.)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.44.13 - Black Tree Gaming)
Nidhogg (HKLM-x32\...\Steam App 94400) (Version:  - Messhof)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2.3 - )
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.65 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\{030F4BB3-F3C3-4A74-905C-44672D1ECB76}) (Version: 0.47.284 - Overwolf)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Qualcomm Atheros Direct Connect (x32 Version: 3.1 - Qualcomm Atheros) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 3.1 - Qualcomm Atheros)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.85 - Realtek Semiconductor Corp.)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
Rogue Legacy version 0.0.0.9 (HKLM-x32\...\Rogue Legacy_is1) (Version: 0.0.0.9 - WaLMaRT)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Screen Recording Suite V2.5.0 (HKLM-x32\...\{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1) (Version: 2.5.0 - Apowersoft)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.4.11328 - Skype Technologies S.A.)
Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)
Skyrim NPC Editor (HKLM-x32\...\{5BA9357B-E876-4FB2-8F1B-C7E63AC90E6F}) (Version: 0.75.1 - foretrenty)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 0.1.1272.2 - Hi-Rez Studios)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)
Spiral Knights (HKCU\...\Spiral Knights) (Version:  - )
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.04.0000 - Electronic Arts)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Crate Box (HKLM-x32\...\Steam App 212800) (Version:  - Vlambeer)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Walking Dead (HKLM-x32\...\The Walking Dead) (Version: 1.0.0.34 - Telltale Games)
Tribes Ascend (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}) (Version: 1.0.1185.4 - Hi-Rez Studios)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.5 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.5.1.0 - Intel)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4.5 (KB2750147) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2750147) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805221) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805226) (Version: 1 - Microsoft Corporation)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 5.0.2 - VMware, Inc)
VMware Player (Version: 5.0.2 - VMware, Inc.) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

22-02-2014 17:00:26 DirectX wurde installiert
27-02-2014 19:52:44 Installiert Assassin's Creed
27-02-2014 20:15:56 DirectX wurde installiert

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {42F1683A-9A07-410A-8E7D-6D6421F707E9} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2013-11-11] (IObit)
Task: {49E69CFD-F091-4064-B274-634729C28D73} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {4A0C4EDA-EB4B-48FA-81EB-90042B1B6F9D} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-07] (Acer Incorporated)
Task: {4A8E6E81-059C-4B38-A2B2-72D4995611A1} - System32\Tasks\{C01AAE16-F5DA-49F2-A33D-DED0DBE0A275} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {5AFF1F0B-155C-41D8-94BE-693BF3627832} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-10] (Google Inc.)
Task: {93811BC2-0DBA-4709-A4A2-98F7A8A8094F} - System32\Tasks\ASC7_SkipUac_Aleks => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2013-11-18] (IObit)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {B416FC4E-CB71-4838-9DC7-848ACCB1C5F9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-19] (Piriform Ltd)
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {F36C13E3-A49E-41D1-A3D9-034166AB9232} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-15] (Adobe Systems Incorporated)
Task: {FE34C70B-BC41-4095-AB04-BD5DD09A75D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-10] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-18 21:46 - 2013-12-19 19:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-07-18 09:26 - 2013-08-29 12:47 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-04-12 09:09 - 2012-03-26 10:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-11-30 00:55 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2012-12-06 13:21 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-01-05 22:22 - 2012-01-05 22:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 22:22 - 2012-01-05 22:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 22:22 - 2012-01-05 22:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2013-12-11 19:26 - 2013-12-11 19:26 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\991a8d378a3e64b31c0f4770ba9ae071\IsdiInterop.ni.dll
2012-04-10 12:08 - 2011-11-30 04:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-04-29 17:00 - 2011-12-16 03:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-11-30 00:55 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
2012-01-08 14:41 - 2012-01-08 14:41 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-02-20 18:38 - 2014-02-20 02:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-20 18:38 - 2014-02-20 02:02 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
2014-02-20 18:38 - 2014-02-20 02:02 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
2014-02-20 18:38 - 2014-02-20 02:03 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-20 18:38 - 2014-02-20 02:03 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-20 18:38 - 2014-02-20 02:02 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
2014-02-20 18:38 - 2014-02-20 02:03 - 13632840 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Aleks\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Aleks\AppData\Roaming:NT

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: DCDhcpService => 3
MSCONFIG\Services: DsiWMIService => 2
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: RzKLService => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SpyHunter 4 Service => 2
MSCONFIG\Services: TunngleService => 3
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: ZAtheros Wlan Agent => 2
MSCONFIG\startupfolder: C:^Users^Aleks^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Aleks^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk => C:\Windows\pss\GamersFirst LIVE!.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dolby Home Theater v4 => "C:\Dolby PCEE4\pcee4.exe" -autostart
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: InstantUpdate => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: RazerGameBooster => C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe -autorun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== Faulty Device Manager Devices =============

Name: D-Link Router
Description: D-Link Router
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/28/2014 00:55:55 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.

Error: (02/27/2014 08:29:44 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d8c

Startzeit: 01cf2fea78f0aabf

Endzeit: 107

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 805785d4-9fe5-11e3-86b1-446d573172e2

Error: (02/27/2014 06:08:29 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (02/25/2014 05:01:05 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WalkingDead101.exe, Version: 2013.9.20.20751, Zeitstempel: 0x523cd8a2
Name des fehlerhaften Moduls: WalkingDead101.exe, Version: 2013.9.20.20751, Zeitstempel: 0x523cd8a2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x004d8688
ID des fehlerhaften Prozesses: 0x1fa8
Startzeit der fehlerhaften Anwendung: 0xWalkingDead101.exe0
Pfad der fehlerhaften Anwendung: WalkingDead101.exe1
Pfad des fehlerhaften Moduls: WalkingDead101.exe2
Berichtskennung: WalkingDead101.exe3

Error: (02/25/2014 03:42:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WalkingDead101.exe, Version: 2013.9.20.20751, Zeitstempel: 0x523cd8a2
Name des fehlerhaften Moduls: WalkingDead101.exe, Version: 2013.9.20.20751, Zeitstempel: 0x523cd8a2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x004d8688
ID des fehlerhaften Prozesses: 0x17c8
Startzeit der fehlerhaften Anwendung: 0xWalkingDead101.exe0
Pfad der fehlerhaften Anwendung: WalkingDead101.exe1
Pfad des fehlerhaften Moduls: WalkingDead101.exe2
Berichtskennung: WalkingDead101.exe3

Error: (02/23/2014 03:11:43 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 10.11.15.0, Zeitstempel: 0x52a6776c
Name des fehlerhaften Moduls: nvapi.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52b32498
Ausnahmecode: 0xc0000005
Fehleroffset: 0x58e16950
ID des fehlerhaften Prozesses: 0xdc0
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3

Error: (02/22/2014 05:25:41 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 10.11.15.0, Zeitstempel: 0x52a6776c
Name des fehlerhaften Moduls: nvd3d9wrap.dll, Version: 9.18.13.3221, Zeitstempel: 0x52b32490
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00005170
ID des fehlerhaften Prozesses: 0xf94
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3

Error: (02/22/2014 05:25:25 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 10.11.15.0, Zeitstempel: 0x52a6776c
Name des fehlerhaften Moduls: nvspcap.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52a67618
Ausnahmecode: 0xc0000005
Fehleroffset: 0x100be510
ID des fehlerhaften Prozesses: 0xf94
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3

Error: (02/22/2014 05:24:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BtvStack.exe, Version: 7.4.0.126, Zeitstempel: 0x4f587ad6
Name des fehlerhaften Moduls: BtvStack.exe, Version: 7.4.0.126, Zeitstempel: 0x4f587ad6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000007da38
ID des fehlerhaften Prozesses: 0xf30
Startzeit der fehlerhaften Anwendung: 0xBtvStack.exe0
Pfad der fehlerhaften Anwendung: BtvStack.exe1
Pfad des fehlerhaften Moduls: BtvStack.exe2
Berichtskennung: BtvStack.exe3

Error: (02/22/2014 05:23:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/27/2014 08:32:50 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (02/27/2014 08:32:43 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (02/27/2014 08:32:37 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (02/27/2014 08:32:30 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (02/27/2014 08:32:24 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (02/27/2014 08:32:17 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (02/27/2014 08:32:11 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (02/27/2014 08:32:03 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (02/27/2014 08:31:57 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (02/27/2014 08:31:50 PM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.


Microsoft Office Sessions:
=========================
Error: (02/28/2014 00:55:55 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.

Error: (02/27/2014 08:29:44 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17567d8c01cf2fea78f0aabf107C:\Windows\Explorer.EXE805785d4-9fe5-11e3-86b1-446d573172e2

Error: (02/27/2014 06:08:29 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (02/25/2014 05:01:05 PM) (Source: Application Error)(User: )
Description: WalkingDead101.exe2013.9.20.20751523cd8a2WalkingDead101.exe2013.9.20.20751523cd8a2c0000005004d86881fa801cf323eda574d76C:\Games\Telltale Games\The Walking Dead\GameData\WalkingDead101.exeC:\Games\Telltale Games\The Walking Dead\GameData\WalkingDead101.exe07d3e47a-9e36-11e3-86b1-446d573172e2

Error: (02/25/2014 03:42:18 PM) (Source: Application Error)(User: )
Description: WalkingDead101.exe2013.9.20.20751523cd8a2WalkingDead101.exe2013.9.20.20751523cd8a2c0000005004d868817c801cf3225048f84baC:\Games\Telltale Games\The Walking Dead\GameData\WalkingDead101.exeC:\Games\Telltale Games\The Walking Dead\GameData\WalkingDead101.exe05f8210b-9e2b-11e3-86b1-446d573172e2

Error: (02/23/2014 03:11:43 AM) (Source: Application Error)(User: )
Description: NvBackend.exe10.11.15.052a6776cnvapi.dll_unloaded0.0.0.052b32498c000000558e16950dc001cf2febe8ed2391C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvapi.dlld616f918-9c2f-11e3-86b1-446d573172e2

Error: (02/22/2014 05:25:41 PM) (Source: Application Error)(User: )
Description: NvBackend.exe10.11.15.052a6776cnvd3d9wrap.dll9.18.13.322152b32490c000000500005170f9401cf2fea7956e81eC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\NVIDIA Corporation\CoProcManager\nvd3d9wrap.dllf86a694f-9bdd-11e3-86b1-446d573172e2

Error: (02/22/2014 05:25:25 PM) (Source: Application Error)(User: )
Description: NvBackend.exe10.11.15.052a6776cnvspcap.dll_unloaded0.0.0.052a67618c0000005100be510f9401cf2fea7956e81eC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvspcap.dllee9d1cd1-9bdd-11e3-86b1-446d573172e2

Error: (02/22/2014 05:24:04 PM) (Source: Application Error)(User: )
Description: BtvStack.exe7.4.0.1264f587ad6BtvStack.exe7.4.0.1264f587ad6c0000005000000000007da38f3001cf2fea79449859C:\Program Files (x86)\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Bluetooth Suite\BtvStack.exebe8b4371-9bdd-11e3-86b1-446d573172e2

Error: (02/22/2014 05:23:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 8030.36 MB
Available physical RAM: 5639.74 MB
Total Pagefile: 16058.89 MB
Available Pagefile: 12915.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:683.04 GB) (Free:249.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: F324B5E5)

Partition: GPT Partition Type.

==================== End Of Log ============================
MfG Aleks.
PS: Ich hatte zwar bereits einen Post dieser Art veröffentlicht,
konnte jedoch nichts machen, da mein Internet einige Tage ausfiel.

schrauber 28.02.2014 13:45
hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

AleksorFX 28.02.2014 14:50
Thx für die bisherige Hilfe, aber ich geh dann mal weiter im Text mit den Logs.
Malwarebytes Antimalware:
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.28.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Aleks :: ALEKS-PC [Administrator]

28.02.2014 13:54:57
MBAM-log-2014-02-28 (14-06-03).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 229111
Laufzeit: 8 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 17
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Optional.Funmoods.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt.
HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.Optional.FunMoods.A) -> Keine Aktion durchgeführt.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.Optional.FunMoods.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Vittalia\AxtanInstaller (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 3
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0A1M1S1N1H2Q1H0B1O1O -> Keine Aktion durchgeführt.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {5429DA2C-C9B1-11E1-BF80-E840F2C7C612} -> Keine Aktion durchgeführt.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {5429DA2C-C9B1-11E1-BF80-E840F2C7C612} -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www.yhs.delta-search.com/?affID=119816&tt=030213_yh&babsrc=HP_ss&mntrId=50e4d514000000000000266d5731490c) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 9
C:\Users\Aleks\AppData\Roaming\loadtbs (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\html (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\ProgramData\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BonanzaDealsLive\Update\Log (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Local\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Local\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 15
C:\Users\Aleks\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Aleks\Downloads\klicker-3-1-2.exe (PUP.Optional.DownloadSponsor) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\keyHash.txt (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\config.txt (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\domHash.txt (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\evHash.txt (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\uninstall.exe (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\updateHash.txt (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\html\install.html (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\html\uninstall.html (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Local\funmoods-speeddial_sf.crx (PUP.Optional.FunMoods.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

(Ende)
ADWCleaner:
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.28.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Aleks :: ALEKS-PC [Administrator]

28.02.2014 13:54:57
MBAM-log-2014-02-28 (14-06-03).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 229111
Laufzeit: 8 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 17
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Optional.Funmoods.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt.
HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.Optional.FunMoods.A) -> Keine Aktion durchgeführt.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.Optional.FunMoods.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Vittalia\AxtanInstaller (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 3
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0A1M1S1N1H2Q1H0B1O1O -> Keine Aktion durchgeführt.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {5429DA2C-C9B1-11E1-BF80-E840F2C7C612} -> Keine Aktion durchgeführt.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {5429DA2C-C9B1-11E1-BF80-E840F2C7C612} -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www.yhs.delta-search.com/?affID=119816&tt=030213_yh&babsrc=HP_ss&mntrId=50e4d514000000000000266d5731490c) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 9
C:\Users\Aleks\AppData\Roaming\loadtbs (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\html (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\ProgramData\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BonanzaDealsLive\Update\Log (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Local\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Local\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 15
C:\Users\Aleks\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Aleks\Downloads\klicker-3-1-2.exe (PUP.Optional.DownloadSponsor) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\keyHash.txt (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\config.txt (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\domHash.txt (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\evHash.txt (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\uninstall.exe (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\updateHash.txt (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\html\install.html (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\html\uninstall.html (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Local\funmoods-speeddial_sf.crx (PUP.Optional.FunMoods.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

(Ende)
Farbar Recovery Scan Tool Log:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by Aleks (administrator) on ALEKS-PC on 28-02-2014 14:47:58
Running from C:\Users\Aleks\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Microsoft Corporation) C:\Windows\system32\SndVol.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\ipmGui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Aleks\Desktop\adwcleaner.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12448872 2012-02-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [576376 2012-02-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1021056 2012-03-08] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800896 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-111787264-447541870-3520710339-1001\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-111787264-447541870-3520710339-1001\...\MountPoints2: {198e1f75-8beb-11e2-843d-e840f2c7c612} - G:\OblivionLauncher.exe
HKU\S-1-5-21-111787264-447541870-3520710339-1001\...\MountPoints2: {7e7eb5ae-3bb6-11e2-aa2b-e840f2c7c612} - E:\setup.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll" File Not Found
AppInit_DLLs-x32:  c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yhs.delta-search.com/?affID=119816&tt=030213_yh&babsrc=HP_ss&mntrId=50e4d514000000000000266d5731490c
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0CyB0CyCtCtB0DyDtCyEtN0D0Tzu0CtBzztAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=100008633
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0CyB0CyCtCtB0DyDtCyEtN0D0Tzu0CtBzztAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=100008633
SearchScopes: HKLM-x32 - {04CF9C26-738B-D3C1-E515-58D02E4BD4A7} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={5429DA2C-C9B1-11E1-BF80-E840F2C7C612}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0CyB0CyCtCtB0DyDtCyEtN0D0Tzu0CtBzztAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=100008633
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.yhs.delta-search.com/?q={searchTerms}&affID=119816&tt=030213_yh&babsrc=SP_ss&mntrId=50e4d514000000000000266d5731490c
SearchScopes: HKCU - {04CF9C26-738B-D3C1-E515-58D02E4BD4A7} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.privitize.com/?aff=7&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.yhs.delta-search.com/?q={searchTerms}&affID=119816&tt=030213_yh&babsrc=SP_ss&mntrId=50e4d514000000000000266d5731490c
SearchScopes: HKCU - {3C4109B5-297E-48FE-9A55-12E7477EE4AF} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0CyB0CyCtCtB0DyDtCyEtN0D0Tzu0CtBzztAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=100008633
SearchScopes: HKCU - {40A6F767-17DE-4E57-AEC0-BA7EF233438C} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=0025572F-EB7E-4861-A7D0-551F06A3B565&apn_sauid=0652830F-5E68-4162-AEAA-EE9AFF6C29AF
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={5429DA2C-C9B1-11E1-BF80-E840F2C7C612}
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM-x32 - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.222

FireFox:
========
FF ProfilePath: C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default
FF user.js: detected! => C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Aleks\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\ascsurfingprotection@iobit.com [2013-11-30]
FF Extension: DownloadHelper - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-08]
FF Extension: youtubereplay - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\jid0-VuYraOOT2NM2AcnQwG4APKol3Vs@jetpack.xpi [2013-04-09]
FF Extension: Better Battlelog (BBLog) - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\jid1-qQSMEVsYTOjgYA@jetpack.xpi [2013-08-28]
FF Extension: NoScript - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-07-04]
FF Extension: Youtube Converter MP3 - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi [2013-08-04]
FF Extension: Adblock Plus - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-17]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome:
=======
CHR HomePage: hxxp://www.yhs.delta-search.com/?affID=119816&tt=030213_yh&babsrc=HP_ss&mntrId=50e4d514000000000000266d5731490c
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.11\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.11\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.11\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Square Enix Secure Launcher) - C:\Users\Aleks\AppData\LocalLow\Square Enix\nprun3d.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2012-11-10]
CHR Extension: (Google Drive) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-10]
CHR Extension: (YouTube) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-10]
CHR Extension: (Google-Suche) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-10]
CHR Extension: (Give Up) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\diippoclinjdbklinhchgedilfncehbi [2013-09-01]
CHR Extension: (CHIP Download Adventskalender 2013) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\eieokkbmdedgencncfbagbcapghlakcg [2013-12-01]
CHR Extension: (AdBlock) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-29]
CHR Extension: (YouRepeat) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpjonelgkpmoamjkigojeifadlhlbna [2014-01-19]
CHR Extension: (Google Play) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-09-01]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-12-13]
CHR Extension: (Google Wallet) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Google Mail) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-10]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Aleks\AppData\Local\funmoods.crx [2012-11-10]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Aleks\AppData\Local\funmoods-speeddial_sf.crx [2012-11-10]
CHR HKCU\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Aleks\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Aleks\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2012-11-19]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2013-11-30]

==================== Services (Whitelisted) =================

S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-09] (Adobe Systems)
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [878368 2013-10-25] (IObit)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 DCDhcpService; C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe [111776 2012-02-10] (Atheros Communication Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4204272 2012-08-28] (INCA Internet Co., Ltd.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [96184 2013-12-09] (Overwolf)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-29] ()
S4 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)
S4 SkypeUpdate; C:\Skype\Updater\Updater.exe [161536 2013-01-08] (Skype Technologies)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [759192 2013-09-03] (Tunngle.net GmbH)
S4 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros)
R3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-12-02] (DT Soft Ltd)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-28 14:43 - 2014-02-28 14:44 - 00000000 ____D () C:\AdwCleaner
2014-02-28 14:34 - 2014-02-28 14:34 - 00000000 ___RD () C:\Users\Aleks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-28 14:33 - 2014-02-28 14:33 - 00012092 _____ () C:\Windows\PFRO.log
2014-02-28 13:58 - 2014-02-28 13:58 - 01244192 _____ () C:\Users\Aleks\Desktop\adwcleaner.exe
2014-02-28 13:49 - 2014-02-28 13:49 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-28 13:49 - 2014-02-28 13:49 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Malwarebytes
2014-02-28 13:49 - 2014-02-28 13:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-28 13:49 - 2014-02-28 13:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-28 13:49 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-28 13:48 - 2014-02-28 13:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Aleks\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-28 13:10 - 2014-02-28 13:11 - 00046434 _____ () C:\Users\Aleks\Desktop\Addition.txt
2014-02-28 13:07 - 2014-02-28 14:48 - 00027049 _____ () C:\Users\Aleks\Desktop\FRST.txt
2014-02-28 13:07 - 2014-02-28 13:07 - 00000000 ____D () C:\Users\Aleks\Desktop\FRST-OlderVersion
2014-02-27 21:15 - 2014-02-27 21:18 - 00222147 _____ () C:\Windows\DirectX.log
2014-02-27 20:32 - 2014-02-27 20:32 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\InstallShield
2014-02-24 17:50 - 2014-02-24 17:50 - 01934845 _____ () C:\Users\Aleks\Downloads\CakeDefense2 by disco.zip
2014-02-24 17:46 - 2014-02-28 14:33 - 00000784 _____ () C:\Windows\setupact.log
2014-02-24 17:46 - 2014-02-24 17:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-22 18:03 - 2014-02-22 18:03 - 00001106 _____ () C:\Users\Public\Desktop\The Walking Dead.lnk
2014-02-22 17:35 - 2014-02-22 17:35 - 00347816 _____ (Microsoft Corporation) C:\Users\Aleks\Downloads\MicrosoftFixit.dvd.RNP.196316514133200575.1.1.Run.exe
2014-02-17 21:54 - 2014-02-17 21:55 - 00000000 ____D () C:\Users\Aleks\AppData\Local\{4754A547-AD06-4B9A-A379-35F2B07F2E61}
2014-02-17 17:16 - 2014-02-17 17:31 - 00000000 ____D () C:\Users\Aleks\Documents\DragonNest
2014-02-17 15:52 - 2014-02-17 15:52 - 00038838 _____ () C:\Users\Aleks\Downloads\Addition.txt
2014-02-17 15:50 - 2014-02-28 14:47 - 00000000 ____D () C:\FRST
2014-02-17 15:50 - 2014-02-28 13:07 - 02155520 _____ (Farbar) C:\Users\Aleks\Desktop\FRST64.exe
2014-02-17 15:50 - 2014-02-28 13:00 - 00041095 _____ () C:\Users\Aleks\Downloads\FRST.txt
2014-02-16 15:55 - 2014-02-16 15:55 - 00000613 _____ () C:\Users\Aleks\Documents\Uninstall STAR WARS The Old Republic.log
2014-02-16 15:37 - 2014-02-16 15:37 - 00000000 ____D () C:\Users\Aleks\.appwork
2014-02-16 15:19 - 2014-02-16 15:19 - 00003164 _____ () C:\Windows\System32\Tasks\{D1554531-22D6-4CDA-94E1-3344B3E172EE}
2014-02-15 10:27 - 2014-02-15 10:27 - 01678803 _____ () C:\Users\Aleks\Downloads\15seconds.zip
2014-02-14 19:26 - 2014-02-14 19:26 - 00000000 ____D () C:\Users\Aleks\AppData\Local\Daedalic Entertainment
2014-02-11 16:55 - 2014-02-11 16:55 - 00002205 _____ () C:\Users\Public\Desktop\Chaos auf Deponia.lnk
2014-02-11 16:45 - 2014-02-11 16:45 - 00000000 ____D () C:\Program Files (x86)\Daedalic Entertainment
2014-02-08 14:44 - 2014-02-08 14:45 - 32520760 _____ (TeamSpeak Systems GmbH) C:\Users\Aleks\Downloads\TeamSpeak3-Client-win64-3.0.13.1.exe
2014-02-08 14:39 - 2014-02-28 14:37 - 00449629 _____ () C:\Windows\WindowsUpdate.log
2014-02-05 16:32 - 2014-02-05 16:32 - 00000159 _____ () C:\Users\Aleks\Downloads\AleksorFX.vcf
2014-02-03 18:46 - 2014-02-03 18:46 - 05670237 _____ () C:\Users\Aleks\Downloads\klicker3.1.zip
2014-02-03 17:55 - 2014-02-03 17:55 - 00416311 _____ () C:\Users\Aleks\Downloads\zanMape_5897267.zip
2014-02-03 17:55 - 2014-02-03 17:55 - 00254645 _____ () C:\Users\Aleks\Downloads\[1.7.2]ReiMinimap_v3.4_03beta.zip
2014-02-03 12:35 - 2014-02-03 12:35 - 00000000 ____D () C:\Users\Aleks\AppData\Local\EdgeOfReality
2014-01-31 13:36 - 2014-01-31 13:36 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\NCSOFT
2014-01-31 13:36 - 2014-01-31 13:36 - 00000000 ____D () C:\Users\Aleks\AppData\Local\NCSOFT
2014-01-30 18:57 - 2014-02-27 18:41 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\.minecraft
2014-01-30 17:56 - 2014-01-30 17:56 - 01856304 _____ () C:\Users\Aleks\Downloads\Tekkit Skyblock 4.0.rar
2014-01-29 17:33 - 2014-01-29 17:34 - 00000024 _____ () C:\Users\Aleks\Desktop\Neues Textdokument.txt
2014-01-29 17:19 - 2014-01-29 17:19 - 00999771 _____ () C:\Users\Aleks\Downloads\SinglePlayerCommands-MC1.2.5_V3.2.2.jar

==================== One Month Modified Files and Folders =======

2014-02-28 14:48 - 2014-02-28 13:07 - 00027049 _____ () C:\Users\Aleks\Desktop\FRST.txt
2014-02-28 14:47 - 2014-02-17 15:50 - 00000000 ____D () C:\FRST
2014-02-28 14:44 - 2014-02-28 14:43 - 00000000 ____D () C:\AdwCleaner
2014-02-28 14:41 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-28 14:41 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-28 14:39 - 2014-02-08 14:39 - 00449629 _____ () C:\Windows\WindowsUpdate.log
2014-02-28 14:34 - 2014-02-28 14:34 - 00000000 ___RD () C:\Users\Aleks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-28 14:34 - 2012-11-10 23:41 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-28 14:34 - 2012-11-10 23:41 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-28 14:33 - 2014-02-28 14:33 - 00012092 _____ () C:\Windows\PFRO.log
2014-02-28 14:33 - 2014-02-24 17:46 - 00000784 _____ () C:\Windows\setupact.log
2014-02-28 14:33 - 2013-09-20 21:04 - 00000000 ____D () C:\ProgramData\VMware
2014-02-28 14:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-28 14:32 - 2012-06-24 10:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-28 14:30 - 2012-06-23 20:22 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Skype
2014-02-28 14:07 - 2013-08-11 00:57 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\DVDVideoSoft
2014-02-28 14:07 - 2013-06-18 20:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-28 13:58 - 2014-02-28 13:58 - 01244192 _____ () C:\Users\Aleks\Desktop\adwcleaner.exe
2014-02-28 13:49 - 2014-02-28 13:49 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-28 13:49 - 2014-02-28 13:49 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Malwarebytes
2014-02-28 13:49 - 2014-02-28 13:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-28 13:49 - 2014-02-28 13:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-28 13:48 - 2014-02-28 13:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Aleks\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-28 13:38 - 2013-12-24 21:22 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2014-02-28 13:11 - 2014-02-28 13:10 - 00046434 _____ () C:\Users\Aleks\Desktop\Addition.txt
2014-02-28 13:08 - 2013-04-27 14:30 - 00000000 ____D () C:\Users\Aleks\Desktop\Graphics Pack
2014-02-28 13:07 - 2014-02-28 13:07 - 00000000 ____D () C:\Users\Aleks\Desktop\FRST-OlderVersion
2014-02-28 13:07 - 2014-02-17 15:50 - 02155520 _____ (Farbar) C:\Users\Aleks\Desktop\FRST64.exe
2014-02-28 13:00 - 2014-02-17 15:50 - 00041095 _____ () C:\Users\Aleks\Downloads\FRST.txt
2014-02-27 21:23 - 2012-07-18 09:42 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Ubisoft
2014-02-27 21:19 - 2012-07-18 09:27 - 00000000 ____D () C:\ProgramData\Ubisoft
2014-02-27 21:18 - 2014-02-27 21:15 - 00222147 _____ () C:\Windows\DirectX.log
2014-02-27 21:15 - 2013-11-21 15:53 - 00000000 ____D () C:\Games
2014-02-27 20:53 - 2012-04-10 12:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-27 20:32 - 2014-02-27 20:32 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\InstallShield
2014-02-27 18:41 - 2014-01-30 18:57 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\.minecraft
2014-02-25 17:02 - 2012-06-24 20:43 - 00000000 ____D () C:\Users\Aleks\AppData\Local\CrashDumps
2014-02-24 17:50 - 2014-02-24 17:50 - 01934845 _____ () C:\Users\Aleks\Downloads\CakeDefense2 by disco.zip
2014-02-24 17:46 - 2014-02-24 17:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-22 23:59 - 2013-12-24 21:25 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Samsung
2014-02-22 18:14 - 2013-06-23 20:00 - 00000000 ____D () C:\Users\Aleks\Documents\Telltale Games
2014-02-22 18:03 - 2014-02-22 18:03 - 00001106 _____ () C:\Users\Public\Desktop\The Walking Dead.lnk
2014-02-22 17:35 - 2014-02-22 17:35 - 00347816 _____ (Microsoft Corporation) C:\Users\Aleks\Downloads\MicrosoftFixit.dvd.RNP.196316514133200575.1.1.Run.exe
2014-02-22 17:35 - 2014-01-18 21:47 - 00000000 ____D () C:\Users\Aleks\AppData\Local\NVIDIA
2014-02-22 17:21 - 2012-11-21 13:54 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-02-21 20:53 - 2013-08-10 23:34 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\TS3Client
2014-02-21 16:27 - 2012-04-30 02:44 - 00702734 _____ () C:\Windows\system32\perfh007.dat
2014-02-21 16:27 - 2012-04-30 02:44 - 00151110 _____ () C:\Windows\system32\perfc007.dat
2014-02-21 16:27 - 2009-07-14 06:13 - 01629986 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-17 21:55 - 2014-02-17 21:54 - 00000000 ____D () C:\Users\Aleks\AppData\Local\{4754A547-AD06-4B9A-A379-35F2B07F2E61}
2014-02-17 17:31 - 2014-02-17 17:16 - 00000000 ____D () C:\Users\Aleks\Documents\DragonNest
2014-02-17 15:52 - 2014-02-17 15:52 - 00038838 _____ () C:\Users\Aleks\Downloads\Addition.txt
2014-02-16 15:55 - 2014-02-16 15:55 - 00000613 _____ () C:\Users\Aleks\Documents\Uninstall STAR WARS The Old Republic.log
2014-02-16 15:49 - 2012-06-24 19:55 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-16 15:46 - 2012-07-18 09:27 - 00000000 ____D () C:\Users\Aleks\AppData\Local\Ubisoft Game Launcher
2014-02-16 15:43 - 2013-01-15 20:08 - 00000000 ____D () C:\Program Files (x86)\Safari
2014-02-16 15:39 - 2012-07-22 22:53 - 00000000 ____D () C:\Program Files (x86)\Project64 1.6
2014-02-16 15:37 - 2014-02-16 15:37 - 00000000 ____D () C:\Users\Aleks\.appwork
2014-02-16 15:37 - 2012-06-24 18:03 - 00000000 ____D () C:\Users\Aleks
2014-02-16 15:32 - 2013-06-26 15:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-02-16 15:23 - 2012-11-10 23:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-16 15:21 - 2013-01-07 15:53 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
2014-02-16 15:21 - 2012-12-30 12:40 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-02-16 15:21 - 2012-06-29 13:11 - 00001593 _____ () C:\Windows\wininit.ini
2014-02-16 15:19 - 2014-02-16 15:19 - 00003164 _____ () C:\Windows\System32\Tasks\{D1554531-22D6-4CDA-94E1-3344B3E172EE}
2014-02-16 14:55 - 2012-11-04 09:46 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-15 16:06 - 2012-04-29 17:24 - 00000032 _____ () C:\ProgramData\PS.log
2014-02-15 16:06 - 2012-04-10 13:19 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-02-15 16:06 - 2012-04-10 12:47 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-02-15 15:54 - 2013-11-30 00:56 - 00000000 ____D () C:\ProgramData\ProductData
2014-02-15 15:54 - 2013-06-18 20:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-15 15:54 - 2012-04-10 13:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-15 15:54 - 2012-04-10 13:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-15 15:36 - 2012-11-04 09:46 - 00000000 ____D () C:\ProgramData\Origin
2014-02-15 10:27 - 2014-02-15 10:27 - 01678803 _____ () C:\Users\Aleks\Downloads\15seconds.zip
2014-02-14 19:26 - 2014-02-14 19:26 - 00000000 ____D () C:\Users\Aleks\AppData\Local\Daedalic Entertainment
2014-02-11 18:47 - 2014-01-19 01:11 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Nidhogg
2014-02-11 16:55 - 2014-02-11 16:55 - 00002205 _____ () C:\Users\Public\Desktop\Chaos auf Deponia.lnk
2014-02-11 16:45 - 2014-02-11 16:45 - 00000000 ____D () C:\Program Files (x86)\Daedalic Entertainment
2014-02-11 16:29 - 2012-11-10 23:41 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 16:29 - 2012-11-10 23:41 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-08 14:46 - 2013-08-10 23:34 - 00000971 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-02-08 14:45 - 2014-02-08 14:44 - 32520760 _____ (TeamSpeak Systems GmbH) C:\Users\Aleks\Downloads\TeamSpeak3-Client-win64-3.0.13.1.exe
2014-02-07 18:41 - 2013-04-22 17:08 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\.technic
2014-02-05 20:54 - 2013-08-24 20:48 - 00000000 ____D () C:\Users\Aleks\Desktop\Games
2014-02-05 16:32 - 2014-02-05 16:32 - 00000159 _____ () C:\Users\Aleks\Downloads\AleksorFX.vcf
2014-02-03 18:46 - 2014-02-03 18:46 - 05670237 _____ () C:\Users\Aleks\Downloads\klicker3.1.zip
2014-02-03 17:55 - 2014-02-03 17:55 - 00416311 _____ () C:\Users\Aleks\Downloads\zanMape_5897267.zip
2014-02-03 17:55 - 2014-02-03 17:55 - 00254645 _____ () C:\Users\Aleks\Downloads\[1.7.2]ReiMinimap_v3.4_03beta.zip
2014-02-03 12:35 - 2014-02-03 12:35 - 00000000 ____D () C:\Users\Aleks\AppData\Local\EdgeOfReality
2014-01-31 13:36 - 2014-01-31 13:36 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\NCSOFT
2014-01-31 13:36 - 2014-01-31 13:36 - 00000000 ____D () C:\Users\Aleks\AppData\Local\NCSOFT
2014-01-30 17:56 - 2014-01-30 17:56 - 01856304 _____ () C:\Users\Aleks\Downloads\Tekkit Skyblock 4.0.rar
2014-01-29 17:34 - 2014-01-29 17:33 - 00000024 _____ () C:\Users\Aleks\Desktop\Neues Textdokument.txt
2014-01-29 17:19 - 2014-01-29 17:19 - 00999771 _____ () C:\Users\Aleks\Downloads\SinglePlayerCommands-MC1.2.5_V3.2.2.jar

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Aleks\AppData\Local\Temp\avgnt.exe
C:\Users\Aleks\AppData\Local\Temp\Quarantine.exe
C:\Users\Aleks\AppData\Local\Temp\_is5EEB.exe
C:\Users\Aleks\AppData\Local\Temp\_isA4D1.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 20:37

==================== End Of Log ============================
--- --- ---

Frage:
Soll ich die gefunden ADW Dateien alle löschen?
MFG Aleks.

schrauber 01.03.2014 12:04
Das steht doch alles oben. MBAM auch nochmal laufen lassen, da wurde auch nix gelöscht :)

AleksorFX 01.03.2014 17:29
Ok,hier die gewünschten Logs:
Logs:
MBAM
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.28.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Aleks :: ALEKS-PC [Administrator]

28.02.2014 13:54:57
MBAM-log-2014-02-28 (14-06-03).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 229111
Laufzeit: 8 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 17
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Optional.Funmoods.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt.
HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.Optional.FunMoods.A) -> Keine Aktion durchgeführt.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.Optional.FunMoods.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Vittalia\AxtanInstaller (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 3
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0A1M1S1N1H2Q1H0B1O1O -> Keine Aktion durchgeführt.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {5429DA2C-C9B1-11E1-BF80-E840F2C7C612} -> Keine Aktion durchgeführt.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {5429DA2C-C9B1-11E1-BF80-E840F2C7C612} -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www.yhs.delta-search.com/?affID=119816&tt=030213_yh&babsrc=HP_ss&mntrId=50e4d514000000000000266d5731490c) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 9
C:\Users\Aleks\AppData\Roaming\loadtbs (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\html (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\ProgramData\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BonanzaDealsLive\Update\Log (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Local\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Local\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 15
C:\Users\Aleks\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Aleks\Downloads\klicker-3-1-2.exe (PUP.Optional.DownloadSponsor) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\keyHash.txt (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\config.txt (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\domHash.txt (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\evHash.txt (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\uninstall.exe (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\updateHash.txt (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\html\install.html (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\html\uninstall.html (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.Optional.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\Aleks\AppData\Local\funmoods-speeddial_sf.crx (PUP.Optional.FunMoods.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.

(Ende)
ADW:
Code:
# AdwCleaner v3.020 - Bericht erstellt am 01/03/2014 um 16:43:05
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Aleks - ALEKS-PC
# Gestartet von : C:\Users\Aleks\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\myfree codec
Ordner Gelöscht : C:\Users\Aleks\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Aleks\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Aleks\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Aleks\AppData\Roaming\Babylon
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\invalidprefs.js
Datei Gelöscht : C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\BrowserProtect

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\pricegong_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\pricegong_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Schlüssel Gelöscht : HKCU\Software\5e68bdde039ed45
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\PrivitizeVPNInstallDates
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\caphyon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ Datei : C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.id", "50e4d514000000000000266d5731490c");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15741");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.014:03:39");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0");
Zeile gelöscht : user_pref("extensions.funmoods.aflt", "ironpub");
Zeile gelöscht : user_pref("extensions.funmoods.autoRvrt", false);
Zeile gelöscht : user_pref("extensions.funmoods.dfltLng", "");
Zeile gelöscht : user_pref("extensions.funmoods.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.funmoods.dnsErr", true);
Zeile gelöscht : user_pref("extensions.funmoods.envrmnt", "production");
Zeile gelöscht : user_pref("extensions.funmoods.excTlbr", false);
Zeile gelöscht : user_pref("extensions.funmoods.hmpg", true);
Zeile gelöscht : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0CyB0CyCtCtB0DyDtCyEtN0D0Tzu0CtBzztAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1000086[...]
Zeile gelöscht : user_pref("extensions.funmoods.id", "E840F2C7C612D514");
Zeile gelöscht : user_pref("extensions.funmoods.instlDay", "15623");
Zeile gelöscht : user_pref("extensions.funmoods.instlRef", "ironpub");
Zeile gelöscht : user_pref("extensions.funmoods.isdcmntcmplt", true);
Zeile gelöscht : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Zeile gelöscht : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0CyB0CyCtCtB0DyDtCyEtN0D0Tzu0CtBzztAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=10000[...]
Zeile gelöscht : user_pref("extensions.funmoods.prdct", "funmoods");
Zeile gelöscht : user_pref("extensions.funmoods.prtnrId", "funmoods");
Zeile gelöscht : user_pref("extensions.funmoods.srchPrvdr", "Search");
Zeile gelöscht : user_pref("extensions.funmoods.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0CyB0CyCtCtB0DyDtCyEtN0D0Tzu0CtBzztAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=100[...]
Zeile gelöscht : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Zeile gelöscht : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Zeile gelöscht : user_pref("extensions.funmoods_i.newTab", true);
Zeile gelöscht : user_pref("extensions.funmoods_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2211:47:38");

-\\ Google Chrome v34.0.1847.11

[ Datei : C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage

*************************

AdwCleaner[R0].txt - [13324 octets] - [28/02/2014 14:44:04]
AdwCleaner[S0].txt - [12518 octets] - [01/03/2014 16:43:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12579 octets] ##########
FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by Aleks (administrator) on ALEKS-PC on 01-03-2014 17:25:12
Running from C:\Users\Aleks\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\ipmGui.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12448872 2012-02-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [576376 2012-02-02] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1021056 2012-03-08] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800896 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-111787264-447541870-3520710339-1001\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-111787264-447541870-3520710339-1001\...\MountPoints2: {198e1f75-8beb-11e2-843d-e840f2c7c612} - G:\OblivionLauncher.exe
HKU\S-1-5-21-111787264-447541870-3520710339-1001\...\MountPoints2: {7e7eb5ae-3bb6-11e2-aa2b-e840f2c7c612} - E:\setup.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yhs.delta-search.com/?affID=119816&tt=030213_yh&babsrc=HP_ss&mntrId=50e4d514000000000000266d5731490c
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
SearchScopes: HKLM-x32 - {04CF9C26-738B-D3C1-E515-58D02E4BD4A7} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={5429DA2C-C9B1-11E1-BF80-E840F2C7C612}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.yhs.delta-search.com/?q={searchTerms}&affID=119816&tt=030213_yh&babsrc=SP_ss&mntrId=50e4d514000000000000266d5731490c
SearchScopes: HKCU - {04CF9C26-738B-D3C1-E515-58D02E4BD4A7} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.privitize.com/?aff=7&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.yhs.delta-search.com/?q={searchTerms}&affID=119816&tt=030213_yh&babsrc=SP_ss&mntrId=50e4d514000000000000266d5731490c
SearchScopes: HKCU - {3C4109B5-297E-48FE-9A55-12E7477EE4AF} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtB0CyB0CyCtCtB0DyDtCyEtN0D0Tzu0CtBzztAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=100008633
SearchScopes: HKCU - {40A6F767-17DE-4E57-AEC0-BA7EF233438C} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=0025572F-EB7E-4861-A7D0-551F06A3B565&apn_sauid=0652830F-5E68-4162-AEAA-EE9AFF6C29AF
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.222

FireFox:
========
FF ProfilePath: C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Aleks\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\ascsurfingprotection@iobit.com [2013-11-30]
FF Extension: DownloadHelper - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-08]
FF Extension: youtubereplay - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\jid0-VuYraOOT2NM2AcnQwG4APKol3Vs@jetpack.xpi [2013-04-09]
FF Extension: Better Battlelog (BBLog) - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\jid1-qQSMEVsYTOjgYA@jetpack.xpi [2013-08-28]
FF Extension: NoScript - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-07-04]
FF Extension: Youtube Converter MP3 - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi [2013-08-04]
FF Extension: Adblock Plus - C:\Users\Aleks\AppData\Roaming\Mozilla\Firefox\Profiles\nxrcrv7t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-17]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.11\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.11\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.11\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Square Enix Secure Launcher) - C:\Users\Aleks\AppData\LocalLow\Square Enix\nprun3d.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2012-11-10]
CHR Extension: (Google Drive) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-10]
CHR Extension: (YouTube) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-10]
CHR Extension: (Google-Suche) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-10]
CHR Extension: (Give Up) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\diippoclinjdbklinhchgedilfncehbi [2013-09-01]
CHR Extension: (CHIP Download Adventskalender 2013) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\eieokkbmdedgencncfbagbcapghlakcg [2013-12-01]
CHR Extension: (AdBlock) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-29]
CHR Extension: (YouRepeat) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpjonelgkpmoamjkigojeifadlhlbna [2014-01-19]
CHR Extension: (Google Play) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-09-01]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2013-12-13]
CHR Extension: (Google Wallet) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Google Mail) - C:\Users\Aleks\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-10]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2013-11-30]

==================== Services (Whitelisted) =================

S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-09] (Adobe Systems)
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [878368 2013-10-25] (IObit)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 DCDhcpService; C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe [111776 2012-02-10] (Atheros Communication Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4204272 2012-08-28] (INCA Internet Co., Ltd.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [96184 2013-12-09] (Overwolf)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-08-29] ()
S4 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)
S4 SkypeUpdate; C:\Skype\Updater\Updater.exe [161536 2013-01-08] (Skype Technologies)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [759192 2013-09-03] (Tunngle.net GmbH)
S4 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros)
R3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-12-02] (DT Soft Ltd)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-01 17:21 - 2014-03-01 17:21 - 01037734 _____ (Thisisu) C:\Users\Aleks\Downloads\JRT.exe
2014-03-01 17:12 - 2014-03-01 17:12 - 00000000 ___RD () C:\Users\Aleks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-01 17:01 - 2014-03-01 17:01 - 01037734 _____ (Thisisu) C:\Users\Aleks\Desktop\JRT.exe
2014-03-01 16:44 - 2014-03-01 17:11 - 00000448 _____ () C:\Windows\setupact.log
2014-03-01 16:44 - 2014-03-01 16:44 - 00001082 _____ () C:\Windows\PFRO.log
2014-03-01 16:44 - 2014-03-01 16:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-28 14:43 - 2014-03-01 16:43 - 00000000 ____D () C:\AdwCleaner
2014-02-28 13:58 - 2014-02-28 13:58 - 01244192 _____ () C:\Users\Aleks\Desktop\adwcleaner.exe
2014-02-28 13:49 - 2014-02-28 13:49 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-28 13:49 - 2014-02-28 13:49 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Malwarebytes
2014-02-28 13:49 - 2014-02-28 13:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-28 13:49 - 2014-02-28 13:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-28 13:49 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-28 13:48 - 2014-02-28 13:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Aleks\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-28 13:10 - 2014-02-28 13:11 - 00046434 _____ () C:\Users\Aleks\Desktop\Addition.txt
2014-02-28 13:07 - 2014-03-01 17:25 - 00023336 _____ () C:\Users\Aleks\Desktop\FRST.txt
2014-02-28 13:07 - 2014-02-28 13:07 - 00000000 ____D () C:\Users\Aleks\Desktop\FRST-OlderVersion
2014-02-27 20:32 - 2014-02-27 20:32 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\InstallShield
2014-02-24 17:50 - 2014-02-24 17:50 - 01934845 _____ () C:\Users\Aleks\Downloads\CakeDefense2 by disco.zip
2014-02-22 18:03 - 2014-02-22 18:03 - 00001106 _____ () C:\Users\Public\Desktop\The Walking Dead.lnk
2014-02-22 17:35 - 2014-02-22 17:35 - 00347816 _____ (Microsoft Corporation) C:\Users\Aleks\Downloads\MicrosoftFixit.dvd.RNP.196316514133200575.1.1.Run.exe
2014-02-17 21:54 - 2014-02-17 21:55 - 00000000 ____D () C:\Users\Aleks\AppData\Local\{4754A547-AD06-4B9A-A379-35F2B07F2E61}
2014-02-17 17:16 - 2014-02-17 17:31 - 00000000 ____D () C:\Users\Aleks\Documents\DragonNest
2014-02-17 15:52 - 2014-02-17 15:52 - 00038838 _____ () C:\Users\Aleks\Downloads\Addition.txt
2014-02-17 15:50 - 2014-03-01 17:25 - 00000000 ____D () C:\FRST
2014-02-17 15:50 - 2014-02-28 13:07 - 02155520 _____ (Farbar) C:\Users\Aleks\Desktop\FRST64.exe
2014-02-17 15:50 - 2014-02-28 13:00 - 00041095 _____ () C:\Users\Aleks\Downloads\FRST.txt
2014-02-16 15:55 - 2014-02-16 15:55 - 00000613 _____ () C:\Users\Aleks\Documents\Uninstall STAR WARS The Old Republic.log
2014-02-16 15:37 - 2014-02-16 15:37 - 00000000 ____D () C:\Users\Aleks\.appwork
2014-02-16 15:19 - 2014-02-16 15:19 - 00003164 _____ () C:\Windows\System32\Tasks\{D1554531-22D6-4CDA-94E1-3344B3E172EE}
2014-02-15 10:27 - 2014-02-15 10:27 - 01678803 _____ () C:\Users\Aleks\Downloads\15seconds.zip
2014-02-14 19:26 - 2014-02-14 19:26 - 00000000 ____D () C:\Users\Aleks\AppData\Local\Daedalic Entertainment
2014-02-11 16:55 - 2014-02-11 16:55 - 00002205 _____ () C:\Users\Public\Desktop\Chaos auf Deponia.lnk
2014-02-11 16:45 - 2014-02-11 16:45 - 00000000 ____D () C:\Program Files (x86)\Daedalic Entertainment
2014-02-08 14:44 - 2014-02-08 14:45 - 32520760 _____ (TeamSpeak Systems GmbH) C:\Users\Aleks\Downloads\TeamSpeak3-Client-win64-3.0.13.1.exe
2014-02-08 14:39 - 2014-03-01 17:14 - 00516244 _____ () C:\Windows\WindowsUpdate.log
2014-02-05 16:32 - 2014-02-05 16:32 - 00000159 _____ () C:\Users\Aleks\Downloads\AleksorFX.vcf
2014-02-03 18:46 - 2014-02-03 18:46 - 05670237 _____ () C:\Users\Aleks\Downloads\klicker3.1.zip
2014-02-03 17:55 - 2014-02-03 17:55 - 00416311 _____ () C:\Users\Aleks\Downloads\zanMape_5897267.zip
2014-02-03 17:55 - 2014-02-03 17:55 - 00254645 _____ () C:\Users\Aleks\Downloads\[1.7.2]ReiMinimap_v3.4_03beta.zip
2014-02-03 12:35 - 2014-02-03 12:35 - 00000000 ____D () C:\Users\Aleks\AppData\Local\EdgeOfReality
2014-01-31 13:36 - 2014-01-31 13:36 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\NCSOFT
2014-01-31 13:36 - 2014-01-31 13:36 - 00000000 ____D () C:\Users\Aleks\AppData\Local\NCSOFT
2014-01-30 18:57 - 2014-03-01 14:17 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\.minecraft
2014-01-30 17:56 - 2014-01-30 17:56 - 01856304 _____ () C:\Users\Aleks\Downloads\Tekkit Skyblock 4.0.rar

==================== One Month Modified Files and Folders =======

2014-03-01 17:25 - 2014-02-28 13:07 - 00023336 _____ () C:\Users\Aleks\Desktop\FRST.txt
2014-03-01 17:25 - 2014-02-17 15:50 - 00000000 ____D () C:\FRST
2014-03-01 17:21 - 2014-03-01 17:21 - 01037734 _____ (Thisisu) C:\Users\Aleks\Downloads\JRT.exe
2014-03-01 17:19 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-01 17:19 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-01 17:14 - 2014-02-08 14:39 - 00516244 _____ () C:\Windows\WindowsUpdate.log
2014-03-01 17:12 - 2014-03-01 17:12 - 00000000 ___RD () C:\Users\Aleks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-01 17:12 - 2012-11-10 23:41 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-01 17:11 - 2014-03-01 16:44 - 00000448 _____ () C:\Windows\setupact.log
2014-03-01 17:11 - 2013-09-20 21:04 - 00000000 ____D () C:\ProgramData\VMware
2014-03-01 17:11 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-01 17:07 - 2013-06-18 20:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-01 17:01 - 2014-03-01 17:01 - 01037734 _____ (Thisisu) C:\Users\Aleks\Desktop\JRT.exe
2014-03-01 16:44 - 2014-03-01 16:44 - 00001082 _____ () C:\Windows\PFRO.log
2014-03-01 16:44 - 2014-03-01 16:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-01 16:44 - 2012-06-24 10:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-01 16:43 - 2014-02-28 14:43 - 00000000 ____D () C:\AdwCleaner
2014-03-01 16:41 - 2012-06-23 20:22 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Skype
2014-03-01 16:34 - 2012-11-10 23:41 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-01 14:17 - 2014-01-30 18:57 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\.minecraft
2014-02-28 14:07 - 2013-08-11 00:57 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\DVDVideoSoft
2014-02-28 13:58 - 2014-02-28 13:58 - 01244192 _____ () C:\Users\Aleks\Desktop\adwcleaner.exe
2014-02-28 13:49 - 2014-02-28 13:49 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-28 13:49 - 2014-02-28 13:49 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Malwarebytes
2014-02-28 13:49 - 2014-02-28 13:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-28 13:49 - 2014-02-28 13:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-28 13:48 - 2014-02-28 13:48 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Aleks\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-28 13:11 - 2014-02-28 13:10 - 00046434 _____ () C:\Users\Aleks\Desktop\Addition.txt
2014-02-28 13:08 - 2013-04-27 14:30 - 00000000 ____D () C:\Users\Aleks\Desktop\Graphics Pack
2014-02-28 13:07 - 2014-02-28 13:07 - 00000000 ____D () C:\Users\Aleks\Desktop\FRST-OlderVersion
2014-02-28 13:07 - 2014-02-17 15:50 - 02155520 _____ (Farbar) C:\Users\Aleks\Desktop\FRST64.exe
2014-02-28 13:00 - 2014-02-17 15:50 - 00041095 _____ () C:\Users\Aleks\Downloads\FRST.txt
2014-02-27 21:23 - 2012-07-18 09:42 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Ubisoft
2014-02-27 21:19 - 2012-07-18 09:27 - 00000000 ____D () C:\ProgramData\Ubisoft
2014-02-27 21:15 - 2013-11-21 15:53 - 00000000 ____D () C:\Games
2014-02-27 20:53 - 2012-04-10 12:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-27 20:32 - 2014-02-27 20:32 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\InstallShield
2014-02-25 17:02 - 2012-06-24 20:43 - 00000000 ____D () C:\Users\Aleks\AppData\Local\CrashDumps
2014-02-24 17:50 - 2014-02-24 17:50 - 01934845 _____ () C:\Users\Aleks\Downloads\CakeDefense2 by disco.zip
2014-02-22 23:59 - 2013-12-24 21:25 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Samsung
2014-02-22 18:14 - 2013-06-23 20:00 - 00000000 ____D () C:\Users\Aleks\Documents\Telltale Games
2014-02-22 18:03 - 2014-02-22 18:03 - 00001106 _____ () C:\Users\Public\Desktop\The Walking Dead.lnk
2014-02-22 17:35 - 2014-02-22 17:35 - 00347816 _____ (Microsoft Corporation) C:\Users\Aleks\Downloads\MicrosoftFixit.dvd.RNP.196316514133200575.1.1.Run.exe
2014-02-22 17:35 - 2014-01-18 21:47 - 00000000 ____D () C:\Users\Aleks\AppData\Local\NVIDIA
2014-02-22 17:21 - 2012-11-21 13:54 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-02-21 20:53 - 2013-08-10 23:34 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\TS3Client
2014-02-21 16:27 - 2012-04-30 02:44 - 00702734 _____ () C:\Windows\system32\perfh007.dat
2014-02-21 16:27 - 2012-04-30 02:44 - 00151110 _____ () C:\Windows\system32\perfc007.dat
2014-02-21 16:27 - 2009-07-14 06:13 - 01629986 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-17 21:55 - 2014-02-17 21:54 - 00000000 ____D () C:\Users\Aleks\AppData\Local\{4754A547-AD06-4B9A-A379-35F2B07F2E61}
2014-02-17 17:31 - 2014-02-17 17:16 - 00000000 ____D () C:\Users\Aleks\Documents\DragonNest
2014-02-17 15:52 - 2014-02-17 15:52 - 00038838 _____ () C:\Users\Aleks\Downloads\Addition.txt
2014-02-16 15:55 - 2014-02-16 15:55 - 00000613 _____ () C:\Users\Aleks\Documents\Uninstall STAR WARS The Old Republic.log
2014-02-16 15:49 - 2012-06-24 19:55 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-16 15:46 - 2012-07-18 09:27 - 00000000 ____D () C:\Users\Aleks\AppData\Local\Ubisoft Game Launcher
2014-02-16 15:43 - 2013-01-15 20:08 - 00000000 ____D () C:\Program Files (x86)\Safari
2014-02-16 15:39 - 2012-07-22 22:53 - 00000000 ____D () C:\Program Files (x86)\Project64 1.6
2014-02-16 15:37 - 2014-02-16 15:37 - 00000000 ____D () C:\Users\Aleks\.appwork
2014-02-16 15:37 - 2012-06-24 18:03 - 00000000 ____D () C:\Users\Aleks
2014-02-16 15:32 - 2013-06-26 15:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-02-16 15:23 - 2012-11-10 23:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-16 15:21 - 2013-01-07 15:53 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
2014-02-16 15:21 - 2012-12-30 12:40 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-02-16 15:21 - 2012-06-29 13:11 - 00001593 _____ () C:\Windows\wininit.ini
2014-02-16 15:19 - 2014-02-16 15:19 - 00003164 _____ () C:\Windows\System32\Tasks\{D1554531-22D6-4CDA-94E1-3344B3E172EE}
2014-02-16 14:55 - 2012-11-04 09:46 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-15 16:06 - 2012-04-29 17:24 - 00000032 _____ () C:\ProgramData\PS.log
2014-02-15 16:06 - 2012-04-10 13:19 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-02-15 16:06 - 2012-04-10 12:47 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-02-15 15:54 - 2013-11-30 00:56 - 00000000 ____D () C:\ProgramData\ProductData
2014-02-15 15:54 - 2013-06-18 20:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-15 15:54 - 2012-04-10 13:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-15 15:54 - 2012-04-10 13:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-15 15:36 - 2012-11-04 09:46 - 00000000 ____D () C:\ProgramData\Origin
2014-02-15 10:27 - 2014-02-15 10:27 - 01678803 _____ () C:\Users\Aleks\Downloads\15seconds.zip
2014-02-14 19:26 - 2014-02-14 19:26 - 00000000 ____D () C:\Users\Aleks\AppData\Local\Daedalic Entertainment
2014-02-11 18:47 - 2014-01-19 01:11 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\Nidhogg
2014-02-11 16:55 - 2014-02-11 16:55 - 00002205 _____ () C:\Users\Public\Desktop\Chaos auf Deponia.lnk
2014-02-11 16:45 - 2014-02-11 16:45 - 00000000 ____D () C:\Program Files (x86)\Daedalic Entertainment
2014-02-11 16:29 - 2012-11-10 23:41 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 16:29 - 2012-11-10 23:41 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-08 14:46 - 2013-08-10 23:34 - 00000971 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-02-08 14:45 - 2014-02-08 14:44 - 32520760 _____ (TeamSpeak Systems GmbH) C:\Users\Aleks\Downloads\TeamSpeak3-Client-win64-3.0.13.1.exe
2014-02-07 18:41 - 2013-04-22 17:08 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\.technic
2014-02-05 20:54 - 2013-08-24 20:48 - 00000000 ____D () C:\Users\Aleks\Desktop\Games
2014-02-05 16:32 - 2014-02-05 16:32 - 00000159 _____ () C:\Users\Aleks\Downloads\AleksorFX.vcf
2014-02-03 18:46 - 2014-02-03 18:46 - 05670237 _____ () C:\Users\Aleks\Downloads\klicker3.1.zip
2014-02-03 17:55 - 2014-02-03 17:55 - 00416311 _____ () C:\Users\Aleks\Downloads\zanMape_5897267.zip
2014-02-03 17:55 - 2014-02-03 17:55 - 00254645 _____ () C:\Users\Aleks\Downloads\[1.7.2]ReiMinimap_v3.4_03beta.zip
2014-02-03 12:35 - 2014-02-03 12:35 - 00000000 ____D () C:\Users\Aleks\AppData\Local\EdgeOfReality
2014-01-31 13:36 - 2014-01-31 13:36 - 00000000 ____D () C:\Users\Aleks\AppData\Roaming\NCSOFT
2014-01-31 13:36 - 2014-01-31 13:36 - 00000000 ____D () C:\Users\Aleks\AppData\Local\NCSOFT
2014-01-30 17:56 - 2014-01-30 17:56 - 01856304 _____ () C:\Users\Aleks\Downloads\Tekkit Skyblock 4.0.rar

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Aleks\AppData\Local\Temp\avgnt.exe
C:\Users\Aleks\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 20:37

==================== End Of Log ============================
--- --- ---

Das wären die Logs.
Ein weiteres Problem ist, dass ich >JRT< nicht ausführen kann.
Um es genauer zu beschreiben, schließt es sich direkt wieder.JRT wurde
als Administrator geöffnet.Habe auch den PC restartet, und Avira ausgemacht,
und JRT direkt gestartet.Hat ebenfalls nicht geholfen.
MFG Aleks.

schrauber 02.03.2014 18:17

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:55 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131