Trojaner-Board
Seite 3 von 4 12 3 4
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Webseiten werden auf Werbung umgeleitet (https://www.trojaner-board.de/152815-webseiten-werbung-umgeleitet.html)

Kerrigan 12.05.2014 13:43
Hallo,

hier ist der Bericht von Rouge. Entfernen sollte ich nichts oder?

Code:
RogueKiller V8.8.15 _x64_ [Mar 27 2014] durch Adlice Software
mail : hxxp://www.adlice.com/contact/
Kommentare : hxxp://forum.adlice.com
Webseite : hxxp://www.adlice.com/softwares/roguekiller/
Blog : hxxp://www.adlice.com

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : User1 [Admin Rechte]
Funktion : Scannen -- Datum : 05/12/2014 14:37:49
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 7 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> GEFUNDEN
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> GEFUNDEN
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> GEFUNDEN
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> GEFUNDEN
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> GEFUNDEN
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN

¤¤¤ Geplante Tasks : 0 ¤¤¤

¤¤¤ Autostart-Einträge : 0 ¤¤¤

¤¤¤ Web-Browsern : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤
[Address] EAT @explorer.exe (AsyncGetClassBits) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1F70B0)
[Address] EAT @explorer.exe (AsyncInstallDistributionUnit) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1F7210)
[Address] EAT @explorer.exe (BindAsyncMoniker) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E1F90)
[Address] EAT @explorer.exe (CDLGetLongPathNameA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1F78D0)
[Address] EAT @explorer.exe (CDLGetLongPathNameW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1F78E8)
[Address] EAT @explorer.exe (CORPolicyProvider) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E1674)
[Address] EAT @explorer.exe (CoGetClassObjectFromURL) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1F73FC)
[Address] EAT @explorer.exe (CoInstall) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1F7460)
[Address] EAT @explorer.exe (CoInternetCanonicalizeIUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1A5660)
[Address] EAT @explorer.exe (CoInternetCombineIUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1A80A0)
[Address] EAT @explorer.exe (CoInternetCombineUrl) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1946A4)
[Address] EAT @explorer.exe (CoInternetCombineUrlEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1943C0)
[Address] EAT @explorer.exe (CoInternetCompareUrl) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E5280)
[Address] EAT @explorer.exe (CoInternetCreateSecurityManager) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF161EE0)
[Address] EAT @explorer.exe (CoInternetCreateZoneManager) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF170810)
[Address] EAT @explorer.exe (CoInternetFeatureSettingsChanged) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF220284)
[Address] EAT @explorer.exe (CoInternetGetProtocolFlags) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E537C)
[Address] EAT @explorer.exe (CoInternetGetSecurityUrl) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E53D0)
[Address] EAT @explorer.exe (CoInternetGetSecurityUrlEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1A9CD0)
[Address] EAT @explorer.exe (CoInternetGetSession) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF162460)
[Address] EAT @explorer.exe (CoInternetIsFeatureEnabled) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1A8DC0)
[Address] EAT @explorer.exe (CoInternetIsFeatureEnabledForIUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1A51B8)
[Address] EAT @explorer.exe (CoInternetIsFeatureEnabledForUrl) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1A1820)
[Address] EAT @explorer.exe (CoInternetIsFeatureZoneElevationEnabled) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E586C)
[Address] EAT @explorer.exe (CoInternetParseIUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1956A8)
[Address] EAT @explorer.exe (CoInternetParseUrl) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF171490)
[Address] EAT @explorer.exe (CoInternetQueryInfo) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1A7C50)
[Address] EAT @explorer.exe (CoInternetSetFeatureEnabled) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E5AF4)
[Address] EAT @explorer.exe (CompareSecurityIds) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF17D1A4)
[Address] EAT @explorer.exe (CompatFlagsFromClsid) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1A4044)
[Address] EAT @explorer.exe (CopyBindInfo) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1F3020)
[Address] EAT @explorer.exe (CopyStgMedium) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF16BA0C)
[Address] EAT @explorer.exe (CreateAsyncBindCtx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1B86C0)
[Address] EAT @explorer.exe (CreateAsyncBindCtxEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1A3D14)
[Address] EAT @explorer.exe (CreateFormatEnumerator) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1868E0)
[Address] EAT @explorer.exe (CreateIUriBuilder) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF163660)
[Address] EAT @explorer.exe (CreateURLMoniker) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1BCCF4)
[Address] EAT @explorer.exe (CreateURLMonikerEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1678D0)
[Address] EAT @explorer.exe (CreateURLMonikerEx2) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1A40F0)
[Address] EAT @explorer.exe (CreateUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1616F0)
[Address] EAT @explorer.exe (CreateUriFromMultiByteString) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E1EE4)
[Address] EAT @explorer.exe (CreateUriPriv) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E1EF8)
[Address] EAT @explorer.exe (CreateUriWithFragment) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E1F40)
[Address] EAT @explorer.exe (DllCanUnloadNow) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF161600)
[Address] EAT @explorer.exe (DllGetClassObject) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1AAB3C)
[Address] EAT @explorer.exe (DllInstall) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E2458)
[Address] EAT @explorer.exe (DllRegisterServer) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E2464)
[Address] EAT @explorer.exe (DllRegisterServerEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1BE070)
[Address] EAT @explorer.exe (DllUnregisterServer) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E2470)
[Address] EAT @explorer.exe (Extract) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1F7F74)
[Address] EAT @explorer.exe (FaultInIEFeature) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1F8FE8)
[Address] EAT @explorer.exe (FileBearsMarkOfTheWeb) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF196B60)
[Address] EAT @explorer.exe (FindMediaType) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E2E9C)
[Address] EAT @explorer.exe (FindMediaTypeClass) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF186080)
[Address] EAT @explorer.exe (FindMimeFromData) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1A50BC)
[Address] EAT @explorer.exe (GetAddSitesFileUrl) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF2202B0)
[Address] EAT @explorer.exe (GetClassFileOrMime) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1BB8EC)
[Address] EAT @explorer.exe (GetClassURL) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E2074)
[Address] EAT @explorer.exe (GetComponentIDFromCLSSPEC) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1F92E8)
[Address] EAT @explorer.exe (GetIDNFlagsForUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF17C7F0)
[Address] EAT @explorer.exe (GetIUriPriv) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E1F60)
[Address] EAT @explorer.exe (GetIUriPriv2) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E1F50)
[Address] EAT @explorer.exe (GetLabelsFromNamedHost) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF228B54)
[Address] EAT @explorer.exe (GetMarkOfTheWeb) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF219390)
[Address] EAT @explorer.exe (GetPortFromUrlScheme) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E1E94)
[Address] EAT @explorer.exe (GetPropertyFromName) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E1EA4)
[Address] EAT @explorer.exe (GetPropertyName) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E1EB4)
[Address] EAT @explorer.exe (GetSoftwareUpdateInfo) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1BE070)
[Address] EAT @explorer.exe (GetUrlmonThreadNotificationHwnd) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1BDEB4)
[Address] EAT @explorer.exe (GetZoneFromAlternateDataStreamEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF166D90)
[Address] EAT @explorer.exe (HlinkGoBack) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF216E78)
[Address] EAT @explorer.exe (HlinkGoForward) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF216F24)
[Address] EAT @explorer.exe (HlinkNavigateMoniker) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF216FD0)
[Address] EAT @explorer.exe (HlinkNavigateString) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF217004)
[Address] EAT @explorer.exe (HlinkSimpleNavigateToMoniker) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF217038)
[Address] EAT @explorer.exe (HlinkSimpleNavigateToString) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF2175E8)
[Address] EAT @explorer.exe (IECompatLogCSSFix) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1F12FC)
[Address] EAT @explorer.exe (IEDllLoader) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E26F0)
[Address] EAT @explorer.exe (IEGetUserPrivateNamespaceName) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1F3244)
[Address] EAT @explorer.exe (IEInstallScope) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1F7554)
[Address] EAT @explorer.exe (IntlPercentEncodeNormalize) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E1F70)
[Address] EAT @explorer.exe (IsAsyncMoniker) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1A21FC)
[Address] EAT @explorer.exe (IsDWORDProperty) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E1EC4)
[Address] EAT @explorer.exe (IsIntranetAvailable) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF220668)
[Address] EAT @explorer.exe (IsJITInProgress) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF17B328)
[Address] EAT @explorer.exe (IsLoggingEnabledA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF21855C)
[Address] EAT @explorer.exe (IsLoggingEnabledW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF218688)
[Address] EAT @explorer.exe (IsStringProperty) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E1ED4)
[Address] EAT @explorer.exe (IsValidURL) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF197610)
[Address] EAT @explorer.exe (MkParseDisplayNameEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1B92F0)
[Address] EAT @explorer.exe (ObtainUserAgentString) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1EDCE0)
[Address] EAT @explorer.exe (PrivateCoInstall) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1F7560)
[Address] EAT @explorer.exe (QueryAssociations) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF17E9C0)
[Address] EAT @explorer.exe (QueryClsidAssociation) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1F0A8C)
[Address] EAT @explorer.exe (RegisterBindStatusCallback) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF19F600)
[Address] EAT @explorer.exe (RegisterFormatEnumerator) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1A1C6C)
[Address] EAT @explorer.exe (RegisterMediaTypeClass) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E20C0)
[Address] EAT @explorer.exe (RegisterMediaTypes) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E2210)
[Address] EAT @explorer.exe (RegisterWebPlatformPermanentSecurityManager) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF198C54)
[Address] EAT @explorer.exe (ReleaseBindInfo) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF167D40)
[Address] EAT @explorer.exe (RevokeBindStatusCallback) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF19FBF0)
[Address] EAT @explorer.exe (RevokeFormatEnumerator) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E22CC)
[Address] EAT @explorer.exe (SetAccessForIEAppContainer) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1F3258)
[Address] EAT @explorer.exe (SetSoftwareUpdateAdvertisementState) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1BE070)
[Address] EAT @explorer.exe (ShouldDisplayPunycodeForUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1EDE50)
[Address] EAT @explorer.exe (ShouldShowIntranetWarningSecband) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1A3A3C)
[Address] EAT @explorer.exe (ShowTrustAlertDialog) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF220820)
[Address] EAT @explorer.exe (URLDownloadA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E5CC4)
[Address] EAT @explorer.exe (URLDownloadToCacheFileA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF217D9C)
[Address] EAT @explorer.exe (URLDownloadToCacheFileW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF18A0C4)
[Address] EAT @explorer.exe (URLDownloadToFileA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF217F10)
[Address] EAT @explorer.exe (URLDownloadToFileW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF18EFD0)
[Address] EAT @explorer.exe (URLDownloadW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E5D78)
[Address] EAT @explorer.exe (URLOpenBlockingStreamA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF218058)
[Address] EAT @explorer.exe (URLOpenBlockingStreamW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF218138)
[Address] EAT @explorer.exe (URLOpenPullStreamA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF21821C)
[Address] EAT @explorer.exe (URLOpenPullStreamW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF2182E0)
[Address] EAT @explorer.exe (URLOpenStreamA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF218408)
[Address] EAT @explorer.exe (URLOpenStreamW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF2184D0)
[Address] EAT @explorer.exe (UnregisterWebPlatformPermanentSecurityManager) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1BC9B4)
[Address] EAT @explorer.exe (UrlMkBuildVersion) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF1E2804)
[Address] EAT @explorer.exe (UrlMkGetSessionOption) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF173E60)
[Address] EAT @explorer.exe (UrlMkSetSessionOption) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF19D0E4)
[Address] EAT @explorer.exe (UrlmonCleanupCurrentThread) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF18A27C)
[Address] EAT @explorer.exe (WriteHitLogging) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF2185D0)
[Address] EAT @explorer.exe (ZonesReInit) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFF219C30)

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infektion :  ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EALX-009BA0 ATA Device +++++
--- User ---
[MBR] 4e08872e192e8c6e0c1d0fedfaeda45f
[BSP] 3b932c3ea17df325cd0025b065592a32 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Multi Flash Reader USB Device +++++
Error reading User MBR! ([0x15] Das Gerät ist nicht bereit. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Die Anforderung wird nicht unterstützt. )

Abgeschlossen : << RKreport[0]_S_05122014_143749.txt >>
RKreport[0]_S_05122014_143525.txt

schrauber 13.05.2014 09:58
Ok, jetzt alles wa sgefunden wird entfernen lassen, ebenso den Button DNS Fix drücken, dann rebooten und frisches FRST log bitte.

Kerrigan 13.05.2014 16:58
Hey,

hier der Scan.


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01
Ran by User1 (administrator) on User1-PC-NE on 13-05-2014 17:49:17
Running from C:\Users\User1\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Spotify Ltd) C:\Users\User1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\Turbo Key\TurboKey.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Gaming Mouse\Monitor.exe
(Game Inc.) C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Cpu Level Up help] => C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe [887936 2009-12-28] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Turbo Key] => C:\Program Files\ASUS\Turbo Key\TurboKey.exe [1874432 2009-11-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Gaming mouse] => C:\Program Files (x86)\Gaming Mouse\Monitor.exe [761856 2013-07-17] ()
HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1803264 2012-06-07] (Game Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-196019333-3621520618-2838316431-1000\...\Run: [Spotify] => C:\Users\User1\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-09] (Spotify Ltd)
HKU\S-1-5-21-196019333-3621520618-2838316431-1000\...\Run: [Spotify Web Helper] => C:\Users\User1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-09] (Spotify Ltd)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 121.157.39.117 114.114.114.114

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-23]
CHR Extension: (Google Drive) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-23]
CHR Extension: (YouTube) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-23]
CHR Extension: (Google-Suche) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-23]
CHR Extension: (Google Wallet) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-23]
CHR Extension: (Google Mail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-23]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-29] (ASUSTeK Computer Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [X]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-25] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-07] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [27648 2012-05-11] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-18] ()
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [806400 2011-02-11] (Realtek Semiconductor Corporation                          )
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-13 17:41 - 2014-05-13 17:41 - 00002445 _____ () C:\Users\User1\Desktop\RKreport[0]_D_05132014_174137.txt
2014-05-13 17:41 - 2014-05-13 17:41 - 00000860 _____ () C:\Users\User1\Desktop\RKreport[0]_DN_05132014_174143.txt
2014-05-13 17:39 - 2014-05-13 17:39 - 00002346 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05132014_173940.txt
2014-05-12 14:37 - 2014-05-12 14:44 - 00017189 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05122014_143749.txt
2014-05-12 14:35 - 2014-05-12 14:35 - 00017160 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05122014_143525.txt
2014-05-12 14:33 - 2014-05-12 14:33 - 04527616 _____ () C:\Users\User1\Desktop\RogueKillerX64 (1).exe
2014-05-12 14:32 - 2014-05-12 14:32 - 04527616 _____ () C:\Users\User1\Downloads\RogueKillerX64.exe
2014-05-12 14:31 - 2014-05-13 17:41 - 00000000 ____D () C:\Users\User1\Desktop\RK_Quarantine
2014-05-12 14:31 - 2014-03-26 13:57 - 04493824 _____ () C:\Users\User1\Desktop\RogueKillerX64.exe
2014-05-12 14:31 - 2014-03-26 13:57 - 03945472 _____ () C:\Users\User1\Desktop\RogueKiller.exe
2014-05-12 14:30 - 2014-05-12 14:30 - 02619924 _____ () C:\Users\User1\Downloads\RogueKiller_8.8.14 (1).zip
2014-05-12 14:29 - 2014-05-12 14:29 - 02619924 _____ () C:\Users\User1\Downloads\RogueKiller_8.8.14.zip
2014-05-04 02:18 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-04 02:18 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-04 02:18 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-04 02:18 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-01 00:03 - 2014-05-01 00:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-30 17:49 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-30 17:49 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-29 22:06 - 2014-04-29 22:06 - 00078313 _____ () C:\Users\User1\Downloads\CT_MailMod_5.4.2.2.zip
2014-04-29 21:46 - 2014-04-29 21:46 - 00061123 _____ () C:\Users\User1\Downloads\TradeSkillMaster_Mailing-v2.2.1.zip
2014-04-29 21:45 - 2014-04-29 21:46 - 00849575 _____ () C:\Users\User1\Downloads\TradeSkillMaster-v2.5.12.1.zip
2014-04-25 13:18 - 2014-04-25 13:18 - 01071360 _____ (Solid State Networks) C:\Users\User1\Downloads\install_flashplayer13x32axau_mssa_aaa_aih (2).exe
2014-04-24 18:01 - 2014-04-24 18:01 - 01071360 _____ (Solid State Networks) C:\Users\User1\Downloads\install_flashplayer13x32axau_mssa_aaa_aih (1).exe
2014-04-24 18:00 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-04-24 18:00 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-04-24 17:59 - 2014-05-08 21:49 - 00025435 _____ () C:\Users\User1\Desktop\Addition.txt
2014-04-24 17:58 - 2014-05-13 17:49 - 00000000 ____D () C:\Users\User1\Desktop\FRST-OlderVersion
2014-04-24 17:57 - 2014-04-24 17:57 - 01071360 _____ (Solid State Networks) C:\Users\User1\Downloads\install_flashplayer13x32axau_mssa_aaa_aih.exe
2014-04-23 13:49 - 2014-05-13 17:48 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-23 13:49 - 2014-05-10 20:25 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-23 13:49 - 2014-05-08 15:20 - 00004112 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-23 13:49 - 2014-05-08 15:20 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-23 13:49 - 2014-04-29 23:04 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-23 13:49 - 2014-04-23 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-23 13:48 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-23 13:48 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-23 13:48 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-23 13:39 - 2014-04-23 13:39 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieUserList
2014-04-23 13:39 - 2014-04-23 13:39 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieSiteList
2014-04-23 13:37 - 2014-04-23 13:37 - 02347384 _____ (ESET) C:\Users\User1\Desktop\esetsmartinstaller_enu.exe
2014-04-23 13:37 - 2014-04-23 13:37 - 00001272 _____ () C:\Users\User1\Desktop\Revo Uninstaller.lnk
2014-04-23 13:37 - 2014-04-23 13:37 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-23 13:23 - 2014-04-23 13:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User1\Desktop\revosetup95.exe
2014-04-23 13:23 - 2014-04-23 13:23 - 00855379 _____ () C:\Users\User1\Desktop\SecurityCheck.exe
2014-04-23 13:22 - 2014-04-23 13:22 - 02347384 _____ (ESET) C:\Users\User1\Downloads\esetsmartinstaller_enu.exe
2014-04-23 13:22 - 2014-04-23 13:22 - 00016569 _____ () C:\Users\User1\Desktop\Download (1).htm
2014-04-23 00:43 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-23 00:43 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-23 00:43 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-23 00:43 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-23 00:43 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-23 00:43 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-23 00:43 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-23 00:43 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-23 00:43 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-23 00:43 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-23 00:43 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-23 00:43 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-23 00:43 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-23 00:43 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-23 00:43 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-23 00:43 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-23 00:43 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-23 00:43 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-23 00:43 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-23 00:43 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-23 00:43 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-23 00:43 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-23 00:43 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-23 00:43 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-23 00:43 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-23 00:43 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-23 00:43 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-23 00:43 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-23 00:43 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-23 00:43 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-23 00:43 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-23 00:43 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-23 00:43 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-23 00:43 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-23 00:43 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-23 00:43 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-23 00:43 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-23 00:43 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-23 00:43 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-23 00:43 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-23 00:43 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-23 00:43 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-23 00:43 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-23 00:43 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-22 16:16 - 2014-05-13 17:49 - 00011876 _____ () C:\Users\User1\Desktop\FRST.txt
2014-04-22 16:15 - 2014-05-13 17:49 - 02066944 _____ (Farbar) C:\Users\User1\Desktop\FRST64.exe
2014-04-22 16:15 - 2014-04-22 16:15 - 00016102 _____ () C:\Users\User1\Desktop\Download.htm
2014-04-22 16:03 - 2014-04-22 16:03 - 00000818 _____ () C:\Users\User1\Desktop\JRT.txt
2014-04-22 15:58 - 2014-04-22 15:58 - 00000000 ____D () C:\Windows\ERUNT
2014-04-22 15:03 - 2014-04-22 15:03 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-22 15:03 - 2014-04-22 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-22 15:03 - 2014-04-22 15:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-22 15:03 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-22 15:03 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-22 15:03 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-22 15:02 - 2014-04-22 15:02 - 01335637 _____ () C:\Users\User1\Desktop\adwcleaner (1).exe
2014-04-22 15:01 - 2014-04-22 15:02 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User1\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-22 15:01 - 2014-04-22 15:01 - 01016261 _____ (Thisisu) C:\Users\User1\Desktop\JRT.exe
2014-04-21 21:57 - 2014-04-21 21:57 - 00019605 _____ () C:\ComboFix.txt
2014-04-21 21:51 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-21 21:51 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-21 21:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-21 21:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-21 21:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-21 21:51 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-21 21:51 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-21 21:51 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-21 21:42 - 2014-04-21 21:42 - 00001514 _____ () C:\Users\User1\Desktop\ComboFix - Verknüpfung.lnk
2014-04-21 20:57 - 2014-04-21 21:57 - 00000000 ____D () C:\Qoobox
2014-04-21 20:57 - 2014-04-21 21:56 - 00000000 ____D () C:\Windows\erdnt
2014-04-21 20:56 - 2014-04-21 20:56 - 05196870 ____R (Swearware) C:\Users\User1\Downloads\ComboFix.exe
2014-04-21 17:17 - 2014-04-21 17:17 - 00456072 _____ () C:\Windows\Minidump\042114-20997-01.dmp
2014-04-21 15:35 - 2014-04-21 15:35 - 00002098 _____ () C:\Users\User1\Desktop\Avira Free Antivirus starten.lnk
2014-04-21 15:32 - 2014-04-21 15:32 - 00002108 _____ () C:\Users\User1\Desktop\Avira Free Antivirus Profil Schnelle Systemprüfung.LNK
2014-04-21 15:06 - 2014-04-21 15:06 - 00380416 _____ () C:\Users\User1\Downloads\Gmer-19357.exe
2014-04-21 15:04 - 2014-04-21 15:04 - 00050477 _____ () C:\Users\User1\Downloads\Defogger.exe
2014-04-21 15:04 - 2014-04-21 15:04 - 00000480 _____ () C:\Users\User1\Downloads\defogger_disable.log
2014-04-21 15:04 - 2014-04-21 15:04 - 00000000 _____ () C:\Users\User1\defogger_reenable
2014-04-21 15:02 - 2014-05-13 17:42 - 00000000 ____D () C:\Scans
2014-04-21 14:59 - 2014-04-21 14:59 - 02056704 _____ (Farbar) C:\Users\User1\Downloads\FRST64 (1).exe
2014-04-21 13:30 - 2014-04-21 13:30 - 00000000 ____D () C:\Users\User1\Documents\ProcAlyzer Dumps
2014-04-21 13:27 - 2014-04-21 13:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-21 13:27 - 2014-04-21 13:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-21 13:27 - 2014-04-21 13:27 - 00001399 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-04-21 13:27 - 2014-04-21 13:27 - 00001387 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-21 13:27 - 2014-04-21 13:27 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-21 13:27 - 2014-04-21 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-04-21 13:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-04-21 13:25 - 2014-04-21 13:25 - 00613200 _____ (Chip Digital GmbH) C:\Users\User1\Downloads\SpyBot Search Destroy - CHIP-Downloader.exe
2014-04-21 13:15 - 2014-04-21 13:15 - 03355407 _____ () C:\Users\User1\Downloads\elvui-6.999 (3).zip
2014-04-21 12:50 - 2014-04-21 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-21 12:50 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-21 12:49 - 2014-04-21 12:50 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-20 22:03 - 2014-04-20 22:04 - 00188383 _____ () C:\Users\User1\Downloads\Malkorok.zip
2014-04-20 17:29 - 2014-04-20 17:29 - 03355407 _____ () C:\Users\User1\Downloads\elvui-6.999 (2).zip
2014-04-20 15:01 - 2014-04-20 15:01 - 03355407 _____ () C:\Users\User1\Downloads\elvui-6.999 (1).zip
2014-04-20 14:33 - 2014-04-20 14:33 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (8).exe
2014-04-19 23:17 - 2014-04-19 23:17 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (7).exe
2014-04-19 16:48 - 2014-04-19 16:48 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (6).exe
2014-04-18 17:53 - 2014-04-18 17:53 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (5).exe
2014-04-16 16:07 - 2014-04-16 16:07 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (4).exe
2014-04-16 16:03 - 2014-04-16 16:06 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-16 15:57 - 2014-04-21 17:17 - 782533897 _____ () C:\Windows\MEMORY.DMP
2014-04-16 15:57 - 2014-04-21 17:17 - 00000000 ____D () C:\Windows\Minidump
2014-04-16 15:57 - 2014-04-16 15:57 - 00275592 _____ () C:\Windows\Minidump\041614-20826-01.dmp
2014-04-15 18:01 - 2014-04-15 18:02 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (3).exe
2014-04-13 21:02 - 2014-04-13 21:02 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (2).exe
2014-04-13 16:44 - 2014-04-13 16:44 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (1).exe

==================== One Month Modified Files and Folders =======

2014-05-13 17:49 - 2014-04-24 17:58 - 00000000 ____D () C:\Users\User1\Desktop\FRST-OlderVersion
2014-05-13 17:49 - 2014-04-22 16:16 - 00011876 _____ () C:\Users\User1\Desktop\FRST.txt
2014-05-13 17:49 - 2014-04-22 16:15 - 02066944 _____ (Farbar) C:\Users\User1\Desktop\FRST64.exe
2014-05-13 17:49 - 2014-04-09 18:30 - 00000000 ____D () C:\FRST
2014-05-13 17:48 - 2014-04-23 13:49 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-13 17:48 - 2013-11-26 19:49 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Spotify
2014-05-13 17:48 - 2013-10-08 22:34 - 00000330 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job
2014-05-13 17:43 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-13 17:43 - 2009-07-14 06:51 - 00038454 _____ () C:\Windows\setupact.log
2014-05-13 17:42 - 2014-04-21 15:02 - 00000000 ____D () C:\Scans
2014-05-13 17:42 - 2013-10-08 19:57 - 01756908 _____ () C:\Windows\WindowsUpdate.log
2014-05-13 17:42 - 2009-07-14 06:45 - 00025280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-13 17:42 - 2009-07-14 06:45 - 00025280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-13 17:41 - 2014-05-13 17:41 - 00002445 _____ () C:\Users\User1\Desktop\RKreport[0]_D_05132014_174137.txt
2014-05-13 17:41 - 2014-05-13 17:41 - 00000860 _____ () C:\Users\User1\Desktop\RKreport[0]_DN_05132014_174143.txt
2014-05-13 17:41 - 2014-05-12 14:31 - 00000000 ____D () C:\Users\User1\Desktop\RK_Quarantine
2014-05-13 17:39 - 2014-05-13 17:39 - 00002346 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05132014_173940.txt
2014-05-12 14:44 - 2014-05-12 14:37 - 00017189 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05122014_143749.txt
2014-05-12 14:35 - 2014-05-12 14:35 - 00017160 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05122014_143525.txt
2014-05-12 14:33 - 2014-05-12 14:33 - 04527616 _____ () C:\Users\User1\Desktop\RogueKillerX64 (1).exe
2014-05-12 14:32 - 2014-05-12 14:32 - 04527616 _____ () C:\Users\User1\Downloads\RogueKillerX64.exe
2014-05-12 14:30 - 2014-05-12 14:30 - 02619924 _____ () C:\Users\User1\Downloads\RogueKiller_8.8.14 (1).zip
2014-05-12 14:29 - 2014-05-12 14:29 - 02619924 _____ () C:\Users\User1\Downloads\RogueKiller_8.8.14.zip
2014-05-10 20:25 - 2014-04-23 13:49 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-10 20:14 - 2013-10-14 14:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-08 21:49 - 2014-04-24 17:59 - 00025435 _____ () C:\Users\User1\Desktop\Addition.txt
2014-05-08 15:20 - 2014-04-23 13:49 - 00004112 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 15:20 - 2014-04-23 13:49 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-07 00:15 - 2013-10-09 19:48 - 00000000 ____D () C:\Users\User1\AppData\Local\Battle.net
2014-05-06 18:20 - 2013-10-22 18:07 - 00000000 ____D () C:\Users\User1\Documents\StarCraft II
2014-05-06 17:43 - 2013-11-26 19:49 - 00000000 ____D () C:\Users\User1\AppData\Local\Spotify
2014-05-02 20:59 - 2013-10-09 19:48 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-05-01 00:03 - 2014-05-01 00:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-29 23:04 - 2014-04-23 13:49 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-29 22:06 - 2014-04-29 22:06 - 00078313 _____ () C:\Users\User1\Downloads\CT_MailMod_5.4.2.2.zip
2014-04-29 21:46 - 2014-04-29 21:46 - 00061123 _____ () C:\Users\User1\Downloads\TradeSkillMaster_Mailing-v2.2.1.zip
2014-04-29 21:46 - 2014-04-29 21:45 - 00849575 _____ () C:\Users\User1\Downloads\TradeSkillMaster-v2.5.12.1.zip
2014-04-29 21:45 - 2013-10-09 19:48 - 00000000 ____D () C:\Users\User1\AppData\Local\Deployment
2014-04-29 18:14 - 2013-10-14 14:04 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 18:14 - 2013-10-14 14:04 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 18:14 - 2013-10-14 14:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 16:01 - 2014-05-04 02:18 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-04 02:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-04 02:18 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-04 02:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-26 16:26 - 2013-10-09 13:41 - 00000000 ____D () C:\World of Warcraft
2014-04-25 13:18 - 2014-04-25 13:18 - 01071360 _____ (Solid State Networks) C:\Users\User1\Downloads\install_flashplayer13x32axau_mssa_aaa_aih (2).exe
2014-04-24 18:01 - 2014-04-24 18:01 - 01071360 _____ (Solid State Networks) C:\Users\User1\Downloads\install_flashplayer13x32axau_mssa_aaa_aih (1).exe
2014-04-24 17:57 - 2014-04-24 17:57 - 01071360 _____ (Solid State Networks) C:\Users\User1\Downloads\install_flashplayer13x32axau_mssa_aaa_aih.exe
2014-04-24 17:53 - 2010-11-21 05:47 - 00284572 _____ () C:\Windows\PFRO.log
2014-04-23 16:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-23 13:49 - 2014-04-23 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-23 13:49 - 2013-10-08 21:40 - 00000000 ____D () C:\Users\User1\AppData\Local\Google
2014-04-23 13:49 - 2013-10-08 21:40 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-23 13:47 - 2013-10-22 20:11 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-23 13:39 - 2014-04-23 13:39 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieUserList
2014-04-23 13:39 - 2014-04-23 13:39 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieSiteList
2014-04-23 13:37 - 2014-04-23 13:37 - 02347384 _____ (ESET) C:\Users\User1\Desktop\esetsmartinstaller_enu.exe
2014-04-23 13:37 - 2014-04-23 13:37 - 00001272 _____ () C:\Users\User1\Desktop\Revo Uninstaller.lnk
2014-04-23 13:37 - 2014-04-23 13:37 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-23 13:23 - 2014-04-23 13:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User1\Desktop\revosetup95.exe
2014-04-23 13:23 - 2014-04-23 13:23 - 00855379 _____ () C:\Users\User1\Desktop\SecurityCheck.exe
2014-04-23 13:22 - 2014-04-23 13:22 - 02347384 _____ (ESET) C:\Users\User1\Downloads\esetsmartinstaller_enu.exe
2014-04-23 13:22 - 2014-04-23 13:22 - 00016569 _____ () C:\Users\User1\Desktop\Download (1).htm
2014-04-23 13:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-22 16:15 - 2014-04-22 16:15 - 00016102 _____ () C:\Users\User1\Desktop\Download.htm
2014-04-22 16:03 - 2014-04-22 16:03 - 00000818 _____ () C:\Users\User1\Desktop\JRT.txt
2014-04-22 15:58 - 2014-04-22 15:58 - 00000000 ____D () C:\Windows\ERUNT
2014-04-22 15:55 - 2013-10-10 01:00 - 00000000 ____D () C:\AdwCleaner
2014-04-22 15:07 - 2014-03-27 14:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 15:03 - 2014-04-22 15:03 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-22 15:03 - 2014-04-22 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-22 15:03 - 2014-04-22 15:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-22 15:02 - 2014-04-22 15:02 - 01335637 _____ () C:\Users\User1\Desktop\adwcleaner (1).exe
2014-04-22 15:02 - 2014-04-22 15:01 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User1\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-22 15:01 - 2014-04-22 15:01 - 01016261 _____ (Thisisu) C:\Users\User1\Desktop\JRT.exe
2014-04-21 21:58 - 2013-10-09 19:48 - 00000000 ____D () C:\Users\User1\AppData\Local\Apps\2.0
2014-04-21 21:57 - 2014-04-21 21:57 - 00019605 _____ () C:\ComboFix.txt
2014-04-21 21:57 - 2014-04-21 20:57 - 00000000 ____D () C:\Qoobox
2014-04-21 21:57 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-21 21:56 - 2014-04-21 20:57 - 00000000 ____D () C:\Windows\erdnt
2014-04-21 21:56 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-21 21:42 - 2014-04-21 21:42 - 00001514 _____ () C:\Users\User1\Desktop\ComboFix - Verknüpfung.lnk
2014-04-21 20:56 - 2014-04-21 20:56 - 05196870 ____R (Swearware) C:\Users\User1\Downloads\ComboFix.exe
2014-04-21 17:17 - 2014-04-21 17:17 - 00456072 _____ () C:\Windows\Minidump\042114-20997-01.dmp
2014-04-21 17:17 - 2014-04-16 15:57 - 782533897 _____ () C:\Windows\MEMORY.DMP
2014-04-21 17:17 - 2014-04-16 15:57 - 00000000 ____D () C:\Windows\Minidump
2014-04-21 17:17 - 2014-04-03 00:03 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-04-21 15:35 - 2014-04-21 15:35 - 00002098 _____ () C:\Users\User1\Desktop\Avira Free Antivirus starten.lnk
2014-04-21 15:32 - 2014-04-21 15:32 - 00002108 _____ () C:\Users\User1\Desktop\Avira Free Antivirus Profil Schnelle Systemprüfung.LNK
2014-04-21 15:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-21 15:06 - 2014-04-21 15:06 - 00380416 _____ () C:\Users\User1\Downloads\Gmer-19357.exe
2014-04-21 15:04 - 2014-04-21 15:04 - 00050477 _____ () C:\Users\User1\Downloads\Defogger.exe
2014-04-21 15:04 - 2014-04-21 15:04 - 00000480 _____ () C:\Users\User1\Downloads\defogger_disable.log
2014-04-21 15:04 - 2014-04-21 15:04 - 00000000 _____ () C:\Users\User1\defogger_reenable
2014-04-21 15:04 - 2013-10-08 20:20 - 00000000 ____D () C:\Users\User1
2014-04-21 15:02 - 2014-04-09 18:30 - 00035861 _____ () C:\Users\User1\Downloads\FRST.txt
2014-04-21 14:59 - 2014-04-21 14:59 - 02056704 _____ (Farbar) C:\Users\User1\Downloads\FRST64 (1).exe
2014-04-21 13:33 - 2014-04-21 13:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-21 13:32 - 2014-04-21 13:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-21 13:30 - 2014-04-21 13:30 - 00000000 ____D () C:\Users\User1\Documents\ProcAlyzer Dumps
2014-04-21 13:27 - 2014-04-21 13:27 - 00001399 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-04-21 13:27 - 2014-04-21 13:27 - 00001387 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-21 13:27 - 2014-04-21 13:27 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-21 13:27 - 2014-04-21 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-04-21 13:25 - 2014-04-21 13:25 - 00613200 _____ (Chip Digital GmbH) C:\Users\User1\Downloads\SpyBot Search Destroy - CHIP-Downloader.exe
2014-04-21 13:22 - 2014-04-03 00:03 - 00000000 ____D () C:\Users\User1\Documents\Anti-Malware
2014-04-21 13:15 - 2014-04-21 13:15 - 03355407 _____ () C:\Users\User1\Downloads\elvui-6.999 (3).zip
2014-04-21 13:06 - 2013-10-09 17:30 - 00001110 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2014-04-21 13:06 - 2013-10-09 17:30 - 00001098 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-04-21 12:50 - 2014-04-21 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-21 12:50 - 2014-04-21 12:49 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-21 12:50 - 2013-10-22 20:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-20 22:04 - 2014-04-20 22:03 - 00188383 _____ () C:\Users\User1\Downloads\Malkorok.zip
2014-04-20 17:29 - 2014-04-20 17:29 - 03355407 _____ () C:\Users\User1\Downloads\elvui-6.999 (2).zip
2014-04-20 15:01 - 2014-04-20 15:01 - 03355407 _____ () C:\Users\User1\Downloads\elvui-6.999 (1).zip
2014-04-20 14:34 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-04-20 14:34 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-04-20 14:34 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-20 14:33 - 2014-04-20 14:33 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (8).exe
2014-04-19 23:17 - 2014-04-19 23:17 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (7).exe
2014-04-19 16:48 - 2014-04-19 16:48 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (6).exe
2014-04-18 17:53 - 2014-04-18 17:53 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (5).exe
2014-04-17 19:39 - 2013-10-08 21:40 - 00000000 ____D () C:\Program Files\Google
2014-04-16 16:07 - 2014-04-16 16:07 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (4).exe
2014-04-16 16:06 - 2014-04-16 16:03 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-16 15:57 - 2014-04-16 15:57 - 00275592 _____ () C:\Windows\Minidump\041614-20826-01.dmp
2014-04-15 18:02 - 2014-04-15 18:01 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (3).exe
2014-04-14 20:13 - 2014-04-21 12:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-23 13:48 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-23 13:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-23 13:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-14 04:24 - 2014-04-30 17:49 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-04-30 17:49 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-13 22:07 - 2014-04-12 17:16 - 00000000 ____D () C:\Users\User1\AppData\Roaming\TS3Client
2014-04-13 21:02 - 2014-04-13 21:02 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (2).exe
2014-04-13 16:44 - 2014-04-13 16:44 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (1).exe

Some content of TEMP:
====================
C:\Users\User1\AppData\Local\Temp\avgnt.exe
C:\Users\User1\AppData\Local\Temp\ntdll_dump.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-07 14:58

==================== End Of Log ============================
--- --- ---


Problem noch da :(

schrauber 14.05.2014 19:01
Bitte mal FRST öffnen, Haken setzen bei Addition und Shortcut, scannen, alle 3 Logs posten.

Kerrigan 14.05.2014 22:12
Hallo,

hier die drei gewünschten Scans.

Code:
Users shortcut scan result (x64) Version: 11-05-2014 01
Ran by User1 at 2014-05-14 23:08:26
Running from C:\Users\User1\Desktop
Boot Mode: Normal
==================== Shortcuts =============================

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk -> C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\Account- und Rechnungssupport.lnk -> C:\World of Warcraft\Data\deDE\AccountBilling.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\Technischer Kundendienst.lnk -> C:\World of Warcraft\Data\deDE\TechSupport.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\World of Warcraft.lnk -> C:\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\TeamSpeak 3 Client.lnk -> C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\Uninstall.lnk -> C:\Program Files\TeamSpeak 3 Client\Uninstall.exe (TeamSpeak Systems GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II\Battle.net-Accountverwaltung.lnk -> C:\Program Files (x86)\StarCraft II\Support\BattlenetAccount.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II\Blizzard Tech-Support.lnk -> C:\Program Files (x86)\StarCraft II\Support\TechSupport.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II\PTR von StarCraft II.lnk -> C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II\StarCraft II - Handbuch.lnk -> C:\Program Files (x86)\StarCraft II\Support\Manual.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II\StarCraft II - Karten-Editor.lnk -> C:\Program Files (x86)\StarCraft II\Support\SC2Editor.exe (Blizzard Entertainment, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II\StarCraft II.lnk -> C:\Program Files (x86)\StarCraft II\StarCraft II.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft\Kampagnen-Editor von StarCraft.lnk -> C:\StarCraft1\StarCraft\StarEdit.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft\Registrierung von StarCraft - Brood War.lnk -> C:\StarCraft1\StarCraft\Register Starcraft.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft\StarCraft - Brood War.lnk -> C:\StarCraft1\StarCraft\StarCraft.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft\StarCraft deinstallieren.lnk -> C:\Program Files (x86)\Common Files\Blizzard Entertainment\StarCraft\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Create System Report.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\File Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Immunization.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Rootkit Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\System Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Tray Icon (Live Protection).lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Uninstall Spybot-S&D.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHARKOON Skiller\Deinstallieren.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{91C25547-9534-41A5-823A-1E54BA16EA3F}\setup.exe (Macrovision Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHARKOON Skiller\SHARKOON Skiller Konfigurator.lnk -> C:\Program Files (x86)\SHARKOON Skiller\GameSetting.exe (Game Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek\Realtek Ethernet Diagnostic Utility\Realtek Ethernet Diagnostic Utility.lnk -> C:\Program Files (x86)\REALTEK\Realtek Ethernet Diagnostic Utility\8169Diag.exe (Realtek Semiconductor Corporation.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2003.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2003.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2003.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2003.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2003.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2003.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2003.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digitale Signatur für VBA-Projekte.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Spracheinstellungen.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Access Snapshot Viewer.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\mspicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\mspicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware entfernen.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone\Hearthstone.lnk -> C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grundschule Lernspass mit Hexe Lilli\Englisch Klasse 1+2\Englisch Klasse 1+2 - entfernen.lnk -> C:\Program Files (x86)\Grundschule Lernspass mit Hexe Lilli\Englisch Klasse 1+2\UNWISE.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grundschule Lernspass mit Hexe Lilli\Englisch Klasse 1+2\Englisch Klasse 1+2.lnk -> C:\Program Files (x86)\Grundschule Lernspass mit Hexe Lilli\Englisch Klasse 1+2\Englisch.exe (Macromedia, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grundschule Lernspass mit Hexe Lilli\Englisch Klasse 1+2\Hilfe.lnk -> C:\Program Files (x86)\Grundschule Lernspass mit Hexe Lilli\Englisch Klasse 1+2\Hilfe.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Battle.net-Accountverwaltung.lnk -> C:\Program Files (x86)\Diablo III\BattlenetAccount.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Blizzard Tech-Support.lnk -> C:\Program Files (x86)\Diablo III\TechSupport.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III - Handbuch.lnk -> C:\Program Files (x86)\Diablo III\Manual.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III.lnk -> C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus Hilfe.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avwin.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus starten.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira im Internet.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\weblink.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Readme anzeigen.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Turbo Key\Turbo Key V1.01.03.lnk -> C:\Program Files\ASUS\Turbo Key\TurboKey.exe (ASUSTeK Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Turbo Key\Uninstall.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}\Setup.exe (InstallShield Software Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\PC Probe II\Manual for PC Probe II.lnk -> C:\Program Files (x86)\ASUS\PC Probe II\manual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\PC Probe II\PC Probe II V1.04.92.lnk -> C:\Program Files (x86)\ASUS\PC Probe II\Probe2.exe (ASUSTeK Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\PC Probe II\UnInstall PC Probe II .lnk -> C:\Program Files (x86)\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe (InstallShield Software Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\EPU-4 Engine\EPU-4 Engine V1.02.01.lnk -> C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\EPU-4 Engine\Uninstall.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}\Setup.exe (InstallShield Software Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUSUpdate\ASUSUpdate.lnk -> C:\Program Files (x86)\ASUS\ASUSUpdate\Update.exe (ASUSTeK Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUSUpdate\Mylogo User Manual.lnk -> C:\Program Files (x86)\ASUS\ASUSUpdate\MyLogo2.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUSUpdate\MyLogo.lnk -> C:\Program Files (x86)\ASUS\ASUSUpdate\MyLogo.exe (ASUSTeK Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUSUpdate\Uninstall ASUSUpdate.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe (InstallShield Software Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AI Suite\AI Suite v1.06.22.lnk -> C:\Program Files\ASUS\Ai Suite\AiSuite.exe (ASUSTeK Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AI Suite\Manual for Q-Fan.lnk -> C:\Program Files\ASUS\Ai Suite\Q-Fan 2.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AI Suite\UnInstall.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\Setup.exe (InstallShield Software Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\AMD Catalyst Control Center.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD\RAIDXpert\RAIDXpert.lnk -> C:\Program Files (x86)\AMD\RAIDXpert\RAIDXpert.URL ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\DisplaySwitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{E8AE0286-9A63-4F4F-B479-0E4E4A2A8EB5}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\PlayTasks\0\Play.lnk -> C:\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Internet Explorer\Quick Launch\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Internet Explorer\Quick Launch\System Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Diablo III.lnk -> C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Hearthstone.lnk -> C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Hexe Lilli - Englisch 1+2.lnk -> C:\Program Files (x86)\Grundschule Lernspass mit Hexe Lilli\Englisch Klasse 1+2\Englisch.exe (Macromedia, Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\SHARKOON Skiller Konfigurator.lnk -> C:\Program Files (x86)\SHARKOON Skiller\GameSetting.exe (Game Inc.)
Shortcut: C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\Users\Public\Desktop\StarCraft - Brood War.lnk -> C:\StarCraft1\StarCraft\StarCraft.exe (No File)
Shortcut: C:\Users\Public\Desktop\StarCraft II.lnk -> C:\Program Files (x86)\StarCraft II\StarCraft II.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk -> C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH)
Shortcut: C:\Users\Public\Desktop\TeamViewer 8.lnk -> C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\Users\Public\Desktop\World of Warcraft.lnk -> C:\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\User1\Links\Desktop.lnk -> C:\Users\User1\Desktop ()
Shortcut: C:\Users\User1\Links\Downloads.lnk -> C:\Users\User1\Downloads ()
Shortcut: C:\Users\User1\Documents\StarCraft II\Satyra.111@2.lnk -> C:\Users\User1\Documents\StarCraft II\Accounts\100212177\2-S2-1-1061245 ()
Shortcut: C:\Users\User1\Desktop\Avira Free Antivirus starten.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\Users\User1\Desktop\ComboFix - Verknüpfung.lnk -> C:\Users\User1\Downloads\ComboFix.exe (Swearware)
Shortcut: C:\Users\User1\Desktop\Revo Uninstaller.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\User1\Desktop\Spotify.lnk -> C:\Users\User1\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
Shortcut: C:\Users\User1\Desktop\Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Users\User1\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe (VS Revo Group Ltd.)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url ()
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\User1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b15f30ab853b7d31\Diablo III.lnk -> C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\User1\AppData\Local\Microsoft\Windows\GameExplorer\{08425964-74C0-48D9-8FA4-9E9D88FD0B69}\PlayTasks\0\Spielen.lnk -> C:\StarCraft1\StarCraft\StarCraft.exe (No File)




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Neues Office-Dokument.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe () -> -n
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Office-Dokument öffnen.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe () -> -f
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Assistent zum Speichern eigener Einstellungen.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\opwicon.exe () -> /u
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Anwendungswiederherstellung.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe () -> -c
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gaming Mouse\Gaming Mouse Driver.lnk -> C:\Program Files (x86)\Gaming Mouse\Monitor.exe () -> 1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gaming Mouse\Uninstall.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{F1A273BD-6A9E-41D8-A111-5E56ACD286F8}\setup.exe (Macrovision Corporation) -> -runfromtemp -l0x0009
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\Hilfe.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Help -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\User1\Desktop\Avira Free Antivirus Profil Schnelle Systemprüfung.LNK -> C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG) -> /CFG="C:\Program Files (x86)\Avira\AntiVir Desktop\quicksysscan.avp"
ShortcutWithArgument: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group) -> -hunter
ShortcutWithArgument: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\User1\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\User1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk -> C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation) ->  /recycle
ShortcutWithArgument: C:\Users\User1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> hxxp://support.steampowered.com/
InternetURL: C:\Users\User1\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\User1\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\User1\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\User1\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\User1\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\User1\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\User1\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\User1\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\User1\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\User1\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\User1\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\User1\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\User1\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\User1\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\User1\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\User1\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\User1\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\User1\Favorites\Links\Vorgeschlagene Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\User1\Favorites\Links\Web Slice-Katalog.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\User1\Desktop\Left 4 Dead 2.url -> steam://rungameid/550
InternetURL: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Left 4 Dead 2.url -> steam://rungameid/550
InternetURL: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse\Curse Client online support.url -> hxxp://clientsupport.curse.com/

==================== End of log =============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01
Ran by User1 at 2014-05-14 23:08:05
Running from C:\Users\User1\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
AI Suite (HKLM-x32\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.06.22 - )
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{1E9871B6-7C44-9A3A-A1C0-F9729663C7F5}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0830.1944.33589 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.80830.1925 - Advanced Micro Devices, Inc.) Hidden
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
Gaming mouse Driver (HKLM-x32\...\{F1A273BD-6A9E-41D8-A111-5E56ACD286F8}) (Version: 1.0 - Togran)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Grundschule Lernspass mit Hexe Lilli Englisch Klasse 1+2 (HKLM-x32\...\Grundschule Lernspass mit Hexe Lilli Englisch Klasse 1+2) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045F0}) (Version: 7.0.450 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.92 - ASUSTeK Computer Inc.)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.10 - AMD)
RAIDXpert (x32 Version: 3.2.1540.10 - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - )
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
Turbo Key (HKLM-x32\...\{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}) (Version: 1.01.03 - )
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Restore Points  =========================

24-04-2014 18:18:29 Windows Update
29-04-2014 15:33:43 Windows Update
30-04-2014 22:03:21 Windows Update
04-05-2014 00:17:49 Windows Update
09-05-2014 12:36:55 Windows Update
13-05-2014 15:40:11 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-03-27 13:55 - 00000860 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {17AE2781-DC90-409D-844F-7505972C986D} - System32\Tasks\{B5B1AE0E-3C4C-4AD9-8669-91E4FF7D9AE7} => C:\StarCraft1\StarCraft\StarCraft.exe
Task: {1A00D3E0-B7C3-4A4D-82F2-E64CFE95E5CA} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {2FE213FF-1F17-4CBA-AD8E-8FF6E5743111} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {33F91DDD-7080-4E4E-A262-923E41365D8C} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files (x86)\Realtek\Realtek Ethernet Diagnostic Utility\8169Diag.exe [2011-11-16] (Realtek Semiconductor Corporation.)
Task: {398A692E-F869-4D02-9049-FDC6274CFE5F} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {4ABAA26D-889D-4B96-97AA-46AEB8C145C2} - System32\Tasks\{415876D4-2516-46E8-9E35-A397A136CFD5} => C:\StarCraft1\StarCraft\StarCraft.exe
Task: {4C3E5020-47BB-437B-BADF-F49A8531515E} - System32\Tasks\{2078D8B4-E896-44F1-8BBC-6CCB8A701A19} => C:\StarCraft1\StarCraft\StarCraft.exe
Task: {5C78006B-CFF9-440F-B2B2-314755DE0BC5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {7BF2CEF6-25DB-497A-AFD6-7FB0C7BD3997} - System32\Tasks\{2DA44194-053F-4631-A9F3-3DA0216DDF84} => C:\StarCraft1\StarCraft\StarCraft.exe
Task: {ADF24FC4-A0B7-45D3-93BA-9DAC484C82C6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {B38E72B5-EF1C-4D7E-9E27-515874A16FD7} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.12\AsLoader.exe [2010-01-14] (ASUSTeK Computer Inc.)
Task: {C1E9ADA0-5DCA-4968-A3A7-684D26A19C9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {CCB68486-F473-4770-A71D-50EEA4558A31} - System32\Tasks\ASUS\Cpu Level Up Hook Lanunch => C:\Program Files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe [2009-12-28] ()
Task: {CDA3F082-82A9-46B4-B38C-6B963E504691} - System32\Tasks\{43EA236D-C510-4A42-9726-86138A33EA20} => C:\StarCraft1\StarCraft\StarCraft.exe
Task: {DBB33BD9-114C-4DD4-82D7-DE1AF5F88CC4} - System32\Tasks\{98B32694-0566-4AC3-9644-A7CD534B12BD} => C:\StarCraft1\StarCraft\StarCraft.exe
Task: {EC05ADE8-4BA1-45A3-97CA-8DC8A51F72CC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {EFCB4FEE-9CF2-4B10-9C33-347CAD02CE64} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files (x86)\Realtek\Realtek Ethernet Diagnostic Utility\8169Diag.exe

==================== Loaded Modules (whitelisted) =============

2013-08-30 19:47 - 2013-08-30 19:47 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 14:41 - 2012-10-22 14:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 14:42 - 2012-10-22 14:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-08-30 19:47 - 2013-08-30 19:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2009-12-15 17:40 - 2009-12-15 17:40 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2013-12-13 14:46 - 2013-07-17 15:02 - 00761856 _____ () C:\Program Files (x86)\Gaming Mouse\Monitor.exe
2013-08-30 19:47 - 2013-08-30 19:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2009-12-15 17:40 - 2009-12-15 17:40 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-12-15 17:41 - 2009-12-15 17:41 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2013-10-09 18:22 - 2013-10-09 18:20 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2009-12-15 23:44 - 2009-12-15 23:44 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2014-04-21 13:27 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-04-21 13:27 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-04-21 13:27 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-04-21 13:27 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-04-21 13:27 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-10-08 21:42 - 2009-03-19 22:35 - 00208896 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
2013-10-08 21:42 - 2009-03-19 22:35 - 00008704 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
2013-10-08 21:42 - 2009-01-15 14:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2013-10-08 21:42 - 2009-03-25 16:53 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
2013-10-08 22:23 - 2009-04-29 14:24 - 00253952 _____ () C:\Program Files\ASUS\Turbo Key\pngio.dll
2013-10-08 22:23 - 2009-04-29 14:24 - 00208896 _____ () C:\Program Files\ASUS\Turbo Key\AiNap.dll
2013-10-08 22:23 - 2009-04-29 14:24 - 00008704 _____ () C:\Program Files\ASUS\Turbo Key\vvc.dll
2013-12-13 14:46 - 2013-05-21 11:40 - 00057344 _____ () C:\Program Files (x86)\Gaming Mouse\lan.dll
2013-12-13 14:46 - 2013-01-17 11:04 - 00061440 _____ () C:\Program Files (x86)\Gaming Mouse\hiddriver.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============

HKU\S-1-5-21-196019333-3621520618-2838316431-1000\Software\Classes\exefile:  <===== ATTENTION!

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2014 05:38:31 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2014 05:43:27 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2014 05:35:48 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 02:26:05 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2014 04:35:44 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2014 05:22:18 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2014 02:31:12 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2014 02:26:31 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2014 01:07:32 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 02:28:51 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/14/2014 05:38:26 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Machine Debug Manager" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/14/2014 05:38:25 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/13/2014 05:43:20 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Machine Debug Manager" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/13/2014 05:43:19 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/13/2014 05:35:42 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Machine Debug Manager" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/13/2014 05:35:40 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/12/2014 02:26:02 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Machine Debug Manager" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/12/2014 02:26:00 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/10/2014 04:35:41 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Machine Debug Manager" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/10/2014 04:35:39 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================
Error: (05/14/2014 05:38:31 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2014 05:43:27 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2014 05:35:48 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/12/2014 02:26:05 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2014 04:35:44 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2014 05:22:18 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2014 02:31:12 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2014 02:26:31 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2014 01:07:32 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 02:28:51 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 8174.12 MB
Available physical RAM: 7016.77 MB
Total Pagefile: 16346.41 MB
Available Pagefile: 14463.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:931.41 GB) (Free:799.1 GB) NTFS
Drive d: (Englisch12) (CDROM) (Total:0.32 GB) (Free:0 GB) CDFS
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: DB55773B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01
Ran by User1 (administrator) on User1-PC-NE on 14-05-2014 23:07:32
Running from C:\Users\User1\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\Turbo Key\TurboKey.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Gaming Mouse\Monitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Game Inc.) C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Cpu Level Up help] => C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe [887936 2009-12-28] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Turbo Key] => C:\Program Files\ASUS\Turbo Key\TurboKey.exe [1874432 2009-11-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Gaming mouse] => C:\Program Files (x86)\Gaming Mouse\Monitor.exe [761856 2013-07-17] ()
HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1803264 2012-06-07] (Game Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-196019333-3621520618-2838316431-1000\...\Run: [Spotify] => C:\Users\User1\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-09] (Spotify Ltd)
HKU\S-1-5-21-196019333-3621520618-2838316431-1000\...\Run: [Spotify Web Helper] => C:\Users\User1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-09] (Spotify Ltd)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 121.157.39.117 114.114.114.114

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-23]
CHR Extension: (Google Drive) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-23]
CHR Extension: (YouTube) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-23]
CHR Extension: (Google-Suche) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-23]
CHR Extension: (Google Wallet) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-23]
CHR Extension: (Google Mail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-23]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-29] (ASUSTeK Computer Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [X]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-25] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-07] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [27648 2012-05-11] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-18] ()
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [806400 2011-02-11] (Realtek Semiconductor Corporation                          )
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-13 17:41 - 2014-05-13 17:41 - 00002445 _____ () C:\Users\User1\Desktop\RKreport[0]_D_05132014_174137.txt
2014-05-13 17:41 - 2014-05-13 17:41 - 00000860 _____ () C:\Users\User1\Desktop\RKreport[0]_DN_05132014_174143.txt
2014-05-13 17:39 - 2014-05-13 17:39 - 00002346 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05132014_173940.txt
2014-05-12 14:37 - 2014-05-12 14:44 - 00017189 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05122014_143749.txt
2014-05-12 14:35 - 2014-05-12 14:35 - 00017160 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05122014_143525.txt
2014-05-12 14:33 - 2014-05-12 14:33 - 04527616 _____ () C:\Users\User1\Desktop\RogueKillerX64 (1).exe
2014-05-12 14:32 - 2014-05-12 14:32 - 04527616 _____ () C:\Users\User1\Downloads\RogueKillerX64.exe
2014-05-12 14:31 - 2014-05-13 17:41 - 00000000 ____D () C:\Users\User1\Desktop\RK_Quarantine
2014-05-12 14:31 - 2014-03-26 13:57 - 04493824 _____ () C:\Users\User1\Desktop\RogueKillerX64.exe
2014-05-12 14:31 - 2014-03-26 13:57 - 03945472 _____ () C:\Users\User1\Desktop\RogueKiller.exe
2014-05-12 14:30 - 2014-05-12 14:30 - 02619924 _____ () C:\Users\User1\Downloads\RogueKiller_8.8.14 (1).zip
2014-05-12 14:29 - 2014-05-12 14:29 - 02619924 _____ () C:\Users\User1\Downloads\RogueKiller_8.8.14.zip
2014-05-04 02:18 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-04 02:18 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-04 02:18 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-04 02:18 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-01 00:03 - 2014-05-01 00:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-30 17:49 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-30 17:49 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-29 22:06 - 2014-04-29 22:06 - 00078313 _____ () C:\Users\User1\Downloads\CT_MailMod_5.4.2.2.zip
2014-04-29 21:46 - 2014-04-29 21:46 - 00061123 _____ () C:\Users\User1\Downloads\TradeSkillMaster_Mailing-v2.2.1.zip
2014-04-29 21:45 - 2014-04-29 21:46 - 00849575 _____ () C:\Users\User1\Downloads\TradeSkillMaster-v2.5.12.1.zip
2014-04-25 13:18 - 2014-04-25 13:18 - 01071360 _____ (Solid State Networks) C:\Users\User1\Downloads\install_flashplayer13x32axau_mssa_aaa_aih (2).exe
2014-04-24 18:01 - 2014-04-24 18:01 - 01071360 _____ (Solid State Networks) C:\Users\User1\Downloads\install_flashplayer13x32axau_mssa_aaa_aih (1).exe
2014-04-24 18:00 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-04-24 18:00 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-04-24 17:59 - 2014-05-08 21:49 - 00025435 _____ () C:\Users\User1\Desktop\Addition.txt
2014-04-24 17:58 - 2014-05-13 17:49 - 00000000 ____D () C:\Users\User1\Desktop\FRST-OlderVersion
2014-04-24 17:57 - 2014-04-24 17:57 - 01071360 _____ (Solid State Networks) C:\Users\User1\Downloads\install_flashplayer13x32axau_mssa_aaa_aih.exe
2014-04-23 13:49 - 2014-05-14 22:25 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-23 13:49 - 2014-05-14 17:38 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-23 13:49 - 2014-05-08 15:20 - 00004112 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-23 13:49 - 2014-05-08 15:20 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-23 13:49 - 2014-04-29 23:04 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-23 13:49 - 2014-04-23 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-23 13:48 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-23 13:48 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-23 13:48 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-23 13:39 - 2014-04-23 13:39 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieUserList
2014-04-23 13:39 - 2014-04-23 13:39 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieSiteList
2014-04-23 13:37 - 2014-04-23 13:37 - 02347384 _____ (ESET) C:\Users\User1\Desktop\esetsmartinstaller_enu.exe
2014-04-23 13:37 - 2014-04-23 13:37 - 00001272 _____ () C:\Users\User1\Desktop\Revo Uninstaller.lnk
2014-04-23 13:37 - 2014-04-23 13:37 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-23 13:23 - 2014-04-23 13:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User1\Desktop\revosetup95.exe
2014-04-23 13:23 - 2014-04-23 13:23 - 00855379 _____ () C:\Users\User1\Desktop\SecurityCheck.exe
2014-04-23 13:22 - 2014-04-23 13:22 - 02347384 _____ (ESET) C:\Users\User1\Downloads\esetsmartinstaller_enu.exe
2014-04-23 13:22 - 2014-04-23 13:22 - 00016569 _____ () C:\Users\User1\Desktop\Download (1).htm
2014-04-23 00:43 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-23 00:43 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-23 00:43 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-23 00:43 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-23 00:43 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-23 00:43 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-23 00:43 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-23 00:43 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-23 00:43 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-23 00:43 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-23 00:43 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-23 00:43 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-23 00:43 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-23 00:43 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-23 00:43 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-23 00:43 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-23 00:43 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-23 00:43 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-23 00:43 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-23 00:43 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-23 00:43 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-23 00:43 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-23 00:43 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-23 00:43 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-23 00:43 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-23 00:43 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-23 00:43 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-23 00:43 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-23 00:43 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-23 00:43 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-23 00:43 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-23 00:43 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-23 00:43 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-23 00:43 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-23 00:43 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-23 00:43 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-23 00:43 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-23 00:43 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-23 00:43 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-23 00:43 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-23 00:43 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-23 00:43 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-23 00:43 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-23 00:43 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-22 16:16 - 2014-05-14 23:07 - 00011743 _____ () C:\Users\User1\Desktop\FRST.txt
2014-04-22 16:15 - 2014-05-13 17:49 - 02066944 _____ (Farbar) C:\Users\User1\Desktop\FRST64.exe
2014-04-22 16:15 - 2014-04-22 16:15 - 00016102 _____ () C:\Users\User1\Desktop\Download.htm
2014-04-22 16:03 - 2014-04-22 16:03 - 00000818 _____ () C:\Users\User1\Desktop\JRT.txt
2014-04-22 15:58 - 2014-04-22 15:58 - 00000000 ____D () C:\Windows\ERUNT
2014-04-22 15:03 - 2014-04-22 15:03 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-22 15:03 - 2014-04-22 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-22 15:03 - 2014-04-22 15:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-22 15:03 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-22 15:03 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-22 15:03 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-22 15:02 - 2014-04-22 15:02 - 01335637 _____ () C:\Users\User1\Desktop\adwcleaner (1).exe
2014-04-22 15:01 - 2014-04-22 15:02 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User1\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-22 15:01 - 2014-04-22 15:01 - 01016261 _____ (Thisisu) C:\Users\User1\Desktop\JRT.exe
2014-04-21 21:57 - 2014-04-21 21:57 - 00019605 _____ () C:\ComboFix.txt
2014-04-21 21:51 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-21 21:51 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-21 21:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-21 21:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-21 21:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-21 21:51 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-21 21:51 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-21 21:51 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-21 21:42 - 2014-04-21 21:42 - 00001514 _____ () C:\Users\User1\Desktop\ComboFix - Verknüpfung.lnk
2014-04-21 20:57 - 2014-04-21 21:57 - 00000000 ____D () C:\Qoobox
2014-04-21 20:57 - 2014-04-21 21:56 - 00000000 ____D () C:\Windows\erdnt
2014-04-21 20:56 - 2014-04-21 20:56 - 05196870 ____R (Swearware) C:\Users\User1\Downloads\ComboFix.exe
2014-04-21 17:17 - 2014-04-21 17:17 - 00456072 _____ () C:\Windows\Minidump\042114-20997-01.dmp
2014-04-21 15:35 - 2014-04-21 15:35 - 00002098 _____ () C:\Users\User1\Desktop\Avira Free Antivirus starten.lnk
2014-04-21 15:32 - 2014-04-21 15:32 - 00002108 _____ () C:\Users\User1\Desktop\Avira Free Antivirus Profil Schnelle Systemprüfung.LNK
2014-04-21 15:06 - 2014-04-21 15:06 - 00380416 _____ () C:\Users\User1\Downloads\Gmer-19357.exe
2014-04-21 15:04 - 2014-04-21 15:04 - 00050477 _____ () C:\Users\User1\Downloads\Defogger.exe
2014-04-21 15:04 - 2014-04-21 15:04 - 00000480 _____ () C:\Users\User1\Downloads\defogger_disable.log
2014-04-21 15:04 - 2014-04-21 15:04 - 00000000 _____ () C:\Users\User1\defogger_reenable
2014-04-21 15:02 - 2014-05-13 17:42 - 00000000 ____D () C:\Scans
2014-04-21 14:59 - 2014-04-21 14:59 - 02056704 _____ (Farbar) C:\Users\User1\Downloads\FRST64 (1).exe
2014-04-21 13:30 - 2014-04-21 13:30 - 00000000 ____D () C:\Users\User1\Documents\ProcAlyzer Dumps
2014-04-21 13:27 - 2014-04-21 13:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-21 13:27 - 2014-04-21 13:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-21 13:27 - 2014-04-21 13:27 - 00001399 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-04-21 13:27 - 2014-04-21 13:27 - 00001387 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-21 13:27 - 2014-04-21 13:27 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-21 13:27 - 2014-04-21 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-04-21 13:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-04-21 13:25 - 2014-04-21 13:25 - 00613200 _____ (Chip Digital GmbH) C:\Users\User1\Downloads\SpyBot Search Destroy - CHIP-Downloader.exe
2014-04-21 13:15 - 2014-04-21 13:15 - 03355407 _____ () C:\Users\User1\Downloads\elvui-6.999 (3).zip
2014-04-21 12:50 - 2014-04-21 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-21 12:50 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-21 12:49 - 2014-04-21 12:50 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-20 22:03 - 2014-04-20 22:04 - 00188383 _____ () C:\Users\User1\Downloads\Malkorok.zip
2014-04-20 17:29 - 2014-04-20 17:29 - 03355407 _____ () C:\Users\User1\Downloads\elvui-6.999 (2).zip
2014-04-20 15:01 - 2014-04-20 15:01 - 03355407 _____ () C:\Users\User1\Downloads\elvui-6.999 (1).zip
2014-04-20 14:33 - 2014-04-20 14:33 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (8).exe
2014-04-19 23:17 - 2014-04-19 23:17 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (7).exe
2014-04-19 16:48 - 2014-04-19 16:48 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (6).exe
2014-04-18 17:53 - 2014-04-18 17:53 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (5).exe
2014-04-16 16:07 - 2014-04-16 16:07 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (4).exe
2014-04-16 16:03 - 2014-04-16 16:06 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-16 15:57 - 2014-04-21 17:17 - 782533897 _____ () C:\Windows\MEMORY.DMP
2014-04-16 15:57 - 2014-04-21 17:17 - 00000000 ____D () C:\Windows\Minidump
2014-04-16 15:57 - 2014-04-16 15:57 - 00275592 _____ () C:\Windows\Minidump\041614-20826-01.dmp
2014-04-15 18:01 - 2014-04-15 18:02 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (3).exe

==================== One Month Modified Files and Folders =======

2014-05-14 23:07 - 2014-04-22 16:16 - 00011743 _____ () C:\Users\User1\Desktop\FRST.txt
2014-05-14 23:07 - 2014-04-09 18:30 - 00000000 ____D () C:\FRST
2014-05-14 23:07 - 2013-11-26 19:49 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Spotify
2014-05-14 22:25 - 2014-04-23 13:49 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-14 22:14 - 2013-10-14 14:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-14 22:08 - 2013-10-08 19:57 - 01828744 _____ () C:\Windows\WindowsUpdate.log
2014-05-14 19:15 - 2013-10-14 14:04 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 19:15 - 2013-10-14 14:04 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 19:15 - 2013-10-14 14:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 17:46 - 2013-10-08 22:34 - 00000330 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job
2014-05-14 17:46 - 2009-07-14 06:45 - 00025280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-14 17:46 - 2009-07-14 06:45 - 00025280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-14 17:38 - 2014-04-23 13:49 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-14 17:38 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-14 17:38 - 2009-07-14 06:51 - 00038510 _____ () C:\Windows\setupact.log
2014-05-14 00:11 - 2013-11-27 19:23 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-14 00:11 - 2013-10-09 19:48 - 00000000 ____D () C:\Users\User1\AppData\Local\Battle.net
2014-05-13 22:47 - 2013-10-09 13:41 - 00000000 ____D () C:\World of Warcraft
2014-05-13 17:49 - 2014-04-24 17:58 - 00000000 ____D () C:\Users\User1\Desktop\FRST-OlderVersion
2014-05-13 17:49 - 2014-04-22 16:15 - 02066944 _____ (Farbar) C:\Users\User1\Desktop\FRST64.exe
2014-05-13 17:42 - 2014-04-21 15:02 - 00000000 ____D () C:\Scans
2014-05-13 17:41 - 2014-05-13 17:41 - 00002445 _____ () C:\Users\User1\Desktop\RKreport[0]_D_05132014_174137.txt
2014-05-13 17:41 - 2014-05-13 17:41 - 00000860 _____ () C:\Users\User1\Desktop\RKreport[0]_DN_05132014_174143.txt
2014-05-13 17:41 - 2014-05-12 14:31 - 00000000 ____D () C:\Users\User1\Desktop\RK_Quarantine
2014-05-13 17:39 - 2014-05-13 17:39 - 00002346 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05132014_173940.txt
2014-05-12 14:44 - 2014-05-12 14:37 - 00017189 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05122014_143749.txt
2014-05-12 14:35 - 2014-05-12 14:35 - 00017160 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05122014_143525.txt
2014-05-12 14:33 - 2014-05-12 14:33 - 04527616 _____ () C:\Users\User1\Desktop\RogueKillerX64 (1).exe
2014-05-12 14:32 - 2014-05-12 14:32 - 04527616 _____ () C:\Users\User1\Downloads\RogueKillerX64.exe
2014-05-12 14:30 - 2014-05-12 14:30 - 02619924 _____ () C:\Users\User1\Downloads\RogueKiller_8.8.14 (1).zip
2014-05-12 14:29 - 2014-05-12 14:29 - 02619924 _____ () C:\Users\User1\Downloads\RogueKiller_8.8.14.zip
2014-05-08 21:49 - 2014-04-24 17:59 - 00025435 _____ () C:\Users\User1\Desktop\Addition.txt
2014-05-08 15:20 - 2014-04-23 13:49 - 00004112 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 15:20 - 2014-04-23 13:49 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 18:20 - 2013-10-22 18:07 - 00000000 ____D () C:\Users\User1\Documents\StarCraft II
2014-05-06 17:43 - 2013-11-26 19:49 - 00000000 ____D () C:\Users\User1\AppData\Local\Spotify
2014-05-02 20:59 - 2013-10-09 19:48 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-05-01 00:03 - 2014-05-01 00:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-29 23:04 - 2014-04-23 13:49 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-29 22:06 - 2014-04-29 22:06 - 00078313 _____ () C:\Users\User1\Downloads\CT_MailMod_5.4.2.2.zip
2014-04-29 21:46 - 2014-04-29 21:46 - 00061123 _____ () C:\Users\User1\Downloads\TradeSkillMaster_Mailing-v2.2.1.zip
2014-04-29 21:46 - 2014-04-29 21:45 - 00849575 _____ () C:\Users\User1\Downloads\TradeSkillMaster-v2.5.12.1.zip
2014-04-29 21:45 - 2013-10-09 19:48 - 00000000 ____D () C:\Users\User1\AppData\Local\Deployment
2014-04-29 16:01 - 2014-05-04 02:18 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-04 02:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-04 02:18 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-04 02:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-25 13:18 - 2014-04-25 13:18 - 01071360 _____ (Solid State Networks) C:\Users\User1\Downloads\install_flashplayer13x32axau_mssa_aaa_aih (2).exe
2014-04-24 18:01 - 2014-04-24 18:01 - 01071360 _____ (Solid State Networks) C:\Users\User1\Downloads\install_flashplayer13x32axau_mssa_aaa_aih (1).exe
2014-04-24 17:57 - 2014-04-24 17:57 - 01071360 _____ (Solid State Networks) C:\Users\User1\Downloads\install_flashplayer13x32axau_mssa_aaa_aih.exe
2014-04-24 17:53 - 2010-11-21 05:47 - 00284572 _____ () C:\Windows\PFRO.log
2014-04-23 16:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-23 13:49 - 2014-04-23 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-23 13:49 - 2013-10-08 21:40 - 00000000 ____D () C:\Users\User1\AppData\Local\Google
2014-04-23 13:49 - 2013-10-08 21:40 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-23 13:47 - 2013-10-22 20:11 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-23 13:39 - 2014-04-23 13:39 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieUserList
2014-04-23 13:39 - 2014-04-23 13:39 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieSiteList
2014-04-23 13:37 - 2014-04-23 13:37 - 02347384 _____ (ESET) C:\Users\User1\Desktop\esetsmartinstaller_enu.exe
2014-04-23 13:37 - 2014-04-23 13:37 - 00001272 _____ () C:\Users\User1\Desktop\Revo Uninstaller.lnk
2014-04-23 13:37 - 2014-04-23 13:37 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-23 13:23 - 2014-04-23 13:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User1\Desktop\revosetup95.exe
2014-04-23 13:23 - 2014-04-23 13:23 - 00855379 _____ () C:\Users\User1\Desktop\SecurityCheck.exe
2014-04-23 13:22 - 2014-04-23 13:22 - 02347384 _____ (ESET) C:\Users\User1\Downloads\esetsmartinstaller_enu.exe
2014-04-23 13:22 - 2014-04-23 13:22 - 00016569 _____ () C:\Users\User1\Desktop\Download (1).htm
2014-04-23 13:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-22 16:15 - 2014-04-22 16:15 - 00016102 _____ () C:\Users\User1\Desktop\Download.htm
2014-04-22 16:03 - 2014-04-22 16:03 - 00000818 _____ () C:\Users\User1\Desktop\JRT.txt
2014-04-22 15:58 - 2014-04-22 15:58 - 00000000 ____D () C:\Windows\ERUNT
2014-04-22 15:55 - 2013-10-10 01:00 - 00000000 ____D () C:\AdwCleaner
2014-04-22 15:07 - 2014-03-27 14:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 15:03 - 2014-04-22 15:03 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-22 15:03 - 2014-04-22 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-22 15:03 - 2014-04-22 15:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-22 15:02 - 2014-04-22 15:02 - 01335637 _____ () C:\Users\User1\Desktop\adwcleaner (1).exe
2014-04-22 15:02 - 2014-04-22 15:01 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User1\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-22 15:01 - 2014-04-22 15:01 - 01016261 _____ (Thisisu) C:\Users\User1\Desktop\JRT.exe
2014-04-21 21:58 - 2013-10-09 19:48 - 00000000 ____D () C:\Users\User1\AppData\Local\Apps\2.0
2014-04-21 21:57 - 2014-04-21 21:57 - 00019605 _____ () C:\ComboFix.txt
2014-04-21 21:57 - 2014-04-21 20:57 - 00000000 ____D () C:\Qoobox
2014-04-21 21:57 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-21 21:56 - 2014-04-21 20:57 - 00000000 ____D () C:\Windows\erdnt
2014-04-21 21:56 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-21 21:42 - 2014-04-21 21:42 - 00001514 _____ () C:\Users\User1\Desktop\ComboFix - Verknüpfung.lnk
2014-04-21 20:56 - 2014-04-21 20:56 - 05196870 ____R (Swearware) C:\Users\User1\Downloads\ComboFix.exe
2014-04-21 17:17 - 2014-04-21 17:17 - 00456072 _____ () C:\Windows\Minidump\042114-20997-01.dmp
2014-04-21 17:17 - 2014-04-16 15:57 - 782533897 _____ () C:\Windows\MEMORY.DMP
2014-04-21 17:17 - 2014-04-16 15:57 - 00000000 ____D () C:\Windows\Minidump
2014-04-21 17:17 - 2014-04-03 00:03 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-04-21 15:35 - 2014-04-21 15:35 - 00002098 _____ () C:\Users\User1\Desktop\Avira Free Antivirus starten.lnk
2014-04-21 15:32 - 2014-04-21 15:32 - 00002108 _____ () C:\Users\User1\Desktop\Avira Free Antivirus Profil Schnelle Systemprüfung.LNK
2014-04-21 15:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-21 15:06 - 2014-04-21 15:06 - 00380416 _____ () C:\Users\User1\Downloads\Gmer-19357.exe
2014-04-21 15:04 - 2014-04-21 15:04 - 00050477 _____ () C:\Users\User1\Downloads\Defogger.exe
2014-04-21 15:04 - 2014-04-21 15:04 - 00000480 _____ () C:\Users\User1\Downloads\defogger_disable.log
2014-04-21 15:04 - 2014-04-21 15:04 - 00000000 _____ () C:\Users\User1\defogger_reenable
2014-04-21 15:04 - 2013-10-08 20:20 - 00000000 ____D () C:\Users\User1
2014-04-21 15:02 - 2014-04-09 18:30 - 00035861 _____ () C:\Users\User1\Downloads\FRST.txt
2014-04-21 14:59 - 2014-04-21 14:59 - 02056704 _____ (Farbar) C:\Users\User1\Downloads\FRST64 (1).exe
2014-04-21 13:33 - 2014-04-21 13:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-21 13:32 - 2014-04-21 13:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-21 13:30 - 2014-04-21 13:30 - 00000000 ____D () C:\Users\User1\Documents\ProcAlyzer Dumps
2014-04-21 13:27 - 2014-04-21 13:27 - 00001399 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-04-21 13:27 - 2014-04-21 13:27 - 00001387 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-21 13:27 - 2014-04-21 13:27 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-21 13:27 - 2014-04-21 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-04-21 13:25 - 2014-04-21 13:25 - 00613200 _____ (Chip Digital GmbH) C:\Users\User1\Downloads\SpyBot Search Destroy - CHIP-Downloader.exe
2014-04-21 13:22 - 2014-04-03 00:03 - 00000000 ____D () C:\Users\User1\Documents\Anti-Malware
2014-04-21 13:15 - 2014-04-21 13:15 - 03355407 _____ () C:\Users\User1\Downloads\elvui-6.999 (3).zip
2014-04-21 13:06 - 2013-10-09 17:30 - 00001110 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2014-04-21 13:06 - 2013-10-09 17:30 - 00001098 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-04-21 12:50 - 2014-04-21 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-21 12:50 - 2014-04-21 12:49 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-21 12:50 - 2013-10-22 20:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-20 22:04 - 2014-04-20 22:03 - 00188383 _____ () C:\Users\User1\Downloads\Malkorok.zip
2014-04-20 17:29 - 2014-04-20 17:29 - 03355407 _____ () C:\Users\User1\Downloads\elvui-6.999 (2).zip
2014-04-20 15:01 - 2014-04-20 15:01 - 03355407 _____ () C:\Users\User1\Downloads\elvui-6.999 (1).zip
2014-04-20 14:34 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-04-20 14:34 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-04-20 14:34 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-20 14:33 - 2014-04-20 14:33 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (8).exe
2014-04-19 23:17 - 2014-04-19 23:17 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (7).exe
2014-04-19 16:48 - 2014-04-19 16:48 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (6).exe
2014-04-18 17:53 - 2014-04-18 17:53 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (5).exe
2014-04-17 19:39 - 2013-10-08 21:40 - 00000000 ____D () C:\Program Files\Google
2014-04-16 16:07 - 2014-04-16 16:07 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (4).exe
2014-04-16 16:06 - 2014-04-16 16:03 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-16 15:57 - 2014-04-16 15:57 - 00275592 _____ () C:\Windows\Minidump\041614-20826-01.dmp
2014-04-15 18:02 - 2014-04-15 18:01 - 29498592 _____ (TeamSpeak Systems GmbH) C:\Users\User1\Downloads\TeamSpeak3-Client-win64-3.0.14 (3).exe
2014-04-14 20:13 - 2014-04-21 12:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-23 13:48 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-23 13:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-23 13:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-14 04:24 - 2014-04-30 17:49 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-04-30 17:49 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\User1\AppData\Local\Temp\avgnt.exe
C:\Users\User1\AppData\Local\Temp\ntdll_dump.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-14 21:11

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 15.05.2014 19:54
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-196019333-3621520618-2838316431-1000\Software\Classes\exefile:  <===== ATTENTION!
Tcpip\Parameters: [DhcpNameServer] 121.157.39.117 114.114.114.114

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Router auf Werkseinstellungen zurücksetzen. Verbindungsdaten neu eingeben.

RogueKiller öffnen, PreScan, Scannen, dann DNS Fix klicken.

Frisches FRST log bitte.

Kerrigan 17.05.2014 15:01
Hallo Schrauber,

sorry für die lange Antwortzeit. Ich hatte super viel zu tun und habe eine Frage. Der PC wird nur via WLan mit dem Netz verbunden und hat keine direkte Verbindung zum Router da ich zwei Router nutze. ( Einen nur für WLAN und einen für den normalen Netzzugang ) Muss ich dann trotzdem den Router komplett zurücksetzen?

schrauber 18.05.2014 12:28
Hast Du mehrere Rechner in deinem Netz`? Wenn ja haben die anderen keine Probleme?

Ich schätze mal du hast das jetzt falsch beschrieben, es sieht bei dir bestimmt so aus:

Internet > Dose an der Wand > Router/Modem > Wlan Router(aber Modem deaktiviert) > Rechner.

Kerrigan 18.05.2014 14:56
Hallo Schrauber,

ja ich habe mehrere Rechner in einem Netzwerk. Es gibt allerdings nur auf einem ( wenig genutztem ) die Probleme. Der betroffene PC hat keine direkte Kabelverbindung zum Router sondern ist nur per WLAN angeschlossen.

Ich habe die Anschlussart tatsächlich etwas komisch beschrieben. Deine Beschreibung stimmt soweit. Der eine Router wird nur als Brücke benutzt für den WLAN Router. Beide Router sind per Kabel mit meinem Hauptrechner verbunden bei dem es keinerlei Probleme gibt. ( Virensuche, Malwaresuche, Trojanersuche usw. zeigten keinerlei Betroffene Dateien, keine erkennbaren Probleme treten auf )

Muss ich trotzdem beide Router auf Werkseinstellungen zurücksetzen oder reicht es eventuell aus das WLAN zu deaktivieren bis alle Prüfungen / Reinigungen gelaufen sind?

schrauber 19.05.2014 09:47
Wenn nur der Rechner Probleme macht, der am WLAN hängt, dann den WLAN Router zurücksetzen.

Kerrigan 21.05.2014 23:56
Hallo,

hier die Scans. Problem leider immer noch da. :(


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01 (ATTENTION: ====> FRST version is 11 days old and could be outdated)
Ran by User1 (administrator) on User1-PC-NE on 22-05-2014 00:35:46
Running from C:\Users\User1\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Spotify Ltd) C:\Users\User1\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\User1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\Turbo Key\TurboKey.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Gaming Mouse\Monitor.exe
(Game Inc.) C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Users\User1\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\User1\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\User1\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\User1\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\User1\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Program Files (x86)\Trillian\plugins\skypekit.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Cpu Level Up help] => C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe [887936 2009-12-28] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Turbo Key] => C:\Program Files\ASUS\Turbo Key\TurboKey.exe [1874432 2009-11-24] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Gaming mouse] => C:\Program Files (x86)\Gaming Mouse\Monitor.exe [761856 2013-07-17] ()
HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1803264 2012-06-07] (Game Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-196019333-3621520618-2838316431-1000\...\Run: [Spotify] => C:\Users\User1\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-05-14] (Spotify Ltd)
HKU\S-1-5-21-196019333-3621520618-2838316431-1000\...\Run: [Spotify Web Helper] => C:\Users\User1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-14] (Spotify Ltd)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 121.157.39.117 114.114.114.114

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-15]
CHR Extension: (Google Drive) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-15]
CHR Extension: (YouTube) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-15]
CHR Extension: (Google-Suche) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-15]
CHR Extension: (Google Wallet) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-15]
CHR Extension: (Google Mail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-15]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-29] (ASUSTeK Computer Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [X]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-25] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-07] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [27648 2012-05-11] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-18] ()
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [806400 2011-02-11] (Realtek Semiconductor Corporation                          )
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-22 00:21 - 2014-05-22 00:21 - 00000963 _____ () C:\Users\User1\Desktop\RKreport[0]_DN_05222014_002154.txt
2014-05-22 00:20 - 2014-05-22 00:20 - 00001916 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05222014_002056.txt
2014-05-22 00:18 - 2014-05-22 00:18 - 00001880 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05222014_001801.txt
2014-05-22 00:18 - 2014-05-22 00:18 - 00000930 _____ () C:\Users\User1\Desktop\RKreport[0]_DN_05222014_001829.txt
2014-05-17 01:19 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 01:19 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 01:19 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-17 01:19 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-17 01:19 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 01:19 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-17 01:19 - 2013-12-21 11:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-17 01:19 - 2013-12-21 09:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-15 19:51 - 2014-05-15 19:51 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-15 19:51 - 2014-05-15 19:51 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-15 19:51 - 2014-05-15 19:51 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-15 19:51 - 2014-05-15 19:51 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-15 19:51 - 2014-05-15 19:51 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-15 19:51 - 2014-05-15 19:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-15 19:51 - 2014-05-15 19:51 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-15 19:51 - 2014-05-15 19:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-15 19:48 - 2014-05-15 19:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 19:48 - 2014-05-04 17:12 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 19:47 - 2014-05-15 19:47 - 00002027 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-05-15 00:43 - 2014-05-15 00:43 - 00001846 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05152014_004326.txt
2014-05-15 00:38 - 2014-05-15 00:38 - 00000000 ____D () C:\Users\User1\AppData\Local\Adobe
2014-05-15 00:22 - 2014-05-22 00:35 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-15 00:22 - 2014-05-22 00:32 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-15 00:22 - 2014-05-15 00:27 - 00004112 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-15 00:22 - 2014-05-15 00:27 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-15 00:22 - 2014-05-15 00:22 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-15 00:22 - 2014-05-15 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-14 23:36 - 2014-05-15 00:09 - 38410232 _____ (Google Inc.) C:\Users\User1\Downloads\ChromeStandaloneSetup_34.0.1847.137.exe
2014-05-14 23:28 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-14 23:08 - 2014-05-14 23:21 - 00041697 _____ () C:\Users\User1\Desktop\Shortcut.txt
2014-05-14 17:49 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:49 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:49 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:49 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:49 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:49 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:49 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:49 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:49 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:49 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 17:49 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 17:49 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 17:49 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 17:49 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:49 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:49 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:49 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:49 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:49 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:49 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:49 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:49 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:49 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:49 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:49 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:49 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:49 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:49 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:49 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 17:49 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 17:49 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 17:49 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 17:49 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 17:49 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 17:49 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 17:49 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 17:49 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 17:49 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 17:49 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 17:49 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 17:49 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 17:49 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 17:49 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 17:49 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 17:49 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 17:41 - 2014-05-13 17:41 - 00002445 _____ () C:\Users\User1\Desktop\RKreport[0]_D_05132014_174137.txt
2014-05-13 17:41 - 2014-05-13 17:41 - 00000860 _____ () C:\Users\User1\Desktop\RKreport[0]_DN_05132014_174143.txt
2014-05-13 17:39 - 2014-05-13 17:39 - 00002346 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05132014_173940.txt
2014-05-12 14:37 - 2014-05-12 14:44 - 00017189 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05122014_143749.txt
2014-05-12 14:35 - 2014-05-12 14:35 - 00017160 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05122014_143525.txt
2014-05-12 14:33 - 2014-05-12 14:33 - 04527616 _____ () C:\Users\User1\Desktop\RogueKillerX64 (1).exe
2014-05-12 14:32 - 2014-05-12 14:32 - 04527616 _____ () C:\Users\User1\Downloads\RogueKillerX64.exe
2014-05-12 14:31 - 2014-05-13 17:41 - 00000000 ____D () C:\Users\User1\Desktop\RK_Quarantine
2014-05-12 14:31 - 2014-03-26 13:57 - 04493824 _____ () C:\Users\User1\Desktop\RogueKillerX64.exe
2014-05-12 14:31 - 2014-03-26 13:57 - 03945472 _____ () C:\Users\User1\Desktop\RogueKiller.exe
2014-05-12 14:30 - 2014-05-12 14:30 - 02619924 _____ () C:\Users\User1\Downloads\RogueKiller_8.8.14 (1).zip
2014-05-12 14:29 - 2014-05-12 14:29 - 02619924 _____ () C:\Users\User1\Downloads\RogueKiller_8.8.14.zip
2014-05-01 00:03 - 2014-05-15 19:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-29 22:06 - 2014-04-29 22:06 - 00078313 _____ () C:\Users\User1\Downloads\CT_MailMod_5.4.2.2.zip
2014-04-29 21:46 - 2014-04-29 21:46 - 00061123 _____ () C:\Users\User1\Downloads\TradeSkillMaster_Mailing-v2.2.1.zip
2014-04-29 21:45 - 2014-04-29 21:46 - 00849575 _____ () C:\Users\User1\Downloads\TradeSkillMaster-v2.5.12.1.zip
2014-04-24 18:00 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-04-24 18:00 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-04-24 17:59 - 2014-05-14 23:21 - 00025318 _____ () C:\Users\User1\Desktop\Addition.txt
2014-04-24 17:58 - 2014-05-13 17:49 - 00000000 ____D () C:\Users\User1\Desktop\FRST-OlderVersion
2014-04-23 13:48 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-23 13:48 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-23 13:39 - 2014-04-23 13:39 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieUserList
2014-04-23 13:39 - 2014-04-23 13:39 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieSiteList
2014-04-23 13:37 - 2014-04-23 13:37 - 02347384 _____ (ESET) C:\Users\User1\Desktop\esetsmartinstaller_enu.exe
2014-04-23 13:37 - 2014-04-23 13:37 - 00001272 _____ () C:\Users\User1\Desktop\Revo Uninstaller.lnk
2014-04-23 13:37 - 2014-04-23 13:37 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-23 13:23 - 2014-04-23 13:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User1\Desktop\revosetup95.exe
2014-04-23 13:23 - 2014-04-23 13:23 - 00855379 _____ () C:\Users\User1\Desktop\SecurityCheck.exe
2014-04-23 13:22 - 2014-04-23 13:22 - 02347384 _____ (ESET) C:\Users\User1\Downloads\esetsmartinstaller_enu.exe
2014-04-23 13:22 - 2014-04-23 13:22 - 00016569 _____ () C:\Users\User1\Desktop\Download (1).htm
2014-04-22 16:16 - 2014-05-22 00:35 - 00012260 _____ () C:\Users\User1\Desktop\FRST.txt
2014-04-22 16:15 - 2014-05-13 17:49 - 02066944 _____ (Farbar) C:\Users\User1\Desktop\FRST64.exe
2014-04-22 16:15 - 2014-04-22 16:15 - 00016102 _____ () C:\Users\User1\Desktop\Download.htm
2014-04-22 16:03 - 2014-04-22 16:03 - 00000818 _____ () C:\Users\User1\Desktop\JRT.txt
2014-04-22 15:58 - 2014-04-22 15:58 - 00000000 ____D () C:\Windows\ERUNT
2014-04-22 15:03 - 2014-04-22 15:03 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-22 15:03 - 2014-04-22 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-22 15:03 - 2014-04-22 15:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-22 15:03 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-22 15:03 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-22 15:03 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-22 15:02 - 2014-04-22 15:02 - 01335637 _____ () C:\Users\User1\Desktop\adwcleaner (1).exe
2014-04-22 15:01 - 2014-04-22 15:02 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User1\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-22 15:01 - 2014-04-22 15:01 - 01016261 _____ (Thisisu) C:\Users\User1\Desktop\JRT.exe

==================== One Month Modified Files and Folders =======

2014-05-22 00:36 - 2014-04-22 16:16 - 00012260 _____ () C:\Users\User1\Desktop\FRST.txt
2014-05-22 00:35 - 2014-05-15 00:22 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-22 00:35 - 2013-11-26 19:49 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Spotify
2014-05-22 00:35 - 2013-10-08 22:34 - 00000330 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job
2014-05-22 00:32 - 2014-05-15 00:22 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-22 00:31 - 2009-07-14 06:45 - 00025280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-22 00:31 - 2009-07-14 06:45 - 00025280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-22 00:23 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-22 00:23 - 2009-07-14 06:51 - 00039014 _____ () C:\Windows\setupact.log
2014-05-22 00:22 - 2014-04-09 18:30 - 00000000 ____D () C:\FRST
2014-05-22 00:22 - 2013-10-08 19:57 - 01307340 _____ () C:\Windows\WindowsUpdate.log
2014-05-22 00:21 - 2014-05-22 00:21 - 00000963 _____ () C:\Users\User1\Desktop\RKreport[0]_DN_05222014_002154.txt
2014-05-22 00:20 - 2014-05-22 00:20 - 00001916 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05222014_002056.txt
2014-05-22 00:18 - 2014-05-22 00:18 - 00001880 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05222014_001801.txt
2014-05-22 00:18 - 2014-05-22 00:18 - 00000930 _____ () C:\Users\User1\Desktop\RKreport[0]_DN_05222014_001829.txt
2014-05-22 00:14 - 2013-10-14 14:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-21 17:42 - 2013-11-26 19:49 - 00000000 ____D () C:\Users\User1\AppData\Local\Spotify
2014-05-17 00:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 20:00 - 2013-10-08 20:20 - 00001417 _____ () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-15 19:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-15 19:56 - 2013-10-14 15:35 - 00020687 _____ () C:\Windows\IE10_main.log
2014-05-15 19:51 - 2014-05-15 19:51 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-15 19:51 - 2014-05-15 19:51 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-15 19:51 - 2014-05-15 19:51 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-15 19:51 - 2014-05-15 19:51 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-15 19:51 - 2014-05-15 19:51 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-15 19:51 - 2014-05-15 19:51 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-15 19:51 - 2014-05-15 19:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-15 19:51 - 2014-05-15 19:51 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-15 19:51 - 2014-05-15 19:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-15 19:51 - 2014-05-15 19:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-15 19:51 - 2014-05-15 19:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-15 19:49 - 2014-05-15 19:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 19:47 - 2014-05-15 19:47 - 00002027 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-05-15 19:47 - 2013-10-08 22:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 19:42 - 2013-10-08 22:23 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-15 19:42 - 2013-10-08 20:20 - 00000000 ___RD () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 19:42 - 2013-10-08 20:20 - 00000000 ___RD () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 19:37 - 2014-05-01 00:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 19:37 - 2010-11-21 05:47 - 00285442 _____ () C:\Windows\PFRO.log
2014-05-15 00:43 - 2014-05-15 00:43 - 00001846 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05152014_004326.txt
2014-05-15 00:38 - 2014-05-15 00:38 - 00000000 ____D () C:\Users\User1\AppData\Local\Adobe
2014-05-15 00:38 - 2013-10-09 13:36 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Adobe
2014-05-15 00:27 - 2014-05-15 00:22 - 00004112 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-15 00:27 - 2014-05-15 00:22 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-15 00:22 - 2014-05-15 00:22 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-15 00:22 - 2014-05-15 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-15 00:22 - 2013-10-08 21:40 - 00000000 ____D () C:\Users\User1\AppData\Local\Google
2014-05-15 00:22 - 2013-10-08 21:40 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-15 00:09 - 2014-05-14 23:36 - 38410232 _____ (Google Inc.) C:\Users\User1\Downloads\ChromeStandaloneSetup_34.0.1847.137.exe
2014-05-14 23:27 - 2013-10-22 20:11 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-14 23:21 - 2014-05-14 23:08 - 00041697 _____ () C:\Users\User1\Desktop\Shortcut.txt
2014-05-14 23:21 - 2014-04-24 17:59 - 00025318 _____ () C:\Users\User1\Desktop\Addition.txt
2014-05-14 19:15 - 2013-10-14 14:04 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 19:15 - 2013-10-14 14:04 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 19:15 - 2013-10-14 14:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 00:11 - 2013-11-27 19:23 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-05-14 00:11 - 2013-10-09 19:48 - 00000000 ____D () C:\Users\User1\AppData\Local\Battle.net
2014-05-13 22:47 - 2013-10-09 13:41 - 00000000 ____D () C:\World of Warcraft
2014-05-13 17:49 - 2014-04-24 17:58 - 00000000 ____D () C:\Users\User1\Desktop\FRST-OlderVersion
2014-05-13 17:49 - 2014-04-22 16:15 - 02066944 _____ (Farbar) C:\Users\User1\Desktop\FRST64.exe
2014-05-13 17:42 - 2014-04-21 15:02 - 00000000 ____D () C:\Scans
2014-05-13 17:41 - 2014-05-13 17:41 - 00002445 _____ () C:\Users\User1\Desktop\RKreport[0]_D_05132014_174137.txt
2014-05-13 17:41 - 2014-05-13 17:41 - 00000860 _____ () C:\Users\User1\Desktop\RKreport[0]_DN_05132014_174143.txt
2014-05-13 17:41 - 2014-05-12 14:31 - 00000000 ____D () C:\Users\User1\Desktop\RK_Quarantine
2014-05-13 17:39 - 2014-05-13 17:39 - 00002346 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05132014_173940.txt
2014-05-12 14:44 - 2014-05-12 14:37 - 00017189 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05122014_143749.txt
2014-05-12 14:35 - 2014-05-12 14:35 - 00017160 _____ () C:\Users\User1\Desktop\RKreport[0]_S_05122014_143525.txt
2014-05-12 14:33 - 2014-05-12 14:33 - 04527616 _____ () C:\Users\User1\Desktop\RogueKillerX64 (1).exe
2014-05-12 14:32 - 2014-05-12 14:32 - 04527616 _____ () C:\Users\User1\Downloads\RogueKillerX64.exe
2014-05-12 14:30 - 2014-05-12 14:30 - 02619924 _____ () C:\Users\User1\Downloads\RogueKiller_8.8.14 (1).zip
2014-05-12 14:29 - 2014-05-12 14:29 - 02619924 _____ () C:\Users\User1\Downloads\RogueKiller_8.8.14.zip
2014-05-09 08:14 - 2014-05-14 17:49 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 17:49 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 18:20 - 2013-10-22 18:07 - 00000000 ____D () C:\Users\User1\Documents\StarCraft II
2014-05-06 07:14 - 2014-05-17 01:19 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 07:14 - 2014-05-17 01:19 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 05:48 - 2014-05-17 01:19 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:48 - 2014-05-17 01:19 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-06 05:37 - 2014-05-17 01:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:26 - 2014-05-17 01:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-04 17:12 - 2014-05-15 19:48 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-02 20:59 - 2013-10-09 19:48 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-29 22:06 - 2014-04-29 22:06 - 00078313 _____ () C:\Users\User1\Downloads\CT_MailMod_5.4.2.2.zip
2014-04-29 21:46 - 2014-04-29 21:46 - 00061123 _____ () C:\Users\User1\Downloads\TradeSkillMaster_Mailing-v2.2.1.zip
2014-04-29 21:46 - 2014-04-29 21:45 - 00849575 _____ () C:\Users\User1\Downloads\TradeSkillMaster-v2.5.12.1.zip
2014-04-29 21:45 - 2013-10-09 19:48 - 00000000 ____D () C:\Users\User1\AppData\Local\Deployment
2014-04-23 13:39 - 2014-04-23 13:39 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieUserList
2014-04-23 13:39 - 2014-04-23 13:39 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieSiteList
2014-04-23 13:37 - 2014-04-23 13:37 - 02347384 _____ (ESET) C:\Users\User1\Desktop\esetsmartinstaller_enu.exe
2014-04-23 13:37 - 2014-04-23 13:37 - 00001272 _____ () C:\Users\User1\Desktop\Revo Uninstaller.lnk
2014-04-23 13:37 - 2014-04-23 13:37 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-23 13:23 - 2014-04-23 13:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User1\Desktop\revosetup95.exe
2014-04-23 13:23 - 2014-04-23 13:23 - 00855379 _____ () C:\Users\User1\Desktop\SecurityCheck.exe
2014-04-23 13:22 - 2014-04-23 13:22 - 02347384 _____ (ESET) C:\Users\User1\Downloads\esetsmartinstaller_enu.exe
2014-04-23 13:22 - 2014-04-23 13:22 - 00016569 _____ () C:\Users\User1\Desktop\Download (1).htm
2014-04-22 16:15 - 2014-04-22 16:15 - 00016102 _____ () C:\Users\User1\Desktop\Download.htm
2014-04-22 16:03 - 2014-04-22 16:03 - 00000818 _____ () C:\Users\User1\Desktop\JRT.txt
2014-04-22 15:58 - 2014-04-22 15:58 - 00000000 ____D () C:\Windows\ERUNT
2014-04-22 15:55 - 2013-10-10 01:00 - 00000000 ____D () C:\AdwCleaner
2014-04-22 15:07 - 2014-03-27 14:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 15:03 - 2014-04-22 15:03 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-22 15:03 - 2014-04-22 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-22 15:03 - 2014-04-22 15:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-22 15:02 - 2014-04-22 15:02 - 01335637 _____ () C:\Users\User1\Desktop\adwcleaner (1).exe
2014-04-22 15:02 - 2014-04-22 15:01 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\User1\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-22 15:01 - 2014-04-22 15:01 - 01016261 _____ (Thisisu) C:\Users\User1\Desktop\JRT.exe

Some content of TEMP:
====================
C:\Users\User1\AppData\Local\Temp\avgnt.exe
C:\Users\User1\AppData\Local\Temp\ntdll_dump.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 17:49] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-14 21:11

==================== End Of Log ============================
--- --- ---

--- --- ---



Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-05-2014 01
Ran by User1 at 2014-05-22 00:15:10 Run:4
Running from C:\Users\User1\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-196019333-3621520618-2838316431-1000\Software\Classes\exefile:  <===== ATTENTION!
Tcpip\Parameters: [DhcpNameServer] 121.157.39.117 114.114.114.114
*****************

HKU\S-1-5-21-196019333-3621520618-2838316431-1000\Software\Classes\exefile => Key deleted successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => Value deleted successfully.

==== End of Fixlog ====

Code:
RogueKiller V8.8.14 _x64_ [Mar 26 2014] durch Adlice Software
mail : hxxp://www.adlice.com/contact/
Kommentare : hxxp://forum.adlice.com
Webseite : hxxp://www.adlice.com/softwares/roguekiller/
Blog : hxxp://www.adlice.com

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : User1 [Admin Rechte]
Funktion : Scannen -- Datum : 05/22/2014 00:20:56
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 0 ¤¤¤

¤¤¤ Geplante Tasks : 0 ¤¤¤

¤¤¤ Autostart-Einträge : 0 ¤¤¤

¤¤¤ Web-Browsern : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infektion :  ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EALX-009BA0 ATA Device +++++
--- User ---
[MBR] 4e08872e192e8c6e0c1d0fedfaeda45f
[BSP] 3b932c3ea17df325cd0025b065592a32 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Multi Flash Reader USB Device +++++
Error reading User MBR! ([0x15] Das Gerät ist nicht bereit. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Die Anforderung wird nicht unterstützt. )

Abgeschlossen : << RKreport[0]_S_05222014_002056.txt >>
RKreport[0]_D_05132014_174137.txt;RKreport[0]_S_05122014_143525.txt;RKreport[0]_S_05122014_143749.txt
RKreport[0]_S_05132014_173940.txt;RKreport[0]_S_05152014_004326.txt;RKreport[0]_S_05222014_001801.txt

schrauber 22.05.2014 13:43
hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).


Kerrigan 23.05.2014 17:45
Hallo Schrauber,

leider macht mein USB Stick ein paar Macken sodas ich mir einen neuen kaufen muss. Das schaffe ich aber erst am Montag. Also bitte nicht wundern wenn vorher keine Antwort kommt. :)

Es gibt leider noch ein neues Problem. Das gleiche Problem wie auf meinem zweit PC ist mittlerweile auf meinem Tablet... ( Kindle Fire HD ) Ich surfe mit dem Tablet sehr selten und habe keine Ahnung wie das dort hin kommt. Ich habe keine Lust das komplette Tablet neu zu machen nur um mir dann nächste Woche diesen Mist nochmal einzufangen. Ich wüsste eben gerne wo ich das her habe und wie ich eine neue Infizierung verhindern kann. Die einzigen Seiten die ich mit meinem Tablett besuche sind irgendwelche Twitch Streams ( zB: www.twitch.tv/gsl / www.twitch.tv/proleague ) oder hxxp://wiki.teamliquid.net/ eigentlich alles große und bekannte Seiten. Hast du einen Tip wie ich dieser Werbehölle entkomme? :headbang:

schrauber 24.05.2014 11:24
Router mal auf Werkseinstellungen zurücksetzen.

Kerrigan 29.05.2014 22:10
Hi,

also ich habe nun ein paar Optionen versucht aber leider erscheint bei keiner einzigen die Option Computer reparieren. Und egal was ich auswähle, der PC startet irgendwie immer ganz normal Window.

In dem Menü das erscheint wenn ich beim booten F8 drücke stehen nur zur Auswahl:

Sata:4M-WDC
CDROM: 4S-TSSTcorp
USB:Multi Flash Reader
USB: USB Disk 3.0

Was soll ich nun tun?

Nachtrag:

Obwohl ich nichts getan habe auser eventuell mal vom USB Stick zu booten ( Wo nur das FRST Tool drauf war ) ist seit jetzt eben das Problem plötzlich verschwunden. Keine Symptome mehr zu sehen, Klicks lösen keine Werbung aus, keine komischen leeren Fenster werden geladen. Gestern war das Problem definitiv noch da! Ich verstehe nix mehr. :(

Nachtrag 2:

Rechner läuft nun seit 6 Stunden Problemlos und ohne das ich irgendwie neue Seiten angesurft hätte ist nun der ganze nervige Werbekram wieder da...:headbang:


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:03 Uhr.
Seite 3 von 4 12 3 4
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131