Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert. (https://www.trojaner-board.de/153652-antiviren-antimalwareprogramme-installiert-geoeffnet-firewall-wurde-deaktiviert.html)

Manuel.E 10.05.2014 11:27
Antiviren- und Antimalwareprogramme können nicht installiert oder geöffnet werden, Firewall wurde auch deaktiviert.
 
Hallo,

ich habe vollgendes Problem gestern festgestellt, Avira und Malwarebytes sich nicht mehr öffnen lassen es kommt die Meldung "... ist keine zuverlässige 32 bit-anwendung". Dannach habe ich auch festgestellt das die Windows Firewall deaktiviert ist und ich kann die firewall nicht wieder aktivieren da ich nicht die nötigen Berechtigungen habe obwohl ich als Admin Angemeldet bin.

Ich hoffe Ihr könnt mir Helfen vielen Dank schon mal im vorraus.

deeprybka 10.05.2014 12:04
:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab.
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweise: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean :daumenhoc bist.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Das dauert dann zwar ein paar Stunden länger, garantiert aber, dass Du kompetente Hilfe und geprüfte Antworten bekommst. Siehe hier...

Ich bedanke mich für Deine Geduld! :)



Schritt 1 (Scan mit FRST)
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://deeprybka.trojaner-board.de/tdss/codetags.gif

Manuel.E 10.05.2014 13:30
Ihr ist die FRST.txt



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-05-2014
Ran by Gaming pc (administrator) on GAMINGPC-PC on 10-05-2014 14:27:40
Running from C:\Users\Gaming pc\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
() C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [506864 2013-03-08] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [d2be3e6d11846430c067fc874a79f583] => "C:\Users\Gaming pc\AppData\Local\Temp\java.exe" ..
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe
HKLM-x32\...\Run: [MFARestart] => C:\ProgramData\MFAData\pack\avgrunasx.exe [314896 2014-03-27] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
HKU\S-1-5-19\...\Run: [adminkey] => C:\ProgramData\folder\mtqadjqbe.exe [262033 2014-05-04] (Symantec ® Corporation SidePro)
HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Run: [adminkey] => C:\ProgramData\folder\mtqadjqbe.exe [262033 2014-05-04] (Symantec ® Corporation SidePro)
HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [37664 2014-03-05] (Overwolf LTD)
HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySqlNotifier.exe [762368 2013-07-05] (Oracle Corporation)
HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-12-06] (AMD)
HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\CurrentVersion\Windows: [Load] C:\Windows\system32\Microsoft.com <===== ATTENTION
HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Policies\Explorer: []
HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\MountPoints2: {4371f346-7f8a-11e3-a467-d43d7ebdbc00} - E:\setup.exe
IFEO\AvastSvc.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\AvastUI.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avcenter.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avconfig.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgcsrvx.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgidsagent.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgnt.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgrsx.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avguard.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgwdsvc.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avp.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avscan.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\bdagent.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\ccuac.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\ComboFix.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\egui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\hijackthis.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\instup.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\keyscrambler.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbam.exe: [Debugger] zwrstu.exe
IFEO\mbamgui.exe: [Debugger] skskjb.exe
IFEO\mbampt.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbamscheduler.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbamservice.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\MpCmdRun.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\MSASCui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\MsMpEng.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\msseces.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\rstrui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\spybotsd.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\SSScheduler.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\wireshark.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\zlclient.exe: [Debugger] C:\Windows\system32\Microsoft.com
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - 931B4090B162439199140CDA6E2CECDF URL =
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a11465-172&apn_uid=3361143290744442&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPCAF66BCF-5A15-45D9-AAD8-951C2A465CDD&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" No File
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Gaming pc\AppData\Roaming\Mozilla\Firefox\Profiles\3ngzs4ee.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Gaming pc\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Gaming pc\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Wallet) - C:\Users\Gaming pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-10-15]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-04-25] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [48832 2013-03-13] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-04-18] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14256 2014-05-04] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32568 2014-04-14] (The OpenVPN Project)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" [X]
S2 APNMCP; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]
S2 Util Surftastic; "C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-17] (Disc Soft Ltd)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-02-13] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-22] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-01-15] (Anchorfree Inc.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-05-10] ()
S3 ALSysIO; \??\C:\Users\GAMING~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-10 14:27 - 2014-05-10 14:27 - 00018289 _____ () C:\Users\Gaming pc\Desktop\FRST.txt
2014-05-10 14:26 - 2014-05-10 14:27 - 00048593 _____ () C:\Users\Gaming pc\Downloads\FRST.txt
2014-05-10 14:26 - 2014-05-10 14:26 - 02065408 _____ (Farbar) C:\Users\Gaming pc\Desktop\FRST64.exe
2014-05-10 12:01 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Macromedia
2014-05-10 12:01 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Adobe
2014-05-10 12:00 - 2014-05-10 12:00 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\ATI
2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Apple Computer
2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\MFAData
2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Avg2014
2014-05-10 11:54 - 2014-05-10 11:54 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Mozilla
2014-05-10 11:51 - 2014-05-10 11:51 - 00003374 _____ () C:\Windows\System32\Tasks\Install_SSD
2014-05-10 11:38 - 2014-05-10 14:27 - 00000000 ____D () C:\FRST
2014-05-10 11:32 - 2014-05-10 11:32 - 00000000 _____ () C:\Users\Gaming pc\defogger_reenable
2014-05-10 11:15 - 2014-05-10 11:15 - 06103040 _____ () C:\Program Files (x86)\GUTDF67.tmp
2014-05-10 11:15 - 2014-05-10 11:15 - 00000000 ____D () C:\Program Files (x86)\GUMDF08.tmp
2014-05-09 21:04 - 2014-05-09 21:04 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\TuneUp Software
2014-05-09 20:59 - 2014-05-10 11:17 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-09 20:43 - 2014-05-09 20:43 - 00858295 _____ () C:\Users\Gaming pc\Documents\pinfect.zip
2014-05-09 20:41 - 2014-05-09 20:42 - 19759335 _____ () C:\Windows\REGBK00.ZIP
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\VDLL.DLL
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\SysWOW64\runouce.exe
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\rundll16.exe
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\RUNDL132.EXE
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\logo1_.exe
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\logo_1.exe
2014-05-09 20:40 - 2014-05-09 20:40 - 00632064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2014-05-09 20:40 - 2014-05-09 20:40 - 00554240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp80.dll
2014-05-09 20:40 - 2014-05-09 20:40 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eEmpty.exe
2014-05-09 20:40 - 2014-05-09 20:40 - 00000028 _____ () C:\Windows\Lic.xxx
2014-05-09 20:40 - 2014-05-09 20:40 - 00000000 ____D () C:\ProgramData\MicroWorld
2014-05-09 20:40 - 2005-09-22 23:22 - 00000522 _____ () C:\Windows\SysWOW64\Microsoft.VC80.CRT.manifest
2014-05-09 20:30 - 2014-05-10 11:59 - 00000000 ____D () C:\AdwCleaner
2014-05-09 20:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-09 20:21 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-09 20:21 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-09 20:21 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 19:56 - 2014-05-09 19:56 - 00000000 ____D () C:\Users\Gaming pc\ChromeExtensions
2014-05-09 19:47 - 2014-05-09 19:47 - 00120832 _____ () C:\Windows\system32\cmlua64.exe
2014-05-09 19:41 - 2014-05-10 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-09 19:41 - 2014-05-10 11:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-09 19:37 - 2014-05-09 19:37 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-09 19:33 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Oracle
2014-05-09 17:58 - 2014-05-09 17:58 - 00082457 _____ () C:\Users\Gaming pc\Documents\log.xml
2014-05-09 16:20 - 2014-05-09 16:20 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2014-05-09 16:18 - 2014-05-09 16:18 - 00000000 _____ () C:\autoexec.bat
2014-05-09 16:17 - 2014-05-09 16:22 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-09 16:17 - 2014-05-09 16:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-09 16:11 - 2014-03-02 18:24 - 00000426 _____ () C:\AVScanner.ini
2014-05-09 16:09 - 2014-05-10 12:00 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-09 15:51 - 2014-05-10 14:23 - 00000000 __RHO () C:\Windows\SysWOW64\Microsoft.com
2014-05-06 15:51 - 2014-05-06 15:54 - 00000302 _____ () C:\Users\Gaming pc\AppData\Roaming\BreakingPoint_Login.ini
2014-05-04 16:37 - 2014-05-04 16:37 - 00003222 _____ () C:\Windows\System32\Tasks\Windows Update Check - 0x140703D5
2014-05-04 14:08 - 2014-05-04 14:08 - 00000019 _____ () C:\Users\Gaming pc\Desktop\[76561198110998659].txt
2014-05-04 12:10 - 2014-05-06 16:03 - 00001256 _____ () C:\Users\Gaming pc\AppData\Roaming\BreakingPoint_Options.ini
2014-05-04 12:03 - 2014-05-04 12:03 - 00001034 _____ () C:\Users\Gaming pc\Desktop\Breaking Point.lnk
2014-05-04 12:02 - 2014-05-06 15:54 - 00000000 ____D () C:\Program Files (x86)\Breaking
2014-05-03 21:48 - 2014-05-03 21:48 - 00000000 ____D () C:\Users\Gaming pc\Documents\Navicat
2014-05-03 21:43 - 2014-05-03 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft
2014-05-03 21:43 - 2014-05-03 21:43 - 00000000 ____D () C:\Program Files\PremiumSoft
2014-05-03 21:43 - 2013-10-08 09:55 - 01988096 _____ () C:\Windows\system32\libmysql_e.dll
2014-05-03 21:41 - 2014-05-10 11:51 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\MySQL
2014-05-03 21:37 - 2014-05-09 20:19 - 00000000 ____D () C:\Program Files\MySQL
2014-05-03 21:37 - 2014-05-09 20:16 - 00000023 _____ () C:\Windows\ODBCINST.INI
2014-05-03 21:37 - 2014-05-09 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2014-05-03 21:36 - 2014-05-09 20:18 - 00000000 ____D () C:\Program Files (x86)\MySQL
2014-05-03 21:36 - 2014-05-03 21:37 - 00000000 ____D () C:\ProgramData\MySQL
2014-05-03 21:36 - 2014-05-03 21:36 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
2014-05-01 20:03 - 2014-05-01 20:03 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PBO Manager
2014-05-01 20:03 - 2014-05-01 20:03 - 00000000 ____D () C:\Program Files\PBO Manager v.1.4 beta
2014-04-30 19:49 - 2014-04-30 19:49 - 00001103 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\Program Files (x86)\OpenVPN
2014-04-30 19:14 - 2014-04-30 19:14 - 00001971 _____ () C:\Users\Public\Desktop\Overwolf.lnk
2014-04-30 19:14 - 2014-04-30 19:14 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2014-04-30 19:14 - 2014-04-30 19:14 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-04-30 19:13 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Overwolf
2014-04-30 19:13 - 2014-04-30 19:13 - 00001222 _____ () C:\Users\Gaming pc\Desktop\TeamSpeak 3 Client.lnk
2014-04-30 19:13 - 2014-04-30 19:13 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\TeamSpeak 3 Client
2014-04-25 20:32 - 2014-04-25 20:32 - 00000201 _____ () C:\Users\Gaming pc\Desktop\arma3.url
2014-04-25 20:24 - 2014-04-25 20:24 - 00000222 _____ () C:\Users\Gaming pc\Desktop\Arma 3.url
2014-04-25 20:16 - 2014-05-09 15:52 - 00000000 __SHD () C:\Program Files (x86)\Windows Manager
2014-04-25 20:11 - 2014-04-25 20:16 - 00000000 ____D () C:\Program Files (x86)\Kepard
2014-04-25 19:51 - 2014-04-25 19:51 - 00003154 _____ () C:\Windows\System32\Tasks\{A8F5506E-8DE9-4484-9A04-FB634B47CB35}
2014-04-25 19:45 - 2014-05-09 16:12 - 00002300 _____ () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-04-24 20:56 - 2014-04-30 19:13 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-24 17:32 - 2014-05-09 15:44 - 00000000 ___RD () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 17:32 - 2014-04-24 17:32 - 00000000 ___RD () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 13:20 - 2014-04-24 13:20 - 06389248 _____ (Alderon Games) C:\Program Files (x86)\BreakingPoint.exe
2014-04-24 13:20 - 2014-04-24 13:20 - 03019880 _____ (BitTorrent, Inc.) C:\Program Files (x86)\BTSync.exe
2014-04-24 13:20 - 2014-04-24 13:20 - 01068544 _____ (Alderon Games) C:\Program Files (x86)\ApplyUpdate.exe
2014-04-22 14:58 - 2014-05-08 16:33 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Arma 3
2014-04-22 14:58 - 2014-04-22 17:31 - 00000000 ____D () C:\Users\Gaming pc\Documents\Arma 3
2014-04-22 14:58 - 2014-04-22 14:58 - 00000000 ____D () C:\ProgramData\Bohemia Interactive
2014-04-22 14:56 - 2014-04-22 19:26 - 00000772 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARMA 3.lnk
2014-04-18 18:56 - 2014-04-22 12:51 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 13:04 - 2009-09-27 09:39 - 00415744 ___SH (The Public) C:\Windows\SysWOW64\avisynth.dll
2014-04-17 13:04 - 2005-07-14 12:31 - 00032256 ___SH () C:\Windows\SysWOW64\AVSredirect.dll
2014-04-17 13:04 - 2004-02-22 10:11 - 00764416 ___SH (Abysmal Software) C:\Windows\SysWOW64\devil.dll
2014-04-17 13:04 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\yv12vfw.dll
2014-04-17 13:04 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\i420vfw.dll
2014-04-17 13:00 - 2014-04-22 15:49 - 00000000 ____D () C:\Program Files (x86)\eRightSoft
2014-04-17 13:00 - 2014-04-17 13:00 - 01097384 _____ (AnyProtect.com) C:\Users\Gaming pc\AppData\Local\nsy525F.tmp
2014-04-17 13:00 - 2014-04-17 13:00 - 00000000 ____D () C:\Users\Gaming pc\Documents\eRightSoft
2014-04-17 13:00 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\Windows\SysWOW64\pncrt.dll
2014-04-17 13:00 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drvc.dll
2014-04-15 08:49 - 2014-04-15 08:49 - 00002990 _____ () C:\Windows\System32\Tasks\{EE1C554C-CCFC-452D-AAE2-71472538B64D}
2014-04-15 08:49 - 2014-04-15 08:49 - 00002990 _____ () C:\Windows\System32\Tasks\{E40D7364-927A-4F7B-B1A6-261C7E340CB4}
2014-04-13 12:29 - 2014-05-10 12:00 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-04-13 12:19 - 2014-04-13 12:22 - 00000000 ____D () C:\Users\Gaming pc\AppData\libraries
2014-04-13 12:17 - 2014-04-13 12:23 - 00000000 ____D () C:\Users\Gaming pc\AppData\assets
2014-04-13 12:17 - 2014-04-13 12:17 - 00000000 ____D () C:\Users\Gaming pc\AppData\versions
2014-04-13 12:15 - 2014-04-13 12:23 - 00000000 ____D () C:\Users\Gaming pc\AppData\Monster
2014-04-13 12:12 - 2014-04-13 12:25 - 00000000 ____D () C:\Users\Gaming pc\AppData\authlib
2014-04-13 12:12 - 2014-04-13 12:12 - 00000000 _____ () C:\Users\Gaming pc\AppData\FTBOSSent1.3.8.txt
2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

==================== One Month Modified Files and Folders =======

2014-05-10 14:27 - 2014-05-10 14:27 - 00018289 _____ () C:\Users\Gaming pc\Desktop\FRST.txt
2014-05-10 14:27 - 2014-05-10 14:26 - 00048593 _____ () C:\Users\Gaming pc\Downloads\FRST.txt
2014-05-10 14:27 - 2014-05-10 11:38 - 00000000 ____D () C:\FRST
2014-05-10 14:26 - 2014-05-10 14:26 - 02065408 _____ (Farbar) C:\Users\Gaming pc\Desktop\FRST64.exe
2014-05-10 14:23 - 2014-05-09 15:51 - 00000000 __RHO () C:\Windows\SysWOW64\Microsoft.com
2014-05-10 14:23 - 2014-01-27 18:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-10 14:23 - 2014-01-27 18:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-10 14:23 - 2013-12-27 12:12 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000UA.job
2014-05-10 14:23 - 2013-12-27 12:12 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000Core.job
2014-05-10 14:23 - 2013-10-15 12:25 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-10 12:08 - 2009-07-14 06:45 - 00026496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-10 12:08 - 2009-07-14 06:45 - 00026496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-10 12:01 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Macromedia
2014-05-10 12:01 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Adobe
2014-05-10 12:01 - 2014-05-09 19:33 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Oracle
2014-05-10 12:01 - 2014-04-30 19:13 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Overwolf
2014-05-10 12:00 - 2014-05-10 12:00 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\ATI
2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Apple Computer
2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\MFAData
2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Avg2014
2014-05-10 12:00 - 2014-05-09 16:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-10 12:00 - 2014-04-13 12:29 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-05-10 12:00 - 2013-11-21 18:46 - 00002020 _____ () C:\Windows\Tasks\CS Browser Assistant 2.0-chromeinstaller.job
2014-05-10 12:00 - 2013-11-21 18:46 - 00001946 _____ () C:\Windows\Tasks\CS Browser Assistant 2.0-firefoxinstaller.job
2014-05-10 12:00 - 2013-11-21 18:46 - 00001386 _____ () C:\Windows\Tasks\CS Browser Assistant 2.0-updater.job
2014-05-10 12:00 - 2013-11-21 18:46 - 00001288 _____ () C:\Windows\Tasks\CS Browser Assistant 2.0-codedownloader.job
2014-05-10 12:00 - 2013-11-21 18:46 - 00001188 _____ () C:\Windows\Tasks\CS Browser Assistant 2.0-enabler.job
2014-05-10 12:00 - 2013-10-15 12:25 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-10 12:00 - 2010-11-21 05:47 - 00872946 _____ () C:\Windows\PFRO.log
2014-05-10 12:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-10 12:00 - 2009-07-14 06:51 - 00128300 _____ () C:\Windows\setupact.log
2014-05-10 11:59 - 2014-05-09 20:30 - 00000000 ____D () C:\AdwCleaner
2014-05-10 11:54 - 2014-05-10 11:54 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Mozilla
2014-05-10 11:51 - 2014-05-10 11:51 - 00003374 _____ () C:\Windows\System32\Tasks\Install_SSD
2014-05-10 11:51 - 2014-05-03 21:41 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\MySQL
2014-05-10 11:47 - 2013-11-13 06:13 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-10 11:47 - 2013-09-10 14:59 - 01983837 _____ () C:\Windows\WindowsUpdate.log
2014-05-10 11:35 - 2014-05-09 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-10 11:32 - 2014-05-10 11:32 - 00000000 _____ () C:\Users\Gaming pc\defogger_reenable
2014-05-10 11:32 - 2013-09-10 15:35 - 00000000 ____D () C:\Users\Gaming pc
2014-05-10 11:26 - 2013-09-16 18:03 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\CrashDumps
2014-05-10 11:23 - 2013-11-13 06:14 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-05-10 11:22 - 2014-05-09 19:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-10 11:17 - 2014-05-09 20:59 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-10 11:17 - 2013-10-15 12:25 - 00004112 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 11:17 - 2013-10-15 12:25 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-10 11:15 - 2014-05-10 11:15 - 06103040 _____ () C:\Program Files (x86)\GUTDF67.tmp
2014-05-10 11:15 - 2014-05-10 11:15 - 00000000 ____D () C:\Program Files (x86)\GUMDF08.tmp
2014-05-10 11:15 - 2014-03-07 20:39 - 00000000 ____D () C:\Users\DefaultAppPool
2014-05-09 21:04 - 2014-05-09 21:04 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\TuneUp Software
2014-05-09 20:43 - 2014-05-09 20:43 - 00858295 _____ () C:\Users\Gaming pc\Documents\pinfect.zip
2014-05-09 20:42 - 2014-05-09 20:41 - 19759335 _____ () C:\Windows\REGBK00.ZIP
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\VDLL.DLL
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\SysWOW64\runouce.exe
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\rundll16.exe
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\RUNDL132.EXE
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\logo1_.exe
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\logo_1.exe
2014-05-09 20:40 - 2014-05-09 20:40 - 00632064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2014-05-09 20:40 - 2014-05-09 20:40 - 00554240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp80.dll
2014-05-09 20:40 - 2014-05-09 20:40 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eEmpty.exe
2014-05-09 20:40 - 2014-05-09 20:40 - 00000028 _____ () C:\Windows\Lic.xxx
2014-05-09 20:40 - 2014-05-09 20:40 - 00000000 ____D () C:\ProgramData\MicroWorld
2014-05-09 20:19 - 2014-05-03 21:37 - 00000000 ____D () C:\Program Files\MySQL
2014-05-09 20:18 - 2014-05-03 21:36 - 00000000 ____D () C:\Program Files (x86)\MySQL
2014-05-09 20:16 - 2014-05-03 21:37 - 00000023 _____ () C:\Windows\ODBCINST.INI
2014-05-09 20:16 - 2014-05-03 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2014-05-09 19:59 - 2013-11-17 13:33 - 00003036 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2014-05-09 19:56 - 2014-05-09 19:56 - 00000000 ____D () C:\Users\Gaming pc\ChromeExtensions
2014-05-09 19:54 - 2013-09-11 00:52 - 02396496 _____ () C:\Windows\system32\perfh007.dat
2014-05-09 19:54 - 2013-09-11 00:52 - 00680496 _____ () C:\Windows\system32\perfc007.dat
2014-05-09 19:54 - 2009-07-14 07:13 - 00612130 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-09 19:47 - 2014-05-09 19:47 - 00120832 _____ () C:\Windows\system32\cmlua64.exe
2014-05-09 19:37 - 2014-05-09 19:37 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-09 19:20 - 2014-03-07 20:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 17:58 - 2014-05-09 17:58 - 00082457 _____ () C:\Users\Gaming pc\Documents\log.xml
2014-05-09 16:22 - 2014-05-09 16:17 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-09 16:20 - 2014-05-09 16:20 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2014-05-09 16:18 - 2014-05-09 16:18 - 00000000 _____ () C:\autoexec.bat
2014-05-09 16:17 - 2014-05-09 16:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-09 16:12 - 2014-04-25 19:45 - 00002300 _____ () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-09 16:12 - 2014-03-03 11:28 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-09 16:12 - 2014-01-27 18:21 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-09 16:12 - 2014-01-27 18:21 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-09 15:54 - 2014-01-27 18:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-09 15:54 - 2013-09-17 15:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-09 15:54 - 2013-09-17 15:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-09 15:52 - 2014-04-25 20:16 - 00000000 __SHD () C:\Program Files (x86)\Windows Manager
2014-05-09 15:44 - 2014-04-24 17:32 - 00000000 ___RD () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-08 16:33 - 2014-04-22 14:58 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Arma 3
2014-05-08 16:33 - 2014-02-19 15:38 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-08 15:01 - 2013-09-17 15:59 - 00000304 _____ () C:\Windows\Tasks\Registry Optimizer_DEFAULT.job
2014-05-07 15:59 - 2013-09-17 15:59 - 00000312 _____ () C:\Windows\Tasks\Registry Optimizer_UPDATES.job
2014-05-06 16:03 - 2014-05-04 12:10 - 00001256 _____ () C:\Users\Gaming pc\AppData\Roaming\BreakingPoint_Options.ini
2014-05-06 15:54 - 2014-05-06 15:51 - 00000302 _____ () C:\Users\Gaming pc\AppData\Roaming\BreakingPoint_Login.ini
2014-05-06 15:54 - 2014-05-04 12:02 - 00000000 ____D () C:\Program Files (x86)\Breaking
2014-05-04 16:37 - 2014-05-04 16:37 - 00003222 _____ () C:\Windows\System32\Tasks\Windows Update Check - 0x140703D5
2014-05-04 16:21 - 2013-11-13 16:52 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-05-04 14:08 - 2014-05-04 14:08 - 00000019 _____ () C:\Users\Gaming pc\Desktop\[76561198110998659].txt
2014-05-04 12:03 - 2014-05-04 12:03 - 00001034 _____ () C:\Users\Gaming pc\Desktop\Breaking Point.lnk
2014-05-04 11:13 - 2013-12-27 13:39 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Microsoft Games
2014-05-04 11:08 - 2013-09-10 15:52 - 00068600 _____ () C:\Users\Gaming pc\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-04 11:07 - 2009-07-14 06:45 - 00309392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-04 10:12 - 2013-09-10 15:48 - 00603450 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-03 21:48 - 2014-05-03 21:48 - 00000000 ____D () C:\Users\Gaming pc\Documents\Navicat
2014-05-03 21:43 - 2014-05-03 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft
2014-05-03 21:43 - 2014-05-03 21:43 - 00000000 ____D () C:\Program Files\PremiumSoft
2014-05-03 21:37 - 2014-05-03 21:36 - 00000000 ____D () C:\ProgramData\MySQL
2014-05-03 21:36 - 2014-05-03 21:36 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
2014-05-03 20:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-01 20:03 - 2014-05-01 20:03 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PBO Manager
2014-05-01 20:03 - 2014-05-01 20:03 - 00000000 ____D () C:\Program Files\PBO Manager v.1.4 beta
2014-05-01 17:09 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-30 19:49 - 2014-04-30 19:49 - 00001103 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\Program Files (x86)\OpenVPN
2014-04-30 19:14 - 2014-04-30 19:14 - 00001971 _____ () C:\Users\Public\Desktop\Overwolf.lnk
2014-04-30 19:14 - 2014-04-30 19:14 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2014-04-30 19:14 - 2014-04-30 19:14 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-04-30 19:13 - 2014-04-30 19:13 - 00001222 _____ () C:\Users\Gaming pc\Desktop\TeamSpeak 3 Client.lnk
2014-04-30 19:13 - 2014-04-30 19:13 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\TeamSpeak 3 Client
2014-04-30 19:13 - 2014-04-24 20:56 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-29 20:08 - 2013-10-15 12:34 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Skype
2014-04-27 09:05 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-04-27 08:59 - 2013-11-22 16:52 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-04-27 08:58 - 2014-02-06 21:59 - 00000000 ____D () C:\Users\Gaming pc\Desktop\Games
2014-04-27 08:55 - 2014-03-04 15:03 - 00000000 ____D () C:\ProgramData\e13531e87054441f
2014-04-26 17:50 - 2014-03-31 16:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-04-26 17:50 - 2013-09-10 16:08 - 00000000 ____D () C:\Program Files (x86)\EA GAMES
2014-04-25 20:32 - 2014-04-25 20:32 - 00000201 _____ () C:\Users\Gaming pc\Desktop\arma3.url
2014-04-25 20:24 - 2014-04-25 20:24 - 00000222 _____ () C:\Users\Gaming pc\Desktop\Arma 3.url
2014-04-25 20:16 - 2014-04-25 20:11 - 00000000 ____D () C:\Program Files (x86)\Kepard
2014-04-25 19:51 - 2014-04-25 19:51 - 00003154 _____ () C:\Windows\System32\Tasks\{A8F5506E-8DE9-4484-9A04-FB634B47CB35}
2014-04-25 12:59 - 2013-09-10 15:54 - 00000000 ____D () C:\Windows\System32\Tasks\Intel(R) Small Business Advantage
2014-04-25 11:36 - 2013-09-10 16:03 - 00430540 _____ () C:\Windows\DirectX.log
2014-04-24 17:32 - 2014-04-24 17:32 - 00000000 ___RD () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-04-24 13:20 - 2014-04-24 13:20 - 06389248 _____ (Alderon Games) C:\Program Files (x86)\BreakingPoint.exe
2014-04-24 13:20 - 2014-04-24 13:20 - 03019880 _____ (BitTorrent, Inc.) C:\Program Files (x86)\BTSync.exe
2014-04-24 13:20 - 2014-04-24 13:20 - 01068544 _____ (Alderon Games) C:\Program Files (x86)\ApplyUpdate.exe
2014-04-23 21:02 - 2013-09-10 16:03 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\.minecraft
2014-04-22 19:26 - 2014-04-22 14:56 - 00000772 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARMA 3.lnk
2014-04-22 17:31 - 2014-04-22 14:58 - 00000000 ____D () C:\Users\Gaming pc\Documents\Arma 3
2014-04-22 15:49 - 2014-04-17 13:00 - 00000000 ____D () C:\Program Files (x86)\eRightSoft
2014-04-22 15:03 - 2014-03-08 14:00 - 00000000 ____D () C:\ProgramData\Steam
2014-04-22 14:58 - 2014-04-22 14:58 - 00000000 ____D () C:\ProgramData\Bohemia Interactive
2014-04-22 12:51 - 2014-04-18 18:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 15:59 - 2013-10-06 17:41 - 00000000 ____D () C:\Windows\Minidump
2014-04-17 22:15 - 2013-10-20 09:18 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\vlc
2014-04-17 13:00 - 2014-04-17 13:00 - 01097384 _____ (AnyProtect.com) C:\Users\Gaming pc\AppData\Local\nsy525F.tmp
2014-04-17 13:00 - 2014-04-17 13:00 - 00000000 ____D () C:\Users\Gaming pc\Documents\eRightSoft
2014-04-15 08:49 - 2014-04-15 08:49 - 00002990 _____ () C:\Windows\System32\Tasks\{EE1C554C-CCFC-452D-AAE2-71472538B64D}
2014-04-15 08:49 - 2014-04-15 08:49 - 00002990 _____ () C:\Windows\System32\Tasks\{E40D7364-927A-4F7B-B1A6-261C7E340CB4}
2014-04-13 16:18 - 2014-01-17 18:38 - 00000000 ____D () C:\Users\Gaming pc\Documents\My Games
2014-04-13 12:25 - 2014-04-13 12:12 - 00000000 ____D () C:\Users\Gaming pc\AppData\authlib
2014-04-13 12:23 - 2014-04-13 12:17 - 00000000 ____D () C:\Users\Gaming pc\AppData\assets
2014-04-13 12:23 - 2014-04-13 12:15 - 00000000 ____D () C:\Users\Gaming pc\AppData\Monster
2014-04-13 12:22 - 2014-04-13 12:19 - 00000000 ____D () C:\Users\Gaming pc\AppData\libraries
2014-04-13 12:17 - 2014-04-13 12:17 - 00000000 ____D () C:\Users\Gaming pc\AppData\versions
2014-04-13 12:13 - 2013-11-01 19:54 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\ftblauncher
2014-04-13 12:12 - 2014-04-13 12:12 - 00000000 _____ () C:\Users\Gaming pc\AppData\FTBOSSent1.3.8.txt
2014-04-13 12:10 - 2013-10-31 15:52 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\.technic
2014-04-11 17:41 - 2013-09-16 15:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-11 17:40 - 2013-09-16 15:19 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.4516.dll


Some content of TEMP:
====================
C:\Users\Gaming pc\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 21:32

==================== End Of Log ============================
--- --- ---

deeprybka 10.05.2014 13:36
Ok, bitte auch noch die Addition.txt posten... :)

Manuel.E 10.05.2014 13:57
Wo finde ich die Addition.txt

deeprybka 10.05.2014 14:00
Die sollte eigentlich auch
Code:
C:\Users\Gaming pc\Desktop
hier liegen.
Wenn Du sie nicht findest nicht schlimm, FRST starten, Haken setzen bei Addition.txt und nochmal auf Scan drücken... ;)

Manuel.E 10.05.2014 14:03
Ok hab´s hier

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-05-2014
Ran by Gaming pc at 2014-05-10 15:01:15
Running from C:\Users\Gaming pc\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.12 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
AutoCAD 2014 - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
Blender (HKLM\...\Blender) (Version: 2.68a - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Ghost Recon Phantoms - EU (HKCU\...\d8be6c3f847d7d92) (Version: 1.35.5979.1 - Ubisoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel(R) Smart Connect Technology 4.0 x64 (HKLM\...\{B0CA78DB-745A-4857-A73F-9ACD95E62BD0}) (Version: 4.0.41.2072 - Intel)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
MySQL Examples and Samples 5.6 (HKLM-x32\...\{44D03537-3061-490B-BF0C-DACA4DEE8797}) (Version: 5.6.14 - Oracle Corporation)
MySQL Installer (HKLM-x32\...\{88359D24-F64F-477E-B080-50FB024BA6F7}) (Version: 1.3.3.0 - Oracle Corporation)
MySQL Notifier 1.1.4 (HKLM-x32\...\{D7C3E617-EB02-47B3-8D0E-BF3E00D873D5}) (Version: 1.1.4 - Oracle)
MySQL Server 5.6 (HKLM\...\{23EEC459-9E65-4DCE-83B8-A1FDB44B9337}) (Version: 5.6.14 - Oracle Corporation)
MySQL Utilities (HKLM-x32\...\{6A494EFD-CFC6-4534-9E14-26D3F7D888DE}) (Version: 1.3.4 - Oracle)
MySQL Workbench 6.0 CE (HKLM-x32\...\{0B724473-51F5-49E8-958C-4BB3C0AAAF35}) (Version: 6.0.7 - Oracle Corporation)
OpenVPN 2.3.3-I002  (HKLM-x32\...\OpenVPN) (Version: 2.3.3-I002 - )
Overwolf (HKLM-x32\...\{FB83467F-D8EB-43E6-8B3D-860B045C1C52}) (Version: 0.51.325 - Overwolf)
PBO Manager v.1.4 beta (HKLM\...\{127B5371-1802-4EDD-A25A-A43BF761D383}) (Version: 1.4.0 -  )
PlanetSide 2 (HKCU\...\SOE-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
PremiumSoft Navicat 11.0 for MySQL (HKLM\...\PremiumSoft Navicat for MySQL_is1) (Version: 11.0.17 - PremiumSoft CyberTech Ltd.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Restore Points  =========================

09-05-2014 14:17:38 Installed SpyHunter
09-05-2014 14:22:37 Removed SpyHunter
09-05-2014 18:16:19 Removed MySQL Connector/ODBC 5.2 64bit (community edition)
09-05-2014 18:16:34 Removed MySQL Connector Net 6.7.4
09-05-2014 18:17:00 Removed Vegas Pro 12.0 (64-bit)
09-05-2014 18:18:50 Removed MySQL Documents 5.6
09-05-2014 18:19:50 Removed MySQL Connector C++ 1.1.3
09-05-2014 18:20:02 Removed MySQL Connector J
09-05-2014 18:50:59 RegClean Pro Fr, Mai 09, 14  20:50
09-05-2014 19:00:29 Installed AVG 2014
09-05-2014 19:01:18 Installed AVG 2014
09-05-2014 19:05:14 Removed AVG 2014
10-05-2014 09:16:12 Installed AVG 2014

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-06-17 17:57 - 00001487 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      csc3-2010-crl.verisign.com
127.0.0.1      ocsp.verisign.com
127.0.0.1      crl.verisign.com
127.0.0.1                download.dm.origin.com
127.0.0.1                secure.download.dm.origin.com
127.0.0.1                loginregistration.dm.origin.com
127.0.0.1                achievements.gameservices.ea.com
127.0.0.1                friends.dm.origin.com
127.0.0.1                avatar.dm.origin.com
127.0.0.1                ecommerce.dm.origin.com
127.0.0.1                static.cdn.ea.com
127.0.0.1                tealium.hs.llnwd.net
127.0.0.1                heartbeat.dm.origin.com
127.0.0.1                web.dm.origin.com
127.0.0.1                store.origin.com
127.0.0.1                ec2-54-243-231-82.compute-1.amazonaws.com
127.0.0.1                eaassets-a.akamaihd.net
127.0.0.1                ssl.resources.ea.com
127.0.0.1                akamai.cdn.ea.com
127.0.0.1                novafusion.ea.com
127.0.0.1                proxy.novafusion.ea.com
127.0.0.1                ec2-23-23-167-200.compute-1.amazonaws.com
127.0.0.1                dirtybits.dm.origin.com
127.0.0.1                chat.dm.origin.com
127.0.0.1                easo.ea.com
127.0.0.1                ea.com
127.0.0.1                telemetry.simcity.com
127.0.0.1                ec2-54-228-227-181.eu-west-1.compute.amazonaws.com
127.0.0.1                ec2-46-137-177-16.eu-west-1.compute.amazonaws.com

There are 11 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {05E22C15-AD8D-49A8-A9FB-24EB083CA143} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.)
Task: {0AFE4B3A-10B7-4F95-BE15-9B6890A1D772} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {0FE2AB4C-4369-4F52-B37B-9659200A1552} - System32\Tasks\CS Browser Assistant 2.0-enabler => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-enabler.exe
Task: {28DDF4E9-308C-46B7-8956-CAB825140E55} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {35B64F17-8457-4CFB-93D3-E3F8C9A8CCE7} - System32\Tasks\{EE1C554C-CCFC-452D-AAE2-71472538B64D} => C:\Users\Gaming pc\Desktop\Nexus_Mod_Manager-0.49.2.exe
Task: {471D57E0-CFD6-4BCD-81A5-DC48DC528523} - System32\Tasks\Intel(R) Small Business Advantage\Notifier => C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\SBA_Notifier.exe [2013-03-13] (Intel Corporation)
Task: {5B256E7B-0C95-4D69-AF93-FB157CA177C7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000UA => C:\Users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-27] (Google Inc.)
Task: {64D2BA3C-A1A6-4109-9ECD-17F4ACEC3375} - System32\Tasks\CS Browser Assistant 2.0-firefoxinstaller => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-firefoxinstaller.exe
Task: {6569A672-7776-4A44-81AE-F0716AC7ED61} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled
Task: {6C6FECA8-BE1C-4AAA-BDFF-B33B46458425} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.)
Task: {6CE999AF-84EF-4E49-8616-DDC3743629BB} - System32\Tasks\Windows Update Check - 0x140703D5 => C:\ProgramData\folder\mtqadjqbe.exe [] ()
Task: {6F5ADDFB-A153-44D2-9ACB-17122CDFFA38} - System32\Tasks\Registry Optimizer_DEFAULT => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {7443E756-0398-43D1-9D61-59DABBAEEFF1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {7B778D8D-E9BE-49CC-A92F-9C90CAB6E699} - System32\Tasks\CS Browser Assistant 2.0-updater => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-updater.exe
Task: {8177C1FF-236F-4A57-BF2E-4377EB1A3789} - System32\Tasks\Registry Optimizer_UPDATES => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {8249F99B-ABE1-4602-800E-0C12D0097385} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {983A234F-DDBC-4096-B734-E6FB0DC6278E} - \AmiUpdXp No Task File <==== ATTENTION
Task: {A28EF333-2B66-4651-B2B4-EBD24959D344} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks
Task: {A41202DF-47E8-4001-B08D-7A3F39007D30} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000Core => C:\Users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-27] (Google Inc.)
Task: {A54FCA05-0AC2-4FC6-8BF1-3503D65C5F18} - System32\Tasks\{E40D7364-927A-4F7B-B1A6-261C7E340CB4} => C:\Users\Gaming pc\Desktop\Nexus_Mod_Manager-0.49.2.exe
Task: {B9234F7A-4E44-4A40-B473-441AADF72EC2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-09] (Adobe Systems Incorporated)
Task: {BFEBC2D9-3AF3-4A23-8B4E-8C4FE8C0396D} - System32\Tasks\Install_SSD => C:\Users\Gaming
Task: {D557F350-B077-4C75-B95C-1470A27126A7} - System32\Tasks\CS Browser Assistant 2.0-codedownloader => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-codedownloader.exe
Task: {DA79FAB7-8775-4B86-97DC-8E79504B7BD2} - System32\Tasks\CS Browser Assistant 2.0-chromeinstaller => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-chromeinstaller.exe
Task: {FB7CB1B9-2064-45B3-A205-F087A73C561D} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2013-01-23] ()
Task: {FCACAD34-56A9-4DEE-A5F7-8D491C3B81B9} - System32\Tasks\Registry Optimizer => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CS Browser Assistant 2.0-chromeinstaller.job => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-chromeinstaller.exe
Task: C:\Windows\Tasks\CS Browser Assistant 2.0-codedownloader.job => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-codedownloader.exe
Task: C:\Windows\Tasks\CS Browser Assistant 2.0-enabler.job => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-enabler.exe
Task: C:\Windows\Tasks\CS Browser Assistant 2.0-firefoxinstaller.job => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-firefoxinstaller.exe
Task: C:\Windows\Tasks\CS Browser Assistant 2.0-updater.job => C:\Program Files (x86)\CS Browser Assistant 2.0\CS Browser Assistant 2.0-updater.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000Core.job => C:\Users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000UA.job => C:\Users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Opera scheduled Uninstall survey 1394193655.job => ?
Task: C:\Windows\Tasks\Registry Optimizer_DEFAULT.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: C:\Windows\Tasks\Registry Optimizer_UPDATES.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: C:\Windows\Tasks\WS.Booster-S-1839310039.job => c:\programdata\right soft\ws.booster\WS.Booster.exe

==================== Loaded Modules (whitelisted) =============

2013-02-13 10:35 - 2013-02-13 10:35 - 00180200 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-02-13 10:35 - 2013-02-13 10:35 - 00060392 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-01-23 08:12 - 2013-01-23 08:12 - 00425016 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2013-09-10 10:04 - 2013-09-10 10:04 - 12915712 _____ () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-16 18:01 - 2013-01-16 18:01 - 00069632 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2013-01-16 18:00 - 2013-01-16 18:00 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2013-01-16 18:01 - 2013-01-16 18:01 - 00229376 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2013-01-16 18:00 - 2013-01-16 18:00 - 00143360 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2013-01-16 18:01 - 2013-01-16 18:01 - 00348160 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2011-04-30 21:04 - 2011-04-30 21:04 - 00013312 _____ () C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
2014-03-19 18:12 - 2014-03-19 18:12 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-10 15:52 - 2013-03-12 22:20 - 01199576 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: FlexNet Licensing Service 64 => 3

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/10/2014 03:00:43 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm FRST64.exe, Version 10.5.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 13c0

Startzeit: 01cf6c4fb8cc37c6

Endzeit: 0

Anwendungspfad: C:\Users\Gaming pc\Desktop\FRST64.exe

Berichts-ID: 12ee2654-d843-11e3-9004-d43d7ebdbc00

Error: (05/10/2014 02:59:29 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2014 00:01:13 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2014 11:26:16 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.16521, Zeitstempel: 0x53114286
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x714
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (05/10/2014 11:20:19 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2014 11:13:08 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 48507263

Error: (05/10/2014 11:13:08 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 48507263

Error: (05/10/2014 11:13:08 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/10/2014 11:12:58 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 48497279

Error: (05/10/2014 11:12:58 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 48497279


System errors:
=============
Error: (05/10/2014 02:59:52 PM) (Source: Service Control Manager) (User: ) (EventID: 7024)
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

Error: (05/10/2014 02:59:02 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Util Surftastic" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/10/2014 02:58:51 PM) (Source: Service Control Manager) (User: ) (EventID: 7003)
Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert.

Error: (05/10/2014 00:03:06 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%-2147024891

Error: (05/10/2014 00:01:06 PM) (Source: Service Control Manager) (User: ) (EventID: 7024)
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

Error: (05/10/2014 00:00:39 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Util Surftastic" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/10/2014 00:00:33 PM) (Source: Service Control Manager) (User: ) (EventID: 7003)
Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert.

Error: (05/10/2014 11:22:30 AM) (Source: Service Control Manager) (User: ) (EventID: 7023)
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%-2147024891

Error: (05/10/2014 11:20:58 AM) (Source: Service Control Manager) (User: ) (EventID: 7024)
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

Error: (05/10/2014 11:19:47 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Util Surftastic" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================
Error: (05/10/2014 03:00:43 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: FRST64.exe10.5.2014.013c001cf6c4fb8cc37c60C:\Users\Gaming pc\Desktop\FRST64.exe12ee2654-d843-11e3-9004-d43d7ebdbc00

Error: (05/10/2014 02:59:29 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2014 00:01:13 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2014 11:26:16 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: iexplore.exe11.0.9600.1652153114286unknown0.0.0.000000000c0000005000000000000000071401cf6c31e470cf9cC:\Program Files\Internet Explorer\iexplore.exeunknown22c28630-d825-11e3-b32e-d43d7ebdbc00

Error: (05/10/2014 11:20:19 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/10/2014 11:13:08 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 48507263

Error: (05/10/2014 11:13:08 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 48507263

Error: (05/10/2014 11:13:08 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/10/2014 11:12:58 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledSPRetry 48497279

Error: (05/10/2014 11:12:58 AM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Task Scheduling Error: m->NextScheduledEvent 48497279


==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 8120.6 MB
Available physical RAM: 6027.18 MB
Total Pagefile: 16239.38 MB
Available Pagefile: 13560.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:508.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 88570D40)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================

deeprybka 10.05.2014 17:40
Hallo,
Dein PC ist mit einigen Schädlingen infiziert. Es kann nicht schaden von einem anderen PC aus Logindaten zu ändern. Solange dieser Rechner nicht wieder >clean< ist, würde ich damit keine sensiblen Logins etc. mehr vornehmen.

Bitte auch keine weiteren Tools installieren etc.
Code:
09-05-2014 14:17:38 Installed SpyHunter
;)


Schritt 1

Wichtig: Benenne die runtergeladene Combofix.exe vor dem Start in CF.exe um! Ansonsten folge diesen Anweisungen analog:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Manuel.E 11.05.2014 09:34
Ok habs ausgeführt und es gab keine probleme

Code:
ComboFix 14-05-10.01 - Gaming pc 11.05.2014  10:21:30.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8121.6436 [GMT 2:00]
ausgeführt von:: c:\users\Gaming pc\Desktop\CF.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Windows Manager\winmgr.exe
c:\programdata\1382544747.bdinstall.bin
c:\programdata\1382623707.bdinstall.bin
c:\programdata\Folder\mtqadjqbe.exe
c:\programdata\Local Settings\Temp
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\yraM.js
c:\users\Gaming pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Surftastic_iels
c:\users\Gaming pc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Whilokii_iels
c:\users\Gaming pc\AppData\Local\nsy525F.tmp
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\yraM.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\felleiimiaegndmcblfkdgjefhfapoln\2.2\yraM.js
c:\users\Public\AlexaNSISPlugin.4516.dll
c:\windows\ST6UNST.000
c:\windows\SysWow64\Microsoft.com
c:\programdata\Folder . . . . Nicht in der Lage zu löschen
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-04-11 bis 2014-05-11  ))))))))))))))))))))))))))))))
.
.
2014-05-10 16:02 . 2014-05-10 16:02        --------        d-----w-        c:\users\Gaming pc\AppData\Local\Apps
2014-05-10 10:00 . 2014-05-10 10:00        --------        d-----w-        c:\users\Gaming pc\AppData\Roaming\ATI
2014-05-10 10:00 . 2014-05-10 10:00        --------        d-----w-        c:\users\Gaming pc\AppData\Roaming\Apple Computer
2014-05-10 10:00 . 2014-05-10 10:00        --------        d-----w-        c:\users\Gaming pc\AppData\Local\Avg2014
2014-05-10 10:00 . 2014-05-10 10:00        --------        d-----w-        c:\users\Gaming pc\AppData\Local\MFAData
2014-05-10 09:47 . 2014-05-10 09:47        --------        d-----w-        C:\OETemp
2014-05-10 09:38 . 2014-05-10 13:01        --------        d-----w-        C:\FRST
2014-05-10 09:15 . 2014-05-10 09:15        --------        d-----w-        c:\program files (x86)\GUMDF08.tmp
2014-05-10 09:15 . 2014-05-10 09:15        6103040        ----a-w-        c:\program files (x86)\GUTDF67.tmp
2014-05-09 19:04 . 2014-05-09 19:04        --------        d-----w-        c:\users\Gaming pc\AppData\Roaming\TuneUp Software
2014-05-09 18:59 . 2014-05-10 09:17        --------        d-----w-        c:\programdata\MFAData
2014-05-09 18:41 . 2014-05-09 18:41        --------        d---a-w-        c:\windows\VDLL.DLL
2014-05-09 18:41 . 2014-05-09 18:41        --------        d---a-w-        c:\windows\SysWow64\runouce.exe
2014-05-09 18:41 . 2014-05-09 18:41        --------        d---a-w-        c:\windows\rundll16.exe
2014-05-09 18:41 . 2014-05-09 18:41        --------        d---a-w-        c:\windows\RUNDL132.EXE
2014-05-09 18:41 . 2014-05-09 18:41        --------        d---a-w-        c:\windows\logo1_.exe
2014-05-09 18:41 . 2014-05-09 18:41        --------        d---a-w-        c:\windows\logo_1.exe
2014-05-09 18:40 . 2014-05-09 18:40        632064        ----a-w-        c:\windows\SysWow64\msvcr80.dll
2014-05-09 18:40 . 2014-05-09 18:40        554240        ----a-w-        c:\windows\SysWow64\msvcp80.dll
2014-05-09 18:40 . 2014-05-09 18:40        34048        ----a-w-        c:\windows\SysWow64\eEmpty.exe
2014-05-09 18:40 . 2014-05-09 18:40        --------        d-----w-        c:\program files (x86)\Common Files\MicroWorld
2014-05-09 18:40 . 2014-05-09 18:40        --------        d-----w-        c:\programdata\MicroWorld
2014-05-09 18:30 . 2010-08-30 06:34        536576        ----a-w-        c:\windows\SysWow64\sqlite3.dll
2014-05-09 18:30 . 2014-05-10 09:59        --------        d-----w-        C:\AdwCleaner
2014-05-09 18:21 . 2014-04-03 07:51        63192        ----a-w-        c:\windows\system32\drivers\mwac.sys
2014-05-09 18:21 . 2014-04-03 07:51        88280        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-05-09 18:21 . 2014-04-03 07:50        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-05-09 17:56 . 2014-05-09 17:56        --------        d-----w-        c:\users\Gaming pc\ChromeExtensions
2014-05-09 17:47 . 2014-05-09 17:47        120832        ----a-w-        c:\windows\system32\cmlua64.exe
2014-05-09 17:41 . 2014-05-10 09:22        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-09 17:37 . 2014-05-09 17:37        --------        d-----w-        c:\programdata\AVAST Software
2014-05-09 17:33 . 2014-05-10 10:01        --------        d-----w-        c:\users\Gaming pc\AppData\Roaming\Oracle
2014-05-09 14:17 . 2014-05-09 14:17        --------        d-----w-        c:\program files\Enigma Software Group
2014-05-09 14:17 . 2014-05-09 14:22        --------        d-----w-        c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-09 14:17 . 2014-05-09 14:17        --------        d-----w-        c:\program files (x86)\Common Files\Wise Installation Wizard
2014-05-09 14:09 . 2014-05-10 10:00        --------        d-----w-        c:\program files (x86)\Avira
2014-05-04 14:37 . 2014-05-11 08:27        --------        d-----w-        c:\programdata\folder
2014-05-04 10:02 . 2014-05-06 13:54        --------        d-----w-        c:\program files (x86)\Breaking
2014-05-03 19:43 . 2013-10-08 07:55        1988096        ----a-w-        c:\windows\system32\libmysql_e.dll
2014-05-03 19:43 . 2014-05-03 19:43        --------        d-----w-        c:\program files\PremiumSoft
2014-05-03 19:41 . 2014-05-10 09:51        --------        d-----w-        c:\users\Gaming pc\AppData\Roaming\MySQL
2014-05-03 19:37 . 2014-05-09 18:19        --------        d-----w-        c:\program files\MySQL
2014-05-03 19:36 . 2014-05-09 18:18        --------        d-----w-        c:\program files (x86)\MySQL
2014-05-03 19:36 . 2014-05-03 19:37        --------        d-----w-        c:\programdata\MySQL
2014-05-01 18:03 . 2014-05-01 18:03        --------        d-----w-        c:\program files\PBO Manager v.1.4 beta
2014-04-30 17:49 . 2014-04-30 17:49        --------        d-----w-        c:\program files\TAP-Windows
2014-04-30 17:49 . 2014-04-30 17:49        --------        d-----w-        c:\program files (x86)\OpenVPN
2014-04-30 17:14 . 2014-04-30 17:14        --------        d-----w-        c:\program files (x86)\Overwolf
2014-04-30 17:14 . 2014-04-30 17:14        --------        d-----w-        c:\program files (x86)\Common Files\Overwolf
2014-04-30 17:13 . 2014-05-10 15:55        --------        d-----w-        c:\users\Gaming pc\AppData\Local\Overwolf
2014-04-30 17:13 . 2014-04-30 17:13        --------        d-----w-        c:\users\Gaming pc\AppData\Local\TeamSpeak 3 Client
2014-04-25 18:16 . 2014-05-11 08:25        --------        d-sh--w-        c:\program files (x86)\Windows Manager
2014-04-25 18:11 . 2014-04-25 18:16        --------        d-----w-        c:\program files (x86)\Kepard
2014-04-25 17:53 . 2014-04-25 17:53        --------        d-----w-        c:\program files (x86)\Common Files\Steganos
2014-04-25 09:38 . 2014-04-25 09:38        --------        d-----w-        c:\program files (x86)\Common Files\BattlEye
2014-04-25 08:22 . 2014-04-25 08:22        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{87E93FE7-EC4D-46DF-8A2A-139AD922AC5D}\offreg.dll
2014-04-24 11:20 . 2014-04-24 11:20        3019880        ----a-w-        c:\program files (x86)\BTSync.exe
2014-04-24 11:20 . 2014-04-24 11:20        1068544        ----a-w-        c:\program files (x86)\ApplyUpdate.exe
2014-04-22 12:58 . 2014-05-10 15:28        --------        d-----w-        c:\users\Gaming pc\AppData\Local\Arma 3
2014-04-22 12:58 . 2014-04-22 12:58        --------        d-----w-        c:\programdata\Bohemia Interactive
2014-04-18 16:56 . 2014-04-22 10:51        119512        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-17 11:04 . 2004-02-22 08:11        764416        --sh--w-        c:\windows\SysWow64\devil.dll
2014-04-17 11:04 . 2009-09-27 07:39        415744        --sh--w-        c:\windows\SysWow64\avisynth.dll
2014-04-17 11:04 . 2005-07-14 10:31        32256        --sh--w-        c:\windows\SysWow64\AVSredirect.dll
2014-04-17 11:04 . 2004-01-24 22:00        70656        --sh--w-        c:\windows\SysWow64\yv12vfw.dll
2014-04-17 11:04 . 2004-01-24 22:00        70656        --sh--w-        c:\windows\SysWow64\i420vfw.dll
2014-04-17 11:00 . 2004-07-02 14:33        327749        ----a-w-        c:\windows\SysWow64\drvc.dll
2014-04-17 11:00 . 2014-04-22 13:49        --------        d-----w-        c:\program files (x86)\eRightSoft
2014-04-16 11:23 . 2014-03-07 04:43        10521840        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{87E93FE7-EC4D-46DF-8A2A-139AD922AC5D}\mpengine.dll
2014-04-13 10:29 . 2014-05-11 08:27        34752        ----a-w-        c:\windows\system32\drivers\WPRO_41_2001.sys
2014-04-11 15:40 . 2014-04-11 15:40        --------        d-----w-        c:\program files\Microsoft Silverlight
2014-04-11 15:40 . 2014-04-11 15:40        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-09 18:42 . 2014-05-09 18:41        19759335        ----a-w-        c:\windows\REGBK00.ZIP
2014-05-09 13:54 . 2013-09-17 13:47        70832        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-09 13:54 . 2013-09-17 13:47        692400        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-11 15:40 . 2013-09-16 13:19        90655440        ----a-w-        c:\windows\system32\MRT.exe
2014-03-01 06:05 . 2014-03-19 14:56        23133696        ----a-w-        c:\windows\system32\mshtml.dll
2014-03-01 05:17 . 2014-03-19 14:56        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-03-01 05:16 . 2014-03-19 14:56        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-03-01 04:58 . 2014-03-19 14:56        2765824        ----a-w-        c:\windows\system32\iertutil.dll
2014-03-01 04:52 . 2014-03-19 14:56        66048        ----a-w-        c:\windows\system32\iesetup.dll
2014-03-01 04:51 . 2014-03-19 14:56        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-03-01 04:42 . 2014-03-19 14:56        53760        ----a-w-        c:\windows\system32\jsproxy.dll
2014-03-01 04:40 . 2014-03-19 14:56        33792        ----a-w-        c:\windows\system32\iernonce.dll
2014-03-01 04:37 . 2014-03-19 14:56        574976        ----a-w-        c:\windows\system32\ieui.dll
2014-03-01 04:33 . 2014-03-19 14:56        139264        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-03-01 04:33 . 2014-03-19 14:56        111616        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-03-01 04:32 . 2014-03-19 14:56        708608        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-03-01 04:23 . 2014-03-19 14:56        940032        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:17 . 2014-03-19 14:56        218624        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-03-01 04:11 . 2014-03-19 14:56        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-03-01 04:02 . 2014-03-19 14:56        195584        ----a-w-        c:\windows\system32\msrating.dll
2014-03-01 03:54 . 2014-03-19 14:56        5768704        ----a-w-        c:\windows\system32\jscript9.dll
2014-03-01 03:52 . 2014-03-19 14:56        61952        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-03-01 03:51 . 2014-03-19 14:56        51200        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:42 . 2014-03-19 14:56        627200        ----a-w-        c:\windows\system32\msfeeds.dll
2014-03-01 03:38 . 2014-03-19 14:56        112128        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37 . 2014-03-19 14:56        553472        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35 . 2014-03-19 14:56        2041856        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-03-01 03:18 . 2014-03-19 14:56        13051904        ----a-w-        c:\windows\system32\ieframe.dll
2014-03-01 03:14 . 2014-03-19 14:56        4244480        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-03-01 03:10 . 2014-03-19 14:56        2334208        ----a-w-        c:\windows\system32\wininet.dll
2014-03-01 03:00 . 2014-03-19 14:56        1964032        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:38 . 2014-03-19 14:56        1393664        ----a-w-        c:\windows\system32\urlmon.dll
2014-03-01 02:32 . 2014-03-19 14:56        1820160        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-03-01 02:25 . 2014-03-19 14:56        817664        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-01-07 14:58 . 2014-01-07 12:56        820984        ----a-w-        c:\program files (x86)\DragonsProphetSetup.exe
2014-01-07 14:58 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-9.bin
2014-01-07 14:56 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-8.bin
2014-01-07 14:54 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-7.bin
2014-01-07 14:51 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-6.bin
2014-01-07 14:49 . 2014-01-07 12:56        92102186        ----a-w-        c:\program files (x86)\DragonsProphetSetup-51.bin
2014-01-07 14:48 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-50.bin
2014-01-07 14:45 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-5.bin
2014-01-07 14:43 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-49.bin
2014-01-07 14:40 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-48.bin
2014-01-07 14:38 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-47.bin
2014-01-07 14:36 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-46.bin
2014-01-07 14:33 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-45.bin
2014-01-07 14:31 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-44.bin
2014-01-07 14:28 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-43.bin
2014-01-07 14:26 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-42.bin
2014-01-07 14:24 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-41.bin
2014-01-07 14:21 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-40.bin
2014-01-07 14:19 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-4.bin
2014-01-07 14:16 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-39.bin
2014-01-07 14:14 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-38.bin
2014-01-07 14:12 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-37.bin
2014-01-07 14:09 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-36.bin
2014-01-07 14:07 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-35.bin
2014-01-07 14:04 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-34.bin
2014-01-07 14:02 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-33.bin
2014-01-07 14:00 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-32.bin
2014-01-07 13:57 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-31.bin
2014-01-07 13:55 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-30.bin
2014-01-07 13:52 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-3.bin
2014-01-07 13:50 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-29.bin
2014-01-07 13:48 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-28.bin
2014-01-07 13:45 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-27.bin
2014-01-07 13:43 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-26.bin
2014-01-07 13:40 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-25.bin
2014-01-07 13:38 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-24.bin
2014-01-07 13:36 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-23.bin
2014-01-07 13:33 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-22.bin
2014-01-07 13:31 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-21.bin
2014-01-07 13:28 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-20.bin
2014-01-07 13:26 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-2.bin
2014-01-07 13:24 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-19.bin
2014-01-07 13:21 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-18.bin
2014-01-07 13:19 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-17.bin
2014-01-07 13:16 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-16.bin
2014-01-07 13:14 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-15.bin
2014-01-07 13:12 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-14.bin
2014-01-07 13:09 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-13.bin
2014-01-07 13:07 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-12.bin
2014-01-07 13:04 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-11.bin
2014-01-07 13:02 . 2014-01-07 12:56        209715200        ----a-w-        c:\program files (x86)\DragonsProphetSetup-10.bin
2014-01-07 12:59 . 2014-01-07 12:56        208900096        ----a-w-        c:\program files (x86)\DragonsProphetSetup-1.bin
2009-09-27 07:39        415744        --sh--w-        c:\windows\SysWOW64\avisynth.dll
2005-07-14 10:31        32256        --sh--w-        c:\windows\SysWOW64\AVSredirect.dll
2004-02-22 08:11        764416        --sh--w-        c:\windows\SysWOW64\devil.dll
2004-01-24 22:00        70656        --sh--w-        c:\windows\SysWOW64\i420vfw.dll
2004-01-24 22:00        70656        --sh--w-        c:\windows\SysWOW64\yv12vfw.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2014-03-05 37664]
"MySQL Notifier"="c:\program files (x86)\MySQL\MySQL Notifier 1.1.4\MySqlNotifier.exe" [2013-07-05 762368]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2013-12-06 389120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-11 292848]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2013-03-08 506864]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-03-12 134616]
"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2013-02-01 1641368]
"MFARestart"="c:\programdata\MFAData\pack\avgrunasx.exe" [2014-03-27 314896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0"
"UpdatesDisableNotify"="0"
.
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Util Surftastic;Util Surftastic;c:\program files (x86)\Surftastic\bin\utilSurftastic.exe;c:\program files (x86)\Surftastic\bin\utilSurftastic.exe [x]
R3 ALSysIO;ALSysIO;c:\users\GAMING~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\GAMING~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 intelsba;Intel(R) Small Business Advantage;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe  [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 MSI_Trigger_Service;MSI_Trigger_Service;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [x]
S2 MySQL56;MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56 [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-29 14:40        1078088        ----a-w-        c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-17 13:54]
.
2014-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-24 15:57]
.
2014-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-24 15:57]
.
2014-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000Core.job
- c:\users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-27 10:12]
.
2014-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000UA.job
- c:\users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-27 10:12]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
uStart Page = hxxp://www.bing.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Gaming pc\AppData\Roaming\Mozilla\Firefox\Profiles\3ngzs4ee.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
Toolbar-10 - (no file)
Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
Wow6432Node-HKCU-Run-adminkey - c:\programdata\folder\mtqadjqbe.exe
Wow6432Node-HKLM-Run-d2be3e6d11846430c067fc874a79f583 - c:\users\Gaming pc\AppData\Local\Temp\java.exe
Wow6432Node-HKLM-Run-ApnTBMon - c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
Wow6432Node-HKLM-Run-Download Protect - c:\programdata\dlprotect.exe
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse-Agent - c:\program files\Bitdefender\Bitdefender\pmbxag.exe
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse - c:\program files\Bitdefender\Bitdefender\pwdmanui.exe
Wow6432Node-HKU-Default-Run-Bitdefender-Geldbörse-Anwendungs-Agent - c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{41564952-412D-5637-00A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll
Toolbar-10 - (no file)
Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll
AddRemove-d8be6c3f847d7d92 - c:\users\Gaming pc\AppData\Local\Apps\2.0\N58WLDKM.V42\H71K9KWH.5Q6\laun...app_59711684aa47878d_0001.0023_c2562620c05acb90\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1761028741-3533212565-443726766-1000\Software\SecuROM\License information*]
"datasecu"=hex:7c,de,e2,59,04,e5,f6,40,27,81,e2,ee,57,80,96,f3,d5,19,98,9a,8f,
  80,14,09,20,bd,5e,12,5f,b6,e2,65,af,02,56,a9,52,3a,11,b5,0e,a6,75,ab,5b,cc,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-11  10:31:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-05-11 08:31
.
Vor Suchlauf: 23 Verzeichnis(se), 541.242.998.784 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 541.675.495.424 Bytes frei
.
- - End Of File - - 981B29E1437A31E18C3AC8DE66187C38
A36C5E4F47E84449FF07ED3517B43A31
Gruß Manuel

deeprybka 11.05.2014 11:31
Ok, gute Arbeit Manuel! ;)

Schritt 1
Scan mit http://filepony.de/icon/malwarebytes_anti_malware.png Malwarebytes Antimalware
Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
Poste mir den Inhalt der Logdatei. Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 2
  • Schließe alle offenen Programme und Browser.
  • Starte bitte http://filepony.de/icon/adwcleaner.png Adwarecleaner.
  • Akzeptiere die Nutzungsbedingungen.
  • Klicke auf Suchen und warte, bis der Suchlauf abgeschlossen ist.
  • Klicke nun auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
    Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Sx].txt. (x = fortlaufende Nummer).

Schritt 3

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.

Manuel.E 11.05.2014 14:41
Hallo, erstmal viellen Dank an Sie, dass Sie mir helfen.

Hier ist das Protokoll von Malwarebytes Anti-Malware

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 11.05.2014
Suchlauf-Zeit: 15:21:45
Logdatei:
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.11.04
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Gaming pc

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 330721
Verstrichene Zeit: 20 Min, 54 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 2
PUP.Optional.HDPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PlusSHD-9.9, In Quarantäne, [e8188b7548b8649cfa9393e932d0926e],
PUP.Optional.FindADeal.A, HKU\S-1-5-21-1761028741-3533212565-443726766-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\find-a-deal-2, In Quarantäne, [8b75e11fda26f907fdc968189f636b95],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 7
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[98688c741ce4b050973da79b9e66c53b]
PUP.Optional.Snapdo, HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_TsVW0W3VKGLGJg89tYY7CU91_a6DvxItB7ybW-lPREnAhwYRME_Jhr2VQHL1QxU,, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_TsVW0W3VKGLGJg89tYY7CU91_a6DvxItB7ybW-lPREnAhwYRME_Jhr2VQHL1QxU,),Ersetzt,[fe02a858ac54a65ab49119291be907f9]
PUP.Optional.Snapdo, HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_Qt777CnDIDnveP3fDZJRQej9QlduTHsI6Se7nVnDzddVhHhK3SM19hhYrOoolsM,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_Qt777CnDIDnveP3fDZJRQej9QlduTHsI6Se7nVnDzddVhHhK3SM19hhYrOoolsM,&q={searchTerms}),Ersetzt,[04fcbd43dd23f10fc47ff94952b2f30d]
PUP.Optional.Snapdo, HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_Qt777CnDIDnveP3fDZJRQej9QlduTHsI6Se7nVnDzddVhHhK3SM19hhYrOoolsM,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_Qt777CnDIDnveP3fDZJRQej9QlduTHsI6Se7nVnDzddVhHhK3SM19hhYrOoolsM,&q={searchTerms}),Ersetzt,[bc449b65926e51afe262db67877d35cb]
PUP.Optional.Snapdo, HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_Qt777CnDIDnveP3fDZJRQej9QlduTHsI6Se7nVnDzddVhHhK3SM19hhYrOoolsM,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_Qt777CnDIDnveP3fDZJRQej9QlduTHsI6Se7nVnDzddVhHhK3SM19hhYrOoolsM,&q={searchTerms}),Ersetzt,[45bb4fb1eb15d32d3214123055af03fd]
PUP.Optional.Snapdo, HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_Qt777CnDIDnveP3fDZJRQej9QlduTHsI6Se7nVnDzddVhHhK3SM19hhYrOoolsM,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_Qt777CnDIDnveP3fDZJRQej9QlduTHsI6Se7nVnDzddVhHhK3SM19hhYrOoolsM,&q={searchTerms}),Ersetzt,[df21de2247b95ca4ed5ad46e22e29070]
PUP.Optional.SnapDo.A, HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_Qt777CnDIDnveP3fDZJRQej9QlduTHsI6Se7nVnDzddVhHhK3SM19hhYrOoolsM,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE_ZhNI1aePY6ASEebVtePGwLcMy65uEkqHWzWbOJWZ1QPTH_jB9BqKkYMrQ8MCS5GETuB29HzLsw_QxxQ9W3eZ-Bo_Qt777CnDIDnveP3fDZJRQej9QlduTHsI6Se7nVnDzddVhHhK3SM19hhYrOoolsM,&q={searchTerms}),Ersetzt,[17e97888956b0df308d7ad8bfa0a3bc5]

Ordner: 0
(No malicious items detected)

Dateien: 2
PUP.Optional.V9.A, C:\Users\Gaming pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.v9.com_0.localstorage, In Quarantäne, [956b05fbd22e44bcb8b9f18b54ae43bd],
PUP.Optional.V9.A, C:\Users\Gaming pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.v9.com_0.localstorage-journal, In Quarantäne, [19e77d83e917a15f1b56dba17e843ac6],

Physische Sektoren: 0
(No malicious items detected)


(end)
Hier ist der Bericht von AdwCleaner

Code:
# AdwCleaner v3.207 - Bericht erstellt am 11/05/2014 um 15:29:26
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Gaming pc - GAMINGPC-PC
# Gestartet von : C:\Users\Gaming pc\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Gaming pc\AppData\Roaming\Mozilla\Firefox\Profiles\3ngzs4ee.default\prefs.js ]


-\\ Google Chrome v34.0.1847.131

[ Datei : C:\Users\Gaming pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [40586 octets] - [09/05/2014 20:30:23]
AdwCleaner[R1].txt - [1542 octets] - [10/05/2014 11:58:58]
AdwCleaner[R2].txt - [1195 octets] - [11/05/2014 15:28:07]
AdwCleaner[S0].txt - [37661 octets] - [09/05/2014 20:32:32]
AdwCleaner[S1].txt - [1498 octets] - [10/05/2014 11:59:38]
AdwCleaner[S2].txt - [1117 octets] - [11/05/2014 15:29:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1177 octets] ##########

Und zu aller letzt von FRST

FRST.txt

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014
Ran by Gaming pc (administrator) on GAMINGPC-PC on 11-05-2014 15:37:19
Running from C:\Users\Gaming pc\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
() C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [506864 2013-03-08] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [MFARestart] => C:\ProgramData\MFAData\pack\avgrunasx.exe [314896 2014-03-27] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [37664 2014-03-05] (Overwolf LTD)
HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySqlNotifier.exe [762368 2013-07-05] (Oracle Corporation)
HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-12-06] (AMD)
HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Policies\Explorer: []
HKU\S-1-5-21-1761028741-3533212565-443726766-1000\...\Policies\Explorer: [TaskbarNoNotification] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - 931B4090B162439199140CDA6E2CECDF URL =
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a11465-172&apn_uid=3361143290744442&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPCAF66BCF-5A15-45D9-AAD8-951C2A465CDD&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Gaming pc\AppData\Roaming\Mozilla\Firefox\Profiles\3ngzs4ee.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Gaming pc\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Gaming pc\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Wallet) - C:\Users\Gaming pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-10-15]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-04-25] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [48832 2013-03-13] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-04-18] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14256 2014-05-04] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32568 2014-04-14] (The OpenVPN Project)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" [X]
S2 APNMCP; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]
S2 Util Surftastic; "C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe" [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-17] (Disc Soft Ltd)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-02-13] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-05-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-01-15] (Anchorfree Inc.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-05-11] ()
S3 ALSysIO; \??\C:\Users\GAMING~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\CF\catchme.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-11 15:31 - 2014-05-11 15:31 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-05-11 15:27 - 2014-05-11 15:27 - 01316991 _____ () C:\Users\Gaming pc\Downloads\adwcleaner.exe
2014-05-11 15:22 - 2014-05-11 15:22 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\VirtualStore
2014-05-11 14:49 - 2014-05-11 14:49 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-11 14:48 - 2014-05-11 14:49 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Gaming pc\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-11 10:38 - 2014-05-11 10:39 - 00426188 _____ () C:\Users\Gaming pc\Downloads\OptiFine_1.6.4_HD_D1.jar
2014-05-11 10:31 - 2014-05-11 10:31 - 00038343 _____ () C:\ComboFix.txt
2014-05-11 10:19 - 2014-05-11 10:31 - 00000000 ____D () C:\Qoobox
2014-05-11 10:19 - 2014-05-11 10:30 - 00000000 ____D () C:\Windows\erdnt
2014-05-11 10:19 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-11 10:19 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-11 10:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-11 10:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-11 10:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-11 10:19 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-11 10:19 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-11 10:19 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-11 10:17 - 2014-05-11 10:17 - 05200347 ____R (Swearware) C:\Users\Gaming pc\Desktop\CF.exe
2014-05-10 18:02 - 2014-05-11 10:35 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Apps\2.0
2014-05-10 17:53 - 2014-05-10 17:54 - 00276424 _____ () C:\Windows\Minidump\051014-23431-01.dmp
2014-05-10 15:33 - 2014-05-10 15:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 14:27 - 2014-05-11 15:37 - 00014746 _____ () C:\Users\Gaming pc\Desktop\FRST.txt
2014-05-10 14:26 - 2014-05-11 15:37 - 02066432 _____ (Farbar) C:\Users\Gaming pc\Desktop\FRST64.exe
2014-05-10 14:26 - 2014-05-10 14:27 - 00048593 _____ () C:\Users\Gaming pc\Downloads\FRST.txt
2014-05-10 12:01 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Macromedia
2014-05-10 12:01 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Adobe
2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\ATI
2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Apple Computer
2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\MFAData
2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Avg2014
2014-05-10 11:54 - 2014-05-10 11:54 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Mozilla
2014-05-10 11:51 - 2014-05-10 11:51 - 00003374 _____ () C:\Windows\System32\Tasks\Install_SSD
2014-05-10 11:38 - 2014-05-11 15:37 - 00000000 ____D () C:\FRST
2014-05-10 11:32 - 2014-05-10 11:32 - 00000000 _____ () C:\Users\Gaming pc\defogger_reenable
2014-05-10 11:15 - 2014-05-10 11:15 - 06103040 _____ () C:\Program Files (x86)\GUTDF67.tmp
2014-05-10 11:15 - 2014-05-10 11:15 - 00000000 ____D () C:\Program Files (x86)\GUMDF08.tmp
2014-05-09 21:04 - 2014-05-09 21:04 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\TuneUp Software
2014-05-09 20:59 - 2014-05-10 11:17 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-09 20:43 - 2014-05-09 20:43 - 00858295 _____ () C:\Users\Gaming pc\Documents\pinfect.zip
2014-05-09 20:41 - 2014-05-09 20:42 - 19759335 _____ () C:\Windows\REGBK00.ZIP
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\VDLL.DLL
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\SysWOW64\runouce.exe
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\rundll16.exe
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\RUNDL132.EXE
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\logo1_.exe
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\logo_1.exe
2014-05-09 20:40 - 2014-05-09 20:40 - 00632064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2014-05-09 20:40 - 2014-05-09 20:40 - 00554240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp80.dll
2014-05-09 20:40 - 2014-05-09 20:40 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eEmpty.exe
2014-05-09 20:40 - 2014-05-09 20:40 - 00000028 _____ () C:\Windows\Lic.xxx
2014-05-09 20:40 - 2014-05-09 20:40 - 00000000 ____D () C:\ProgramData\MicroWorld
2014-05-09 20:40 - 2005-09-22 23:22 - 00000522 _____ () C:\Windows\SysWOW64\Microsoft.VC80.CRT.manifest
2014-05-09 20:30 - 2014-05-11 15:29 - 00000000 ____D () C:\AdwCleaner
2014-05-09 20:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-09 20:21 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-09 20:21 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-09 20:21 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 19:56 - 2014-05-09 19:56 - 00000000 ____D () C:\Users\Gaming pc\ChromeExtensions
2014-05-09 19:47 - 2014-05-09 19:47 - 00120832 _____ () C:\Windows\system32\cmlua64.exe
2014-05-09 19:41 - 2014-05-11 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-09 19:41 - 2014-05-11 14:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-09 19:37 - 2014-05-09 19:37 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-09 19:33 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Oracle
2014-05-09 17:58 - 2014-05-09 17:58 - 00082457 _____ () C:\Users\Gaming pc\Documents\log.xml
2014-05-09 16:20 - 2014-05-09 16:20 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2014-05-09 16:18 - 2014-05-09 16:18 - 00000000 _____ () C:\autoexec.bat
2014-05-09 16:17 - 2014-05-09 16:22 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-09 16:17 - 2014-05-09 16:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-09 16:11 - 2014-03-02 18:24 - 00000426 _____ () C:\AVScanner.ini
2014-05-09 16:09 - 2014-05-10 12:00 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-06 15:51 - 2014-05-06 15:54 - 00000302 _____ () C:\Users\Gaming pc\AppData\Roaming\BreakingPoint_Login.ini
2014-05-04 16:37 - 2014-05-11 10:27 - 00000000 ____D () C:\ProgramData\folder
2014-05-04 16:37 - 2014-05-04 16:37 - 00003222 _____ () C:\Windows\System32\Tasks\Windows Update Check - 0x140703D5
2014-05-04 14:08 - 2014-05-04 14:08 - 00000019 _____ () C:\Users\Gaming pc\Desktop\[76561198110998659].txt
2014-05-04 12:10 - 2014-05-06 16:03 - 00001256 _____ () C:\Users\Gaming pc\AppData\Roaming\BreakingPoint_Options.ini
2014-05-04 12:03 - 2014-05-04 12:03 - 00001034 _____ () C:\Users\Gaming pc\Desktop\Breaking Point.lnk
2014-05-04 12:02 - 2014-05-06 15:54 - 00000000 ____D () C:\Program Files (x86)\Breaking
2014-05-03 21:48 - 2014-05-03 21:48 - 00000000 ____D () C:\Users\Gaming pc\Documents\Navicat
2014-05-03 21:43 - 2014-05-03 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft
2014-05-03 21:43 - 2014-05-03 21:43 - 00000000 ____D () C:\Program Files\PremiumSoft
2014-05-03 21:43 - 2013-10-08 09:55 - 01988096 _____ () C:\Windows\system32\libmysql_e.dll
2014-05-03 21:41 - 2014-05-10 11:51 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\MySQL
2014-05-03 21:37 - 2014-05-09 20:19 - 00000000 ____D () C:\Program Files\MySQL
2014-05-03 21:37 - 2014-05-09 20:16 - 00000023 _____ () C:\Windows\ODBCINST.INI
2014-05-03 21:37 - 2014-05-09 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2014-05-03 21:36 - 2014-05-09 20:18 - 00000000 ____D () C:\Program Files (x86)\MySQL
2014-05-03 21:36 - 2014-05-03 21:37 - 00000000 ____D () C:\ProgramData\MySQL
2014-05-03 21:36 - 2014-05-03 21:36 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
2014-05-01 20:03 - 2014-05-01 20:03 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PBO Manager
2014-05-01 20:03 - 2014-05-01 20:03 - 00000000 ____D () C:\Program Files\PBO Manager v.1.4 beta
2014-04-30 19:49 - 2014-04-30 19:49 - 00001103 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\Program Files (x86)\OpenVPN
2014-04-30 19:14 - 2014-04-30 19:14 - 00001971 _____ () C:\Users\Public\Desktop\Overwolf.lnk
2014-04-30 19:14 - 2014-04-30 19:14 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2014-04-30 19:14 - 2014-04-30 19:14 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-04-30 19:13 - 2014-05-11 15:31 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Overwolf
2014-04-30 19:13 - 2014-04-30 19:13 - 00001222 _____ () C:\Users\Gaming pc\Desktop\TeamSpeak 3 Client.lnk
2014-04-30 19:13 - 2014-04-30 19:13 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\TeamSpeak 3 Client
2014-04-25 20:32 - 2014-04-25 20:32 - 00000201 _____ () C:\Users\Gaming pc\Desktop\arma3.url
2014-04-25 20:24 - 2014-04-25 20:24 - 00000222 _____ () C:\Users\Gaming pc\Desktop\Arma 3.url
2014-04-25 20:16 - 2014-05-11 10:25 - 00000000 __SHD () C:\Program Files (x86)\Windows Manager
2014-04-25 20:11 - 2014-04-25 20:16 - 00000000 ____D () C:\Program Files (x86)\Kepard
2014-04-25 19:51 - 2014-04-25 19:51 - 00003154 _____ () C:\Windows\System32\Tasks\{A8F5506E-8DE9-4484-9A04-FB634B47CB35}
2014-04-25 19:45 - 2014-05-09 16:12 - 00002300 _____ () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-04-24 20:56 - 2014-04-30 19:13 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-24 17:32 - 2014-05-09 15:44 - 00000000 ___RD () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 17:32 - 2014-04-24 17:32 - 00000000 ___RD () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 13:20 - 2014-04-24 13:20 - 06389248 _____ (Alderon Games) C:\Program Files (x86)\BreakingPoint.exe
2014-04-24 13:20 - 2014-04-24 13:20 - 03019880 _____ (BitTorrent, Inc.) C:\Program Files (x86)\BTSync.exe
2014-04-24 13:20 - 2014-04-24 13:20 - 01068544 _____ (Alderon Games) C:\Program Files (x86)\ApplyUpdate.exe
2014-04-22 14:58 - 2014-05-10 17:28 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Arma 3
2014-04-22 14:58 - 2014-04-22 17:31 - 00000000 ____D () C:\Users\Gaming pc\Documents\Arma 3
2014-04-22 14:58 - 2014-04-22 14:58 - 00000000 ____D () C:\ProgramData\Bohemia Interactive
2014-04-22 14:56 - 2014-04-22 19:26 - 00000772 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARMA 3.lnk
2014-04-18 18:56 - 2014-05-11 15:34 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-17 13:04 - 2009-09-27 09:39 - 00415744 ___SH (The Public) C:\Windows\SysWOW64\avisynth.dll
2014-04-17 13:04 - 2005-07-14 12:31 - 00032256 ___SH () C:\Windows\SysWOW64\AVSredirect.dll
2014-04-17 13:04 - 2004-02-22 10:11 - 00764416 ___SH (Abysmal Software) C:\Windows\SysWOW64\devil.dll
2014-04-17 13:04 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\yv12vfw.dll
2014-04-17 13:04 - 2004-01-25 00:00 - 00070656 ___SH (www.helixcommunity.org) C:\Windows\SysWOW64\i420vfw.dll
2014-04-17 13:00 - 2014-04-22 15:49 - 00000000 ____D () C:\Program Files (x86)\eRightSoft
2014-04-17 13:00 - 2014-04-17 13:00 - 00000000 ____D () C:\Users\Gaming pc\Documents\eRightSoft
2014-04-17 13:00 - 2004-10-10 09:50 - 00278528 _____ (Real Networks, Inc) C:\Windows\SysWOW64\pncrt.dll
2014-04-17 13:00 - 2004-07-02 16:33 - 00327749 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drvc.dll
2014-04-15 08:49 - 2014-04-15 08:49 - 00002990 _____ () C:\Windows\System32\Tasks\{EE1C554C-CCFC-452D-AAE2-71472538B64D}
2014-04-15 08:49 - 2014-04-15 08:49 - 00002990 _____ () C:\Windows\System32\Tasks\{E40D7364-927A-4F7B-B1A6-261C7E340CB4}
2014-04-13 12:29 - 2014-05-11 15:31 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-04-13 12:19 - 2014-04-13 12:22 - 00000000 ____D () C:\Users\Gaming pc\AppData\libraries
2014-04-13 12:17 - 2014-04-13 12:23 - 00000000 ____D () C:\Users\Gaming pc\AppData\assets
2014-04-13 12:17 - 2014-04-13 12:17 - 00000000 ____D () C:\Users\Gaming pc\AppData\versions
2014-04-13 12:15 - 2014-04-13 12:23 - 00000000 ____D () C:\Users\Gaming pc\AppData\Monster
2014-04-13 12:12 - 2014-04-13 12:25 - 00000000 ____D () C:\Users\Gaming pc\AppData\authlib
2014-04-13 12:12 - 2014-04-13 12:12 - 00000000 _____ () C:\Users\Gaming pc\AppData\FTBOSSent1.3.8.txt
2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

==================== One Month Modified Files and Folders =======

2014-05-11 15:37 - 2014-05-10 14:27 - 00014746 _____ () C:\Users\Gaming pc\Desktop\FRST.txt
2014-05-11 15:37 - 2014-05-10 14:26 - 02066432 _____ (Farbar) C:\Users\Gaming pc\Desktop\FRST64.exe
2014-05-11 15:37 - 2014-05-10 11:38 - 00000000 ____D () C:\FRST
2014-05-11 15:34 - 2014-04-18 18:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-11 15:34 - 2013-09-10 14:59 - 02007578 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 15:31 - 2014-05-11 15:31 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-05-11 15:31 - 2014-04-30 19:13 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Overwolf
2014-05-11 15:31 - 2014-04-13 12:29 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-05-11 15:30 - 2013-10-15 12:25 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-11 15:30 - 2010-11-21 05:47 - 00875998 _____ () C:\Windows\PFRO.log
2014-05-11 15:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-11 15:30 - 2009-07-14 06:51 - 00128692 _____ () C:\Windows\setupact.log
2014-05-11 15:29 - 2014-05-09 20:30 - 00000000 ____D () C:\AdwCleaner
2014-05-11 15:29 - 2009-07-14 06:45 - 00026496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-11 15:29 - 2009-07-14 06:45 - 00026496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-11 15:27 - 2014-05-11 15:27 - 01316991 _____ () C:\Users\Gaming pc\Downloads\adwcleaner.exe
2014-05-11 15:25 - 2013-12-27 12:12 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000UA.job
2014-05-11 15:22 - 2014-05-11 15:22 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\VirtualStore
2014-05-11 15:22 - 2014-02-06 21:59 - 00000000 ____D () C:\Users\Gaming pc\Desktop\Games
2014-05-11 15:22 - 2013-11-17 13:33 - 00003036 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2014-05-11 15:22 - 2013-10-15 12:25 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-11 15:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\TAPI
2014-05-11 15:07 - 2013-11-07 18:18 - 00003234 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-05-11 14:49 - 2014-05-11 14:49 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-11 14:49 - 2014-05-11 14:48 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Gaming pc\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-11 14:49 - 2014-05-09 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-11 14:49 - 2014-05-09 19:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-11 14:48 - 2014-01-27 18:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-11 10:39 - 2014-05-11 10:38 - 00426188 _____ () C:\Users\Gaming pc\Downloads\OptiFine_1.6.4_HD_D1.jar
2014-05-11 10:35 - 2014-05-10 18:02 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Apps\2.0
2014-05-11 10:31 - 2014-05-11 10:31 - 00038343 _____ () C:\ComboFix.txt
2014-05-11 10:31 - 2014-05-11 10:19 - 00000000 ____D () C:\Qoobox
2014-05-11 10:31 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-11 10:30 - 2014-05-11 10:19 - 00000000 ____D () C:\Windows\erdnt
2014-05-11 10:30 - 2014-01-27 18:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-11 10:30 - 2013-09-16 18:03 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\CrashDumps
2014-05-11 10:27 - 2014-05-04 16:37 - 00000000 ____D () C:\ProgramData\folder
2014-05-11 10:27 - 2014-01-27 18:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-11 10:27 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-11 10:25 - 2014-04-25 20:16 - 00000000 __SHD () C:\Program Files (x86)\Windows Manager
2014-05-11 10:17 - 2014-05-11 10:17 - 05200347 ____R (Swearware) C:\Users\Gaming pc\Desktop\CF.exe
2014-05-11 10:16 - 2013-11-01 19:54 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\ftblauncher
2014-05-10 17:54 - 2014-05-10 17:53 - 00276424 _____ () C:\Windows\Minidump\051014-23431-01.dmp
2014-05-10 17:53 - 2013-10-06 17:41 - 00000000 ____D () C:\Windows\Minidump
2014-05-10 17:53 - 2013-09-11 11:47 - 798058563 _____ () C:\Windows\MEMORY.DMP
2014-05-10 17:28 - 2014-04-22 14:58 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Arma 3
2014-05-10 17:28 - 2014-02-19 15:38 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-10 16:25 - 2013-12-27 12:12 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000Core.job
2014-05-10 16:20 - 2013-12-27 12:12 - 00004118 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000UA
2014-05-10 16:20 - 2013-12-27 12:12 - 00003722 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000Core
2014-05-10 15:33 - 2014-05-10 15:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 14:27 - 2014-05-10 14:26 - 00048593 _____ () C:\Users\Gaming pc\Downloads\FRST.txt
2014-05-10 12:01 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Macromedia
2014-05-10 12:01 - 2014-05-10 12:01 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Adobe
2014-05-10 12:01 - 2014-05-09 19:33 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Oracle
2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\ATI
2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Apple Computer
2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\MFAData
2014-05-10 12:00 - 2014-05-10 12:00 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Avg2014
2014-05-10 12:00 - 2014-05-09 16:09 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-10 11:54 - 2014-05-10 11:54 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Mozilla
2014-05-10 11:51 - 2014-05-10 11:51 - 00003374 _____ () C:\Windows\System32\Tasks\Install_SSD
2014-05-10 11:51 - 2014-05-03 21:41 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\MySQL
2014-05-10 11:47 - 2013-11-13 06:13 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-10 11:32 - 2014-05-10 11:32 - 00000000 _____ () C:\Users\Gaming pc\defogger_reenable
2014-05-10 11:32 - 2013-09-10 15:35 - 00000000 ____D () C:\Users\Gaming pc
2014-05-10 11:23 - 2013-11-13 06:14 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-05-10 11:17 - 2014-05-09 20:59 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-10 11:17 - 2013-10-15 12:25 - 00004112 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 11:17 - 2013-10-15 12:25 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-10 11:15 - 2014-05-10 11:15 - 06103040 _____ () C:\Program Files (x86)\GUTDF67.tmp
2014-05-10 11:15 - 2014-05-10 11:15 - 00000000 ____D () C:\Program Files (x86)\GUMDF08.tmp
2014-05-10 11:15 - 2014-03-07 20:39 - 00000000 ____D () C:\Users\DefaultAppPool
2014-05-09 21:04 - 2014-05-09 21:04 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\TuneUp Software
2014-05-09 20:43 - 2014-05-09 20:43 - 00858295 _____ () C:\Users\Gaming pc\Documents\pinfect.zip
2014-05-09 20:42 - 2014-05-09 20:41 - 19759335 _____ () C:\Windows\REGBK00.ZIP
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\VDLL.DLL
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\SysWOW64\runouce.exe
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\rundll16.exe
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\RUNDL132.EXE
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\logo1_.exe
2014-05-09 20:41 - 2014-05-09 20:41 - 00000000 ____D () C:\Windows\logo_1.exe
2014-05-09 20:40 - 2014-05-09 20:40 - 00632064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2014-05-09 20:40 - 2014-05-09 20:40 - 00554240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp80.dll
2014-05-09 20:40 - 2014-05-09 20:40 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eEmpty.exe
2014-05-09 20:40 - 2014-05-09 20:40 - 00000028 _____ () C:\Windows\Lic.xxx
2014-05-09 20:40 - 2014-05-09 20:40 - 00000000 ____D () C:\ProgramData\MicroWorld
2014-05-09 20:19 - 2014-05-03 21:37 - 00000000 ____D () C:\Program Files\MySQL
2014-05-09 20:18 - 2014-05-03 21:36 - 00000000 ____D () C:\Program Files (x86)\MySQL
2014-05-09 20:16 - 2014-05-03 21:37 - 00000023 _____ () C:\Windows\ODBCINST.INI
2014-05-09 20:16 - 2014-05-03 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2014-05-09 19:56 - 2014-05-09 19:56 - 00000000 ____D () C:\Users\Gaming pc\ChromeExtensions
2014-05-09 19:54 - 2013-09-11 00:52 - 02396496 _____ () C:\Windows\system32\perfh007.dat
2014-05-09 19:54 - 2013-09-11 00:52 - 00680496 _____ () C:\Windows\system32\perfc007.dat
2014-05-09 19:54 - 2009-07-14 07:13 - 00612130 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-09 19:47 - 2014-05-09 19:47 - 00120832 _____ () C:\Windows\system32\cmlua64.exe
2014-05-09 19:37 - 2014-05-09 19:37 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-09 19:20 - 2014-03-07 20:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 17:58 - 2014-05-09 17:58 - 00082457 _____ () C:\Users\Gaming pc\Documents\log.xml
2014-05-09 16:22 - 2014-05-09 16:17 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-09 16:20 - 2014-05-09 16:20 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2014-05-09 16:18 - 2014-05-09 16:18 - 00000000 _____ () C:\autoexec.bat
2014-05-09 16:17 - 2014-05-09 16:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-09 16:12 - 2014-04-25 19:45 - 00002300 _____ () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-05-09 16:12 - 2014-03-03 11:28 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-09 16:12 - 2014-01-27 18:21 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-09 16:12 - 2014-01-27 18:21 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-09 15:54 - 2014-01-27 18:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-09 15:54 - 2013-09-17 15:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-09 15:54 - 2013-09-17 15:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-09 15:44 - 2014-04-24 17:32 - 00000000 ___RD () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 16:03 - 2014-05-04 12:10 - 00001256 _____ () C:\Users\Gaming pc\AppData\Roaming\BreakingPoint_Options.ini
2014-05-06 15:54 - 2014-05-06 15:51 - 00000302 _____ () C:\Users\Gaming pc\AppData\Roaming\BreakingPoint_Login.ini
2014-05-06 15:54 - 2014-05-04 12:02 - 00000000 ____D () C:\Program Files (x86)\Breaking
2014-05-04 16:37 - 2014-05-04 16:37 - 00003222 _____ () C:\Windows\System32\Tasks\Windows Update Check - 0x140703D5
2014-05-04 16:21 - 2013-11-13 16:52 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-05-04 14:08 - 2014-05-04 14:08 - 00000019 _____ () C:\Users\Gaming pc\Desktop\[76561198110998659].txt
2014-05-04 12:03 - 2014-05-04 12:03 - 00001034 _____ () C:\Users\Gaming pc\Desktop\Breaking Point.lnk
2014-05-04 11:13 - 2013-12-27 13:39 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\Microsoft Games
2014-05-04 11:08 - 2013-09-10 15:52 - 00068600 _____ () C:\Users\Gaming pc\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-04 11:07 - 2009-07-14 06:45 - 00309392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-04 10:12 - 2013-09-10 15:48 - 00603450 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-03 21:48 - 2014-05-03 21:48 - 00000000 ____D () C:\Users\Gaming pc\Documents\Navicat
2014-05-03 21:43 - 2014-05-03 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft
2014-05-03 21:43 - 2014-05-03 21:43 - 00000000 ____D () C:\Program Files\PremiumSoft
2014-05-03 21:37 - 2014-05-03 21:36 - 00000000 ____D () C:\ProgramData\MySQL
2014-05-03 21:36 - 2014-05-03 21:36 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
2014-05-03 20:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-01 20:03 - 2014-05-01 20:03 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PBO Manager
2014-05-01 20:03 - 2014-05-01 20:03 - 00000000 ____D () C:\Program Files\PBO Manager v.1.4 beta
2014-05-01 17:09 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-30 19:49 - 2014-04-30 19:49 - 00001103 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-04-30 19:49 - 2014-04-30 19:49 - 00000000 ____D () C:\Program Files (x86)\OpenVPN
2014-04-30 19:14 - 2014-04-30 19:14 - 00001971 _____ () C:\Users\Public\Desktop\Overwolf.lnk
2014-04-30 19:14 - 2014-04-30 19:14 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2014-04-30 19:14 - 2014-04-30 19:14 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-04-30 19:13 - 2014-04-30 19:13 - 00001222 _____ () C:\Users\Gaming pc\Desktop\TeamSpeak 3 Client.lnk
2014-04-30 19:13 - 2014-04-30 19:13 - 00000000 ____D () C:\Users\Gaming pc\AppData\Local\TeamSpeak 3 Client
2014-04-30 19:13 - 2014-04-24 20:56 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-04-29 20:08 - 2013-10-15 12:34 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\Skype
2014-04-27 09:05 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-04-27 08:59 - 2013-11-22 16:52 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-04-27 08:55 - 2014-03-04 15:03 - 00000000 ____D () C:\ProgramData\e13531e87054441f
2014-04-26 17:50 - 2014-03-31 16:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-04-26 17:50 - 2013-09-10 16:08 - 00000000 ____D () C:\Program Files (x86)\EA GAMES
2014-04-25 20:32 - 2014-04-25 20:32 - 00000201 _____ () C:\Users\Gaming pc\Desktop\arma3.url
2014-04-25 20:24 - 2014-04-25 20:24 - 00000222 _____ () C:\Users\Gaming pc\Desktop\Arma 3.url
2014-04-25 20:16 - 2014-04-25 20:11 - 00000000 ____D () C:\Program Files (x86)\Kepard
2014-04-25 19:51 - 2014-04-25 19:51 - 00003154 _____ () C:\Windows\System32\Tasks\{A8F5506E-8DE9-4484-9A04-FB634B47CB35}
2014-04-25 12:59 - 2013-09-10 15:54 - 00000000 ____D () C:\Windows\System32\Tasks\Intel(R) Small Business Advantage
2014-04-25 11:36 - 2013-09-10 16:03 - 00430540 _____ () C:\Windows\DirectX.log
2014-04-24 17:32 - 2014-04-24 17:32 - 00000000 ___RD () C:\Users\Gaming pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-04-24 13:20 - 2014-04-24 13:20 - 06389248 _____ (Alderon Games) C:\Program Files (x86)\BreakingPoint.exe
2014-04-24 13:20 - 2014-04-24 13:20 - 03019880 _____ (BitTorrent, Inc.) C:\Program Files (x86)\BTSync.exe
2014-04-24 13:20 - 2014-04-24 13:20 - 01068544 _____ (Alderon Games) C:\Program Files (x86)\ApplyUpdate.exe
2014-04-23 21:02 - 2013-09-10 16:03 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\.minecraft
2014-04-22 19:26 - 2014-04-22 14:56 - 00000772 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARMA 3.lnk
2014-04-22 17:31 - 2014-04-22 14:58 - 00000000 ____D () C:\Users\Gaming pc\Documents\Arma 3
2014-04-22 15:49 - 2014-04-17 13:00 - 00000000 ____D () C:\Program Files (x86)\eRightSoft
2014-04-22 15:03 - 2014-03-08 14:00 - 00000000 ____D () C:\ProgramData\Steam
2014-04-22 14:58 - 2014-04-22 14:58 - 00000000 ____D () C:\ProgramData\Bohemia Interactive
2014-04-17 22:15 - 2013-10-20 09:18 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\vlc
2014-04-17 13:00 - 2014-04-17 13:00 - 00000000 ____D () C:\Users\Gaming pc\Documents\eRightSoft
2014-04-15 08:49 - 2014-04-15 08:49 - 00002990 _____ () C:\Windows\System32\Tasks\{EE1C554C-CCFC-452D-AAE2-71472538B64D}
2014-04-15 08:49 - 2014-04-15 08:49 - 00002990 _____ () C:\Windows\System32\Tasks\{E40D7364-927A-4F7B-B1A6-261C7E340CB4}
2014-04-13 16:18 - 2014-01-17 18:38 - 00000000 ____D () C:\Users\Gaming pc\Documents\My Games
2014-04-13 12:25 - 2014-04-13 12:12 - 00000000 ____D () C:\Users\Gaming pc\AppData\authlib
2014-04-13 12:23 - 2014-04-13 12:17 - 00000000 ____D () C:\Users\Gaming pc\AppData\assets
2014-04-13 12:23 - 2014-04-13 12:15 - 00000000 ____D () C:\Users\Gaming pc\AppData\Monster
2014-04-13 12:22 - 2014-04-13 12:19 - 00000000 ____D () C:\Users\Gaming pc\AppData\libraries
2014-04-13 12:17 - 2014-04-13 12:17 - 00000000 ____D () C:\Users\Gaming pc\AppData\versions
2014-04-13 12:12 - 2014-04-13 12:12 - 00000000 _____ () C:\Users\Gaming pc\AppData\FTBOSSent1.3.8.txt
2014-04-13 12:10 - 2013-10-31 15:52 - 00000000 ____D () C:\Users\Gaming pc\AppData\Roaming\.technic
2014-04-11 17:41 - 2013-09-16 15:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-11 17:40 - 2014-04-11 17:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-11 17:40 - 2013-09-16 15:19 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Gaming pc\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 21:32

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---


Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014
Ran by Gaming pc at 2014-05-11 15:37:52
Running from C:\Users\Gaming pc\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.12 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
AutoCAD 2014 - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
Blender (HKLM\...\Blender) (Version: 2.68a - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel(R) Smart Connect Technology 4.0 x64 (HKLM\...\{B0CA78DB-745A-4857-A73F-9ACD95E62BD0}) (Version: 4.0.41.2072 - Intel)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
MySQL Examples and Samples 5.6 (HKLM-x32\...\{44D03537-3061-490B-BF0C-DACA4DEE8797}) (Version: 5.6.14 - Oracle Corporation)
MySQL Installer (HKLM-x32\...\{88359D24-F64F-477E-B080-50FB024BA6F7}) (Version: 1.3.3.0 - Oracle Corporation)
MySQL Notifier 1.1.4 (HKLM-x32\...\{D7C3E617-EB02-47B3-8D0E-BF3E00D873D5}) (Version: 1.1.4 - Oracle)
MySQL Server 5.6 (HKLM\...\{23EEC459-9E65-4DCE-83B8-A1FDB44B9337}) (Version: 5.6.14 - Oracle Corporation)
MySQL Utilities (HKLM-x32\...\{6A494EFD-CFC6-4534-9E14-26D3F7D888DE}) (Version: 1.3.4 - Oracle)
MySQL Workbench 6.0 CE (HKLM-x32\...\{0B724473-51F5-49E8-958C-4BB3C0AAAF35}) (Version: 6.0.7 - Oracle Corporation)
OpenVPN 2.3.3-I002  (HKLM-x32\...\OpenVPN) (Version: 2.3.3-I002 - )
Overwolf (HKLM-x32\...\{FB83467F-D8EB-43E6-8B3D-860B045C1C52}) (Version: 0.51.325 - Overwolf)
PBO Manager v.1.4 beta (HKLM\...\{127B5371-1802-4EDD-A25A-A43BF761D383}) (Version: 1.4.0 -  )
PlanetSide 2 (HKCU\...\SOE-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
PremiumSoft Navicat 11.0 for MySQL (HKLM\...\PremiumSoft Navicat for MySQL_is1) (Version: 11.0.17 - PremiumSoft CyberTech Ltd.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Restore Points  =========================

09-05-2014 14:17:38 Installed SpyHunter
09-05-2014 14:22:37 Removed SpyHunter
09-05-2014 18:16:19 Removed MySQL Connector/ODBC 5.2 64bit (community edition)
09-05-2014 18:16:34 Removed MySQL Connector Net 6.7.4
09-05-2014 18:17:00 Removed Vegas Pro 12.0 (64-bit)
09-05-2014 18:18:50 Removed MySQL Documents 5.6
09-05-2014 18:19:50 Removed MySQL Connector C++ 1.1.3
09-05-2014 18:20:02 Removed MySQL Connector J
09-05-2014 18:50:59 RegClean Pro Fr, Mai 09, 14  20:50
09-05-2014 19:00:29 Installed AVG 2014
09-05-2014 19:01:18 Installed AVG 2014
09-05-2014 19:05:14 Removed AVG 2014
10-05-2014 09:16:12 Installed AVG 2014

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-11 10:27 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {05E22C15-AD8D-49A8-A9FB-24EB083CA143} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.)
Task: {0AFE4B3A-10B7-4F95-BE15-9B6890A1D772} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {28DDF4E9-308C-46B7-8956-CAB825140E55} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {35B64F17-8457-4CFB-93D3-E3F8C9A8CCE7} - System32\Tasks\{EE1C554C-CCFC-452D-AAE2-71472538B64D} => C:\Users\Gaming pc\Desktop\Nexus_Mod_Manager-0.49.2.exe
Task: {471D57E0-CFD6-4BCD-81A5-DC48DC528523} - System32\Tasks\Intel(R) Small Business Advantage\Notifier => C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\SBA_Notifier.exe [2013-03-13] (Intel Corporation)
Task: {5B256E7B-0C95-4D69-AF93-FB157CA177C7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000UA => C:\Users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-27] (Google Inc.)
Task: {6569A672-7776-4A44-81AE-F0716AC7ED61} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled
Task: {6C6FECA8-BE1C-4AAA-BDFF-B33B46458425} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.)
Task: {6CE999AF-84EF-4E49-8616-DDC3743629BB} - System32\Tasks\Windows Update Check - 0x140703D5 => C:\ProgramData\folder\mtqadjqbe.exe
Task: {7443E756-0398-43D1-9D61-59DABBAEEFF1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {8B37E0A1-C5AB-49C8-9C87-FA7969075EAC} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2013-01-23] ()
Task: {983A234F-DDBC-4096-B734-E6FB0DC6278E} - \AmiUpdXp No Task File <==== ATTENTION
Task: {A28EF333-2B66-4651-B2B4-EBD24959D344} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks
Task: {A41202DF-47E8-4001-B08D-7A3F39007D30} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000Core => C:\Users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-27] (Google Inc.)
Task: {A54FCA05-0AC2-4FC6-8BF1-3503D65C5F18} - System32\Tasks\{E40D7364-927A-4F7B-B1A6-261C7E340CB4} => C:\Users\Gaming pc\Desktop\Nexus_Mod_Manager-0.49.2.exe
Task: {B9234F7A-4E44-4A40-B473-441AADF72EC2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-09] (Adobe Systems Incorporated)
Task: {BFEBC2D9-3AF3-4A23-8B4E-8C4FE8C0396D} - System32\Tasks\Install_SSD => C:\Users\Gaming
Task: {FCACAD34-56A9-4DEE-A5F7-8D491C3B81B9} - System32\Tasks\Registry Optimizer => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000Core.job => C:\Users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1761028741-3533212565-443726766-1000UA.job => C:\Users\Gaming pc\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-02-13 10:35 - 2013-02-13 10:35 - 00180200 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-02-13 10:35 - 2013-02-13 10:35 - 00060392 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-01-23 08:12 - 2013-01-23 08:12 - 00425016 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2013-09-10 10:04 - 2013-09-10 10:04 - 12915712 _____ () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-16 18:01 - 2013-01-16 18:01 - 00069632 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2013-01-16 18:00 - 2013-01-16 18:00 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2013-01-16 18:01 - 2013-01-16 18:01 - 00229376 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2013-01-16 18:00 - 2013-01-16 18:00 - 00143360 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2013-01-16 18:01 - 2013-01-16 18:01 - 00348160 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2011-04-30 21:04 - 2011-04-30 21:04 - 00013312 _____ () C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
2014-05-10 15:33 - 2014-05-10 15:33 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-10 15:52 - 2013-03-12 22:20 - 01199576 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: FlexNet Licensing Service 64 => 3

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/11/2014 03:34:01 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 2.0.23.0, Zeitstempel: 0x52f2947e
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x4dc
Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0
Pfad der fehlerhaften Anwendung: mbamscheduler.exe1
Pfad des fehlerhaften Moduls: mbamscheduler.exe2
Berichtskennung: mbamscheduler.exe3

Error: (05/11/2014 03:34:01 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 2.0.23.0, Zeitstempel: 0x52f2947e
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x1374
Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0
Pfad der fehlerhaften Anwendung: mbamscheduler.exe1
Pfad des fehlerhaften Moduls: mbamscheduler.exe2
Berichtskennung: mbamscheduler.exe3

Error: (05/11/2014 03:34:00 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7
Name des fehlerhaften Moduls: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7
Ausnahmecode: 0x40000015
Fehleroffset: 0x0007d28a
ID des fehlerhaften Prozesses: 0x1464
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3

Error: (05/11/2014 03:31:21 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7
Name des fehlerhaften Moduls: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7
Ausnahmecode: 0x40000015
Fehleroffset: 0x0007d28a
ID des fehlerhaften Prozesses: 0xa10
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3

Error: (05/11/2014 03:31:16 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2014 03:30:53 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 2.0.23.0, Zeitstempel: 0x52f2947e
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x7c0
Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0
Pfad der fehlerhaften Anwendung: mbamscheduler.exe1
Pfad des fehlerhaften Moduls: mbamscheduler.exe2
Berichtskennung: mbamscheduler.exe3

Error: (05/11/2014 03:24:01 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 2.0.23.0, Zeitstempel: 0x52f2947e
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xfa4
Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0
Pfad der fehlerhaften Anwendung: mbamscheduler.exe1
Pfad des fehlerhaften Moduls: mbamscheduler.exe2
Berichtskennung: mbamscheduler.exe3

Error: (05/11/2014 03:24:00 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 2.0.23.0, Zeitstempel: 0x52f2947e
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xaf4
Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0
Pfad der fehlerhaften Anwendung: mbamscheduler.exe1
Pfad des fehlerhaften Moduls: mbamscheduler.exe2
Berichtskennung: mbamscheduler.exe3

Error: (05/11/2014 03:23:59 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7
Name des fehlerhaften Moduls: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7
Ausnahmecode: 0x40000015
Fehleroffset: 0x0007d28a
ID des fehlerhaften Prozesses: 0x11d4
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3

Error: (05/11/2014 03:23:28 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7
Name des fehlerhaften Moduls: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7
Ausnahmecode: 0x40000015
Fehleroffset: 0x0007d28a
ID des fehlerhaften Prozesses: 0xa50
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3


System errors:
=============
Error: (05/11/2014 03:34:01 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/11/2014 03:34:01 PM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.

Error: (05/11/2014 03:34:01 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/11/2014 03:34:01 PM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.

Error: (05/11/2014 03:34:01 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (05/11/2014 03:31:54 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%-2147024891

Error: (05/11/2014 03:31:29 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/11/2014 03:31:08 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Util Surftastic" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (05/11/2014 03:30:59 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (05/11/2014 03:30:59 PM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.


Microsoft Office Sessions:
=========================
Error: (05/11/2014 03:34:01 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: mbamscheduler.exe2.0.23.052f2947eMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd4dc01cf6d1dab5977ceC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlle906ae8e-d910-11e3-912d-d43d7ebdbc00

Error: (05/11/2014 03:34:01 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: mbamscheduler.exe2.0.23.052f2947eMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd137401cf6d1dab45a1acC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlle8f45f0c-d910-11e3-912d-d43d7ebdbc00

Error: (05/11/2014 03:34:00 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: mbamservice.exe2.1.9.0530619b7mbamservice.exe2.1.9.0530619b7400000150007d28a146401cf6d1da75972ffC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exee8c38b08-d910-11e3-912d-d43d7ebdbc00

Error: (05/11/2014 03:31:21 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: mbamservice.exe2.1.9.0530619b7mbamservice.exe2.1.9.0530619b7400000150007d28aa1001cf6d1d3f0d24ceC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe89bf7e02-d910-11e3-912d-d43d7ebdbc00

Error: (05/11/2014 03:31:16 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/11/2014 03:30:53 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: mbamscheduler.exe2.0.23.052f2947eMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd7c001cf6d1d316384ecC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll7926ad2a-d910-11e3-912d-d43d7ebdbc00

Error: (05/11/2014 03:24:01 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: mbamscheduler.exe2.0.23.052f2947eMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdfa401cf6d1c458f7f67C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll833cb628-d90f-11e3-a0d0-d43d7ebdbc00

Error: (05/11/2014 03:24:00 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: mbamscheduler.exe2.0.23.052f2947eMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdaf401cf6d1c457d2fe6C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll832bed46-d90f-11e3-a0d0-d43d7ebdbc00

Error: (05/11/2014 03:23:59 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: mbamservice.exe2.1.9.0530619b7mbamservice.exe2.1.9.0530619b7400000150007d28a11d401cf6d1c416de8d6C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe821f5f2d-d90f-11e3-a0d0-d43d7ebdbc00

Error: (05/11/2014 03:23:28 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: mbamservice.exe2.1.9.0530619b7mbamservice.exe2.1.9.0530619b7400000150007d28aa5001cf6d1c26106672C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe6fc1377b-d90f-11e3-a0d0-d43d7ebdbc00


CodeIntegrity Errors:
===================================
  Date: 2014-05-11 10:25:53.003
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\CF\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-11 10:25:52.983
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\CF\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 8120.6 MB
Available physical RAM: 5953.61 MB
Total Pagefile: 16239.38 MB
Available Pagefile: 13544.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:503.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 88570D40)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Gruß Manuel

deeprybka 11.05.2014 14:48
Zitat:
Zitat von Manuel.E (Beitrag 1298552)
Hallo erstmal viellen Dank, dass Sie mir helfen.
Gruß Manuel
Gerne! Wir bleiben beim DU, OK? ;)

Weitere Anweisungen folgen.... :)

deeprybka 11.05.2014 16:11
So gehts weiter... ;)

Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Manuel.E 11.05.2014 18:00
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ab88f0d694b4204a85908fa1b48cbb6d
# engine=18219
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-11 04:55:57
# local_time=2014-05-11 06:55:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1413231 151457207 0 0
# scanned=164003
# found=3
# cleaned=0
# scan_time=3623
sh=1AE672D6821B7F7C17B2CCCE440A4CF9CCD5DF61 ft=1 fh=934c6409541a48b0 vn="Variante von Win32/Injector.BDCP Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\folder\mtqadjqbe.exe.vir"
sh=FEC7F50106423390FBF356F93D6398BD0D4301E6 ft=1 fh=ac8fa984cdaa6a95 vn="Win32/Adware.1ClickDownload.AJ Anwendung" ac=I fn="C:\Users\Gaming pc\AppData\Local\Google\Chrome\User Data\Default\File System\015\t\00\00000000"
sh=31A6BAB451D4A3E64B816CF69EE23214011473DF ft=0 fh=0000000000000000 vn="VBS/Runner.NBV Trojaner" ac=I fn="C:\Users\Gaming pc\kpo7vgeu6mu71\71463.vbs"

deeprybka 11.05.2014 19:30
OK, auf gehts in die letzte Runde... ;)

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=a11465-172&apn_uid=3361143290744442&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPCAF66BCF-5A15-45D9-AAD8-951C2A465CDD&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 APNMCP; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]
S2 Util Surftastic; "C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe" [X]
2014-05-09 16:17 - 2014-05-09 16:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
C:\Users\Gaming pc\kpo7vgeu6mu71
C:\Users\Gaming pc\AppData\Local\Google\Chrome\User Data\Default\File System\015\t\00\00000000
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Schritt 2

http://deeprybka.trojaner-board.de/b...ast/schild.png
Ich sehe in den Logfiles keine laufende Anti-Viren-Software. Was ist mit AVG 2014? Gibt es Probleme?
Du solltest es nach dem Fix von oben wieder in der Programmliste sehen und deinstallieren/reinstallieren können.

Ansonsten kann ich empfehlen:
Schritt 3

http://deeprybka.trojaner-board.de/b...clean/java.png Java bitte von hier neu herunterladen und anschließend Deine Version Java 7 Update 45 deinstallieren.

Grundsätzlich bei solchen Downloads (Flash etc.) die "optionalen Angebote" ablehnen... ;)

Schritt 4


http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:37 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131