Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Giveaway Winnerseveryweek.com los werden! (https://www.trojaner-board.de/158950-giveaway-winnerseveryweek-com-los.html)

LordKeksmann 21.09.2014 14:09
Giveaway Winnerseveryweek.com los werden!
 
Hi, ich bin neu hier und entschuldige mich schonmal, da ich mir sicher bin, das dieses Problem bereits irgendwo steht.
Mein Problem: Wenn ich in Firefox ( habe kein Chrome und nicht nachgeprüft ob es in Explorer ähnlich ist) eine Seite öffne oder auf einer Seite etwas anklicken, öffnet sich ein Tab mit dem Titel "Giveaway" und dem Link "Winnerseverywerk.com".
Ich habe bereits Malewarebytes, Avast und den AdwCleaner drüberlaufen lassen, ohne Erfolg.
Zusätzlich kann ich mich nicht mehr auf Web anmelden oder bei Chip die Suchfubktion nutzen.
Ich habe mir Photoshop C5 gedownloaded, die Testversion, da ich dachte, dass es dafür verantwortlich ist, habe ich es gleich mit CCleaner entfernt.
Ich hoffe ich habe nichts vergessen und das ihr mir helfen könnt!
Danke schonmal für die Hilfe^^

schrauber 21.09.2014 14:24
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


LordKeksmann 21.09.2014 15:17
FRST.txt
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Felix (administrator) on FELIX-PC on 21-09-2014 16:03:49
Running from C:\Users\Felix\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GIGABYTE\EasySaver\essvr.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Interesting Solutions) C:\ProgramData\ercKQlgoeR\MQqIExEFNHW.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
(Akamai Technologies, Inc.) C:\Users\Felix\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Felix\AppData\Local\Akamai\netsession_win.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================
Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by Felix at 2014-09-21 16:04:17
Running from C:\Users\Felix\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.20 - GIGABYTE)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.2 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.0.2 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Accelerated Video Transcoding (Version: 13.30.100.40223 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.923.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0223.2239.40626 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{A081D35B-0AF0-588A-D0D6-259D25C03E50}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2014.0223.2239.40626 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version:  - Ubisoft Montreal)
ATI AVIVO64 Codecs (Version: 11.6.0.50825 - ATI Technologies Inc.) Hidden
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Battlefield Play4Free (Felix) (HKCU\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version:  - EA Digital illusions)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version:  - )
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Dxtory version 2.0.122 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.122 - Dxtory Software)
Easy Tune 6 B13.0323.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B13.0323.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
EasySaver B9.1214.1  (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
er100LT (x32 Version: 1.00.102 - Logitech, Inc.) Hidden
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Free AVI Video Converter version 5.0.42.530 (HKLM-x32\...\Free AVI Video Converter_is1) (Version: 5.0.42.530 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hitman: Sniper Challenge (HKLM-x32\...\Steam App 205930) (Version:  - IO Interactive)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
InstaShare (HKLM-x32\...\InstaShare) (Version: 3.0.13 - Interesting Solutions)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Logitech GamePanel Software 2.00 (HKLM\...\{7598C430-8B00-4447-A710-0DDA0770370A}) (Version: 2.00.171 - Logitech)
Logitech SetPoint 5.00 (HKLM\...\{D3120436-1358-4253-9EB2-257FFE8CE1D9}) (Version: 5.00 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Need for Speed (HKLM-x32\...\Need for Speed High Stakes) (Version:  - )
Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version:  - )
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version:  - Cryptic Studios)
Nidhogg (HKLM-x32\...\Steam App 94400) (Version:  - Messhof)
Nitro Pro 9 (HKLM-x32\...\{c5237a45-d0a0-4c12-9269-f59919377de1}) (Version: 9.5.3.8 - Nitro)
Nitro Pro 9 (Version: 9.5.3.8 - Nitro) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - )
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4639 - Electronic Arts, Inc.)
Outlast (HKLM-x32\...\Steam App 238320) (Version:  - Red Barrels)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Red Faction (HKLM-x32\...\{47E6B460-04BA-4215-9F5D-3858BF920D07}) (Version:  - )
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.0 - Samsung)
ScopePatch (HKLM-x32\...\{3FE03663-FEE7-4D25-9E3E-52F97784F2A0}) (Version: 1.00.0000 - Logitech)
ScopeUserGuide (Version: 1.00.0000 - Ihr Firmenname) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Tom Clancy's Splinter Cell Blacklist (HKLM-x32\...\Steam App 235600) (Version:  - Ubisoft Toronto)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player 1.1.5 (HKLM-x32\...\VLC media player) (Version: 1.1.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version:  - Team17 Software Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3303595683-2564122614-857300725-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303595683-2564122614-857300725-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303595683-2564122614-857300725-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303595683-2564122614-857300725-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3303595683-2564122614-857300725-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-09-21 13:54 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CE00AB3-1416-43E6-8405-A0D2027C6116} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {24D2434C-9C01-4D63-B17E-8649D96DC049} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {288EB2CE-FCD6-4290-BE92-80BFC3C0C8C2} - System32\Tasks\{C12A715C-0275-4BD4-8FA4-47B3E56773BB} => C:\Program Files\CamStudio 2.7\Recorder.exe
Task: {4AB147D2-59FE-4E8D-9AB8-267E2319B479} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {4BC7600D-6843-4907-A038-466F3E77A654} - System32\Tasks\{85132092-8783-4EA8-8F9A-3E3D842DD4B3} => C:\Program Files\CamStudio 2.7\Recorder.exe
Task: {559DFCA5-8731-44F6-8323-8FB6B11D70FF} - System32\Tasks\{E56065CE-9FE4-4E8C-8D0C-E01B4D175C4A} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.113/en/abandoninstall?page=tsChrome&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {6D4B99FC-8967-4A76-AD98-33430326EDDA} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-07-04] (AVAST Software)
Task: {7ED759C2-7E8F-4222-BA7A-CF0E6A91B781} - System32\Tasks\{41EAB221-4CD4-4CAE-B804-C6B2EE72F5EA} => C:\Program Files\CamStudio 2.7\Recorder.exe
Task: {9C6158EE-63D1-4DA9-8447-99BE8CE236A5} - System32\Tasks\{6B863A8C-E1FE-46F5-8D01-757C7274657B} => C:\Program Files\CamStudio 2.7\Recorder.exe
Task: {A70D010E-7288-4B35-B074-564913428D5E} - System32\Tasks\{4F6B6C32-8734-4EDE-A88B-9A1BE263D040} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {A9EAFCE5-3E18-46CB-8253-C53E6E793C08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {B39B7235-B21D-4CCF-8800-850AEF69C3BA} - System32\Tasks\{C06CB696-7579-468D-9835-8C262D446F38} => C:\Program Files\CamStudio 2.7\Recorder.exe
Task: {E0EC2FDA-57E9-4441-9884-13009004F463} - System32\Tasks\{3A996A86-8229-4170-903E-A1C345FF6463} => C:\Program Files\CamStudio 2.7\Recorder.exe
Task: {F2B8F059-7E7B-46E3-91B1-26029FAE25AA} - System32\Tasks\AdobeAAMUpdater-1.0-Felix-PC-Felix => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-01 10:53 - 2009-08-24 14:38 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2014-08-01 15:03 - 2014-08-01 15:03 - 00418312 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2012-09-09 01:18 - 2014-05-10 00:46 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-01-21 19:53 - 2010-02-10 18:10 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-02-23 23:41 - 2014-02-23 23:41 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-07-04 18:04 - 2014-07-04 18:04 - 00301152 _____ () C:\Program Files\Alwil Software\Avast5\aswProperty.dll
2014-09-21 10:51 - 2014-09-21 10:51 - 02864640 _____ () C:\Program Files\Alwil Software\Avast5\defs\14092100\algo.dll
2014-02-12 21:58 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-01 10:53 - 2009-03-13 11:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2014-07-04 18:04 - 2014-07-04 18:04 - 19329904 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2014-09-21 12:07 - 2014-09-18 09:16 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-21 13:49 - 2014-09-21 13:49 - 01186160 _____ () C:\ProgramData\ercKQlgoeR\dat\UVOwlB.dll
2014-09-10 14:02 - 2014-09-10 14:02 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Felix\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_9E0E8FB6AB9E32E413BF1FD50A17F104 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: ICQ => "C:\Program Files (x86)\ICQ7.4\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: KPeerNexonEU => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: TrayServer => C:\Program Files (x86)\MAGIX\Video_deluxe_17_Download-Version\TrayServer.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/21/2014 01:55:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (09/21/2014 01:55:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (09/21/2014 01:55:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (09/21/2014 00:11:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (09/21/2014 00:11:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (09/21/2014 00:11:45 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (09/21/2014 11:38:13 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (09/21/2014 11:38:13 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (09/21/2014 11:38:13 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (09/21/2014 11:23:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FirefoxSetup.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b60

Startzeit: 01cfd57d899603e0

Endzeit: 3

Anwendungspfad: C:\Users\Felix\Downloads\FirefoxSetup.exe

Berichts-ID:


System errors:
=============
Error: (09/21/2014 01:49:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (09/21/2014 00:05:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (09/21/2014 11:57:05 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (09/21/2014 11:32:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error: (09/21/2014 10:51:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/21/2014 10:51:29 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (09/20/2014 08:05:15 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎20.‎09.‎2014 um 01:45:04 unerwartet heruntergefahren.

Error: (09/16/2014 08:52:05 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0xfffff88005cec83b, 0xfffff88007836368, 0xfffff88007835bc0)C:\Windows\MEMORY.DMP091614-19780-01

Error: (09/16/2014 08:52:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎16.‎09.‎2014 um 20:50:42 unerwartet heruntergefahren.

Error: (09/02/2014 08:14:29 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0xfffff88005ce583b, 0xfffff8800700d368, 0xfffff8800700cbc0)C:\Windows\MEMORY.DMP090214-13275-01


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Phenom(tm) II X6 1045T Processor
Percentage of memory in use: 51%
Total physical RAM: 4094.55 MB
Available physical RAM: 1983.3 MB
Total Pagefile: 8187.28 MB
Available Pagefile: 5923.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Root) (Fixed) (Total:111.39 GB) (Free:22.12 GB) NTFS
Drive d: (Games) (Fixed) (Total:97.66 GB) (Free:47.18 GB) NTFS
Drive e: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Entertainment) (Fixed) (Total:135.13 GB) (Free:16.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 76F600A4)
Partition 1: (Active) - (Size=400 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2E79128A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=135.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

Darf ich fragen was das Programm genau macht bzw was für Programme und Daten dort gescant wurden? :)

schrauber 22.09.2014 09:30
Naja, was gescannt wurde siehste ja im Log. Alle punkte wo sich gerne Malware versteckt und so :)


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

LordKeksmann 22.09.2014 15:58
Code:
ComboFix 14-09-22.01 - Felix 22.09.2014  16:06:39.1.6 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4095.2687 [GMT 2:00]
ausgeführt von:: c:\users\Felix\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\AlexaNSISPlugin.3412.dll
c:\windows\IsUn0407.exe
c:\windows\SysWow64\logs
c:\windows\SysWow64\logs\latest.log
D:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-08-22 bis 2014-09-22  ))))))))))))))))))))))))))))))
.
.
2014-09-22 14:13 . 2014-09-22 14:13        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-09-22 14:09 . 2014-09-22 14:09        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A11EACC-6E0C-4879-95A8-429FD7FE3A35}\offreg.dll
2014-09-21 14:03 . 2014-09-21 14:04        --------        d-----w-        C:\FRST
2014-09-21 10:11 . 2014-09-21 10:11        110080        ----a-r-        c:\users\Felix\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe
2014-09-21 10:11 . 2014-09-21 10:11        110080        ----a-r-        c:\users\Felix\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe
2014-09-21 10:11 . 2014-09-21 10:11        110080        ----a-r-        c:\users\Felix\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe
2014-09-21 10:11 . 2014-09-21 10:11        --------        d-----w-        C:\sh4ldr
2014-09-21 10:11 . 2014-09-21 10:11        --------        d-----w-        c:\program files\Enigma Software Group
2014-09-21 10:10 . 2014-09-21 10:11        --------        d-----w-        c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-21 09:54 . 2014-09-21 10:07        --------        d-----w-        c:\program files (x86)\Firefox
2014-09-21 09:22 . 2014-09-21 11:49        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2014-09-21 08:47 . 2010-08-30 06:34        536576        ----a-w-        c:\windows\SysWow64\sqlite3.dll
2014-09-21 08:46 . 2014-09-21 11:34        --------        d-----w-        C:\AdwCleaner
2014-09-21 07:36 . 2014-09-21 07:36        --------        d-----w-        c:\users\Felix\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-09-21 07:36 . 2014-09-21 07:36        --------        d-----w-        c:\users\Felix\AppData\Roaming\Adobe Mini Bridge CS5
2014-09-21 07:22 . 2014-09-21 07:35        --------        d-----w-        c:\programdata\regid.1986-12.com.adobe
2014-09-21 06:59 . 2014-09-21 16:34        --------        d-----w-        c:\users\Felix\AppData\Local\InstaShare
2014-09-21 06:59 . 2014-09-21 06:59        --------        d-----w-        c:\programdata\ercKQlgoeR
2014-09-21 06:59 . 2014-09-21 06:59        --------        d-----w-        c:\programdata\InstaShare
2014-09-19 21:47 . 2014-09-19 21:47        --------        d-----w-        c:\windows\Sun
2014-09-19 11:59 . 2014-09-09 02:05        11578928        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A11EACC-6E0C-4879-95A8-429FD7FE3A35}\mpengine.dll
2014-09-16 17:30 . 2014-09-16 17:30        --------        d-----w-        c:\users\Felix\AppData\Roaming\Nvu
2014-09-16 17:29 . 2014-09-21 11:45        --------        d-----w-        c:\program files (x86)\Common Files\Adobe
2014-09-11 21:52 . 2014-06-27 02:08        2777088        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2014-09-11 21:52 . 2014-06-27 01:45        2285056        ----a-w-        c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-11 20:31 . 2014-09-21 07:10        --------        d-----w-        c:\users\Felix\AppData\Roaming\Nitro PDF
2014-09-11 15:07 . 2014-08-01 11:53        1031168        ----a-w-        c:\windows\system32\TSWorkspace.dll
2014-09-11 15:07 . 2014-08-01 11:35        793600        ----a-w-        c:\windows\SysWow64\TSWorkspace.dll
2014-09-11 15:07 . 2014-06-24 03:29        2565120        ----a-w-        c:\windows\system32\d3d10warp.dll
2014-09-11 15:07 . 2014-06-24 02:59        1987584        ----a-w-        c:\windows\SysWow64\d3d10warp.dll
2014-09-11 15:07 . 2014-07-07 02:06        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-09-11 15:07 . 2014-07-07 02:06        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2014-09-11 15:07 . 2014-07-07 01:40        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-09-11 15:07 . 2014-07-07 01:40        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2014-09-11 15:07 . 2014-07-07 01:39        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2014-09-11 15:07 . 2014-09-05 02:10        578048        ----a-w-        c:\windows\system32\aepdu.dll
2014-09-11 15:07 . 2014-09-05 02:05        424448        ----a-w-        c:\windows\system32\aeinv.dll
2014-09-10 15:31 . 2014-09-10 15:31        --------        d-----w-        c:\users\Felix\AppData\Roaming\Nitro
2014-09-10 15:31 . 2014-08-01 13:02        17928        ----a-w-        c:\windows\system32\nitrolocalui9.dll
2014-09-10 15:31 . 2014-08-01 13:02        29704        ----a-w-        c:\windows\system32\nitrolocalmon9.dll
2014-09-10 15:31 . 2014-09-10 15:31        --------        d-----w-        c:\program files (x86)\Common Files\Nitro
2014-09-10 15:31 . 2014-09-10 15:31        --------        d-----w-        c:\program files (x86)\Nitro
2014-09-10 15:31 . 2014-09-10 15:31        --------        d-----w-        c:\programdata\Nitro
2014-09-10 15:31 . 2014-09-10 15:31        --------        d-----w-        c:\program files\Nitro
2014-09-10 15:31 . 2014-09-10 15:31        --------        d-----w-        c:\program files\Common Files\Nitro
2014-09-10 15:31 . 2014-09-10 15:31        --------        d-----w-        c:\users\Felix\AppData\Roaming\Downloaded Installations
2014-08-28 08:06 . 2014-08-23 02:07        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-28 08:06 . 2014-08-23 01:45        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
2014-08-28 08:06 . 2014-08-23 00:59        3163648        ----a-w-        c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-22 13:57 . 2013-04-01 08:49        25640        ----a-w-        c:\windows\gdrv.sys
2014-09-21 12:35 . 2014-05-21 18:10        122584        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-11 21:52 . 2011-01-16 21:35        101694776        ----a-w-        c:\windows\system32\MRT.exe
2014-09-11 10:32 . 2011-03-28 16:36        23256        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-10 12:02 . 2012-09-05 19:29        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-10 12:02 . 2011-06-11 08:48        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-25 04:53 . 2011-01-16 11:45        270496        ------w-        c:\windows\system32\MpSigStub.exe
2014-08-13 21:14 . 2014-08-13 21:14        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-01 13:03 . 2014-08-01 13:03        69640        ----a-w-        c:\windows\SysWow64\NLSSRV32.EXE
2014-07-31 15:40 . 2012-09-08 23:33        281688        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2014-07-31 15:40 . 2012-09-08 23:18        281688        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2014-07-25 00:35 . 2014-07-25 00:35        875688        ----a-w-        c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47        869544        ----a-w-        c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 03:23 . 2014-08-14 00:01        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-14 00:01        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-07-14 02:02 . 2014-08-13 23:58        1216000        ----a-w-        c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-13 23:58        664064        ----a-w-        c:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03 . 2014-08-14 00:01        7168        ----a-w-        c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-14 00:01        7168        ----a-w-        c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-14 00:01        7168        ----a-w-        c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-14 00:01        6656        ----a-w-        c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-14 00:01        7168        ----a-w-        c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-14 00:01        7168        ----a-w-        c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-14 00:01        6656        ----a-w-        c:\windows\SysWow64\KBDBASH.DLL
2014-07-04 16:04 . 2011-01-16 12:40        427360        ----a-w-        c:\windows\system32\drivers\aswsp.sys
2014-07-04 16:04 . 2013-12-25 00:17        92008        ----a-w-        c:\windows\system32\drivers\aswstm.sys
2014-07-04 16:04 . 2014-07-04 16:04        43152        ----a-w-        c:\windows\avastSS.scr
2014-07-04 16:04 . 2014-04-23 14:59        29208        ----a-w-        c:\windows\system32\drivers\aswHwid.sys
2014-07-04 16:04 . 2013-03-05 17:36        224896        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2014-07-04 16:04 . 2013-03-05 17:36        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2014-07-04 16:04 . 2012-04-29 09:53        93568        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2014-07-04 16:04 . 2011-05-14 18:40        1041168        ----a-w-        c:\windows\system32\drivers\aswsnx.sys
2014-07-04 16:04 . 2011-01-16 12:40        79184        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-07-04 16:04 . 2011-01-16 12:40        307344        ----a-w-        c:\windows\system32\aswBoot.exe
2014-06-30 22:24 . 2014-08-14 01:01        8856        ----a-w-        c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-14 01:01        8856        ----a-w-        c:\windows\SysWow64\icardres.dll
2014-06-25 02:05 . 2014-08-14 00:01        14175744        ----a-w-        c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-08-25 393216]
"Akamai NetSession Interface"="c:\users\Felix\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-07-31 4085896]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-02-23 767200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2007-8-30 809984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys;c:\program files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 MQqIExEFNHW;MQqIExEFNHW;c:\programdata\ercKQlgoeR\MQqIExEFNHW.exe;c:\programdata\ercKQlgoeR\MQqIExEFNHW.exe [x]
S2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;c:\program files\Nitro\Pro 9\NitroPDFDriverService9x64.exe;c:\program files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [x]
S2 NitroUpdateService;NitroUpdateService;c:\program files\Nitro\Pro 9\Nitro_UpdateService.exe;c:\program files\Nitro\Pro 9\Nitro_UpdateService.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 12:02]
.
2014-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08 00:05]
.
2014-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08 00:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-04 16:04        634872        ----a-w-        c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 3036944]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 2191632]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <-loopback>;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:55304;https=127.0.0.1:55304
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{9E4096A1-4D3D-4AA5-8483-801B74488D47}\4516277616D275C414E4: NameServer = 192.168.2.1
TCP: Interfaces\{9E4096A1-4D3D-4AA5-8483-801B74488D47}\65164696D6022556075616475627: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\0xq35cv6.default-1400692676604\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
Toolbar-Locked - (no file)
AddRemove-Need for Speed High Stakes - c:\windows\ISUN0407.EXE
AddRemove-{87686C21-8A15-4b4d-A3F1-11141D9BE094} - c:\program files (x86)\EA Games\Battlefield Play4Free\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3303595683-2564122614-857300725-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ba,c6,3b,3f,98,82,b7,8f,95,e0,d1,19,d9,03,a8,97,b2,88,fc,74,b0,ee,c6,
  bb,8b,15,31,5b,bd,c9,bb,66,be,39,cb,ad,b3,1d,64,10,0c,d9,af,f8,68,68,c3,0c,\
"??"=hex:43,9b,ca,ca,90,9c,52,d3,d8,de,76,e4,6f,fa,c0,6f
.
[HKEY_USERS\S-1-5-21-3303595683-2564122614-857300725-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:b9,51,63,47,cc,fd,86,26,a7,0f,64,5f,cb,f6,72,46,69,48,ab,8a,9f,
  c6,fc,39,23,fe,26,b5,e6,d3,45,82,bb,e5,d7,1b,fe,c6,44,eb,3b,71,7a,2a,fa,bd,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-09-22  16:14:55
ComboFix-quarantined-files.txt  2014-09-22 14:14
.
Vor Suchlauf: 15 Verzeichnis(se), 23.105.937.408 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 23.184.318.464 Bytes frei
.
- - End Of File - - FDD033009BE81B42DDE0DB4ADB98214F
B1F7D7F6E4FBE98E578562A22A94D02C

schrauber 23.09.2014 18:12
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

LordKeksmann 23.09.2014 19:37
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 23.09.2014
Suchlauf-Zeit: 20:04:05
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.23.08
Rootkit Datenbank: v2014.09.19.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Felix

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 361509
Verstrichene Zeit: 9 Min, 26 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.InstaShare.A, C:\ProgramData\ercKQlgoeR\MQqIExEFNHW.exe, 2404, , [a4e1f3fcb4c7f93db896ab1968999868]

Module: 1
PUP.Optional.InstaShare.A, C:\ProgramData\ercKQlgoeR\dat\eVaZIIP.dll, , [295cdd122457c76fdc1eab53e51f9b65],

Registrierungsschlüssel: 3
PUP.Optional.InstaShare.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MQqIExEFNHW, , [a4e1f3fcb4c7f93db896ab1968999868],
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, , [0c79ba354b3072c42a3e1d74719131cf],
PUP.Optional.InstaShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\InstaShare, , [daab7d72fa81f442c08e00c4b051728e],

Registrierungswerte: 1
PUP.Optional.AdLyrics.A, HKU\S-1-5-21-3303595683-2564122614-857300725-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|blyrics@be-lyrics.net, C:\Program Files (x86)\bLyrics\116.xpi, , [8afb58970972a78fdd8344340103fb05]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 1
PUP.Optional.InstaShare.A, C:\Users\Felix\AppData\Local\InstaShare, , [295cf1fe03780036fb897d891fe4fd03],

Dateien: 6
PUP.Optional.InstaShare.A, C:\ProgramData\ercKQlgoeR\MQqIExEFNHW.exe, , [a4e1f3fcb4c7f93db896ab1968999868],
PUP.Optional.InstaShare.A, C:\ProgramData\ercKQlgoeR\dat\eVaZIIP.dll, , [295cdd122457c76fdc1eab53e51f9b65],
PUP.Optional.InstaShare.A, C:\ProgramData\InstaShare\uninstall.exe, , [daab7d72fa81f442c08e00c4b051728e],
PUP.Optional.InstaShare.A, C:\ProgramData\ercKQlgoeR\dat\kLriqpdbFw.exe, , [93f2ab44ff7c39fd50feac180ef3d927],
PUP.Optional.InstaShare.A, C:\ProgramData\ercKQlgoeR\dat\sahlHZZ.exe, , [f98c30bfde9d4aeced61e5dfe71a649c],
PUP.Optional.InstaShare.A, C:\Users\Felix\AppData\Local\InstaShare\data2.dat, , [295cf1fe03780036fb897d891fe4fd03],

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
# AdwCleaner v3.310 - Bericht erstellt am 23/09/2014 um 20:20:29
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Felix - FELIX-PC
# Gestartet von : C:\Users\Felix\Desktop\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Browser

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.2 (x86 de)

[ Datei : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\0xq35cv6.default-1400692676604\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [25681 octets] - [21/09/2014 10:46:29]
AdwCleaner[R1].txt - [5150 octets] - [21/09/2014 12:03:33]
AdwCleaner[R2].txt - [1227 octets] - [21/09/2014 13:33:45]
AdwCleaner[R3].txt - [1328 octets] - [23/09/2014 20:19:20]
AdwCleaner[S0].txt - [23624 octets] - [21/09/2014 10:49:46]
AdwCleaner[S1].txt - [4777 octets] - [21/09/2014 12:04:53]
AdwCleaner[S2].txt - [1236 octets] - [23/09/2014 20:20:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1296 octets] ##########
Code:
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.0 (09.22.2014:1)
OS: Windows 7 Home Premium x64
Ran by Felix on 23.09.2014 at 20:24:02,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update webget
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util webget
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsMonkeyUpdater_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsMonkeyUpdater_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsPal_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsPal_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsMonkeyUpdater_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsMonkeyUpdater_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsPal_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsPal_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{486E707A-9C75-4D92-BD66-F6D15B75178B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D2602FFB-CAF0-4794-B770-315C9B719223}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Felix\appdata\local\{0365D0C3-9619-420D-8254-A67CF7F86F75}
Successfully deleted: [Empty Folder] C:\Users\Felix\appdata\local\{0BEB6E2F-DFFB-4CFE-856E-CDE273A75EB1}
Successfully deleted: [Empty Folder] C:\Users\Felix\appdata\local\{1240A47C-CDAA-461F-90A5-0E6583C9E6CD}
Successfully deleted: [Empty Folder] C:\Users\Felix\appdata\local\{15EB0E88-2C34-407F-8256-81D21E0A9F12}
Successfully deleted: [Empty Folder] C:\Users\Felix\appdata\local\{205115A6-7E6D-491B-8B7C-7B4C7190E925}
Successfully deleted: [Empty Folder] C:\Users\Felix\appdata\local\{3AB3C2AF-9540-4624-90BC-54E0443E2921}
Successfully deleted: [Empty Folder] C:\Users\Felix\appdata\local\{4037B1A2-B3B0-4B0F-B312-81F0645AD5E7}
Successfully deleted: [Empty Folder] C:\Users\Felix\appdata\local\{40E22D4E-7E89-4EB5-97AD-6ACE45686564}
Successfully deleted: [Empty Folder] C:\Users\Felix\appdata\local\{4843A562-5603-440B-BDB8-7949E96E0431}
Successfully deleted: [Empty Folder] C:\Users\Felix\appdata\local\{68850CC8-F2CF-49DA-AB76-BB72BB2F7312}
Successfully deleted: [Empty Folder] C:\Users\Felix\appdata\local\{9751A532-F60F-4B94-807D-EDBAA39FA955}
Successfully deleted: [Empty Folder] C:\Users\Felix\appdata\local\{9A3ACC98-D196-4ECD-A293-9CDA063A4F5A}
Successfully deleted: [Empty Folder] C:\Users\Felix\appdata\local\{B92914DB-F3FF-4FF4-B7B1-E2C6C459B6FA}
Successfully deleted: [Empty Folder] C:\Users\Felix\appdata\local\{B9FF17D6-CA90-4663-BF6B-8E9AFB51FBC8}
Successfully deleted: [Empty Folder] C:\Users\Felix\appdata\local\{C09AF8AE-4051-48BC-AD8B-102E37E83B16}
Successfully deleted: [Empty Folder] C:\Users\Felix\appdata\local\{D25A0A4A-5D2F-4DAD-A34E-8CF52E133405}
Successfully deleted: [Empty Folder] C:\Users\Felix\appdata\local\{DF93B398-6A7A-450E-B456-82944EB3D2A5}
Successfully deleted: [Empty Folder] C:\Users\Felix\appdata\local\{E356D358-C229-431D-A2F1-4AEB5223AF1E}
Successfully deleted: [Empty Folder] C:\Users\Felix\appdata\local\{F13B00D4-EE15-4D11-8892-768389AFA307}
Successfully deleted: [Empty Folder] C:\Users\Felix\appdata\local\{F94A7008-9E13-4E12-AA4B-43B0E71B68F6}



~~~ FireFox

Emptied folder: C:\Users\Felix\AppData\Roaming\mozilla\firefox\profiles\0xq35cv6.default-1400692676604\minidumps [8 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.09.2014 at 20:27:06,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-09-2014
Ran by Felix (administrator) on FELIX-PC on 23-09-2014 20:30:46
Running from C:\Users\Felix\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GIGABYTE\EasySaver\essvr.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
(Akamai Technologies, Inc.) C:\Users\Felix\AppData\Local\Akamai\netsession_win.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
(Akamai Technologies, Inc.) C:\Users\Felix\AppData\Local\Akamai\netsession_win.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [3036944 2007-07-18] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2191632 2007-07-18] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-02-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3303595683-2564122614-857300725-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-08-25] (AMD)
HKU\S-1-5-21-3303595683-2564122614-857300725-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Felix\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:55304;https=127.0.0.1:55304
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - 8D0AC6577A4F416B9778D359C9F9A8CB URL = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=81993083-06cf-469e-a758-c06d6bb4425b&searchtype=ds&q={searchTerms}&installDate=03/06/2013
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\0xq35cv6.default-1400692676604
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\0xq35cv6.default-1400692676604\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-07-29]
FF Extension: Adblock Plus - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\0xq35cv6.default-1400692676604\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-14]

Chrome:
=======
CHR HomePage: Default -> C452D265D4CA69F1E605DF7684612C3215341EAA4571004FF10C0B88570D234C
CHR DefaultSearchKeyword: Default -> 67CAA63DF8C05C54D9783D2DE4158AA3669739690C24F340EFE97D9A6D614167
CHR DefaultSearchURL: Default -> EE0643793A77402CED50C3CFC348C1EFD53D302AF50EEFF681D4760B1E4D80D0
CHR Profile: C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-08]
CHR Extension: (Google Drive) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (YouTube) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-08]
CHR Extension: (Google Search) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-08]
CHR Extension: (avast! Online Security) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-08]
CHR Extension: (Google Wallet) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (Gmail) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-02-23] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-08-01] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [418312 2014-08-01] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4330168 2011-05-11] (INCA Internet Co., Ltd.) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-10] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-05-29] ()
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-05-14] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-05-29] ()
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dump_wmimmc; \??\C:\Program Files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 20:30 - 2014-09-23 20:30 - 00000000 ____D () C:\Users\Felix\Downloads\FRST-OlderVersion
2014-09-23 20:27 - 2014-09-23 20:27 - 00004346 _____ () C:\Users\Felix\Desktop\JRT.txt
2014-09-23 20:23 - 2014-09-23 20:23 - 01024790 _____ (Thisisu) C:\Users\Felix\Desktop\JRT.exe
2014-09-23 20:23 - 2014-09-23 20:23 - 00000000 ____D () C:\Windows\ERUNT
2014-09-23 20:21 - 2014-09-23 20:21 - 00001376 _____ () C:\Users\Felix\Desktop\AdwCleaner[S2].txt
2014-09-23 20:18 - 2014-09-23 20:18 - 01373475 _____ () C:\Users\Felix\Desktop\AdwCleaner_3.310.exe
2014-09-23 20:14 - 2014-09-23 20:14 - 00002639 _____ () C:\Users\Felix\Desktop\mbam.txt
2014-09-23 20:03 - 2014-09-23 20:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 20:03 - 2014-09-23 20:03 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-23 20:03 - 2014-09-23 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 20:03 - 2014-09-23 20:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-23 20:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-23 20:03 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-23 20:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-23 20:01 - 2014-09-23 20:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Felix\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-09-22 16:14 - 2014-09-22 16:14 - 00022790 _____ () C:\ComboFix.txt
2014-09-22 16:03 - 2014-09-22 16:03 - 05579290 ____R (Swearware) C:\Users\Felix\Desktop\ComboFix.exe
2014-09-22 16:00 - 2014-09-22 16:14 - 00000000 ____D () C:\Qoobox
2014-09-22 16:00 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-22 16:00 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-22 16:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-22 16:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-22 16:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-22 16:00 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-22 16:00 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-22 16:00 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-22 15:59 - 2014-09-22 16:13 - 00000000 ____D () C:\Windows\erdnt
2014-09-22 15:57 - 2014-09-23 20:21 - 00003136 _____ () C:\Windows\PFRO.log
2014-09-21 16:04 - 2014-09-21 16:04 - 00040171 _____ () C:\Users\Felix\Downloads\Addition.txt
2014-09-21 16:03 - 2014-09-23 20:30 - 00017778 _____ () C:\Users\Felix\Downloads\FRST.txt
2014-09-21 16:03 - 2014-09-23 20:30 - 00000000 ____D () C:\FRST
2014-09-21 16:02 - 2014-09-23 20:30 - 02106368 _____ (Farbar) C:\Users\Felix\Downloads\FRST64.exe
2014-09-21 16:02 - 2014-09-23 20:21 - 00000448 _____ () C:\Windows\setupact.log
2014-09-21 16:02 - 2014-09-21 16:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-21 14:04 - 2014-09-21 14:04 - 00014040 _____ () C:\Users\Felix\Documents\cc_20140921_140423.reg
2014-09-21 12:11 - 2014-09-21 12:11 - 00002218 _____ () C:\Users\Felix\Desktop\SpyHunter.lnk
2014-09-21 12:11 - 2014-09-21 12:11 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-09-21 12:11 - 2014-09-21 12:11 - 00000000 ____D () C:\sh4ldr
2014-09-21 12:11 - 2014-09-21 12:11 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-21 12:11 - 2014-09-21 12:11 - 00000000 _____ () C:\autoexec.bat
2014-09-21 12:10 - 2014-09-21 12:11 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-21 12:09 - 2014-09-21 12:09 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Felix\Downloads\sh-remover.exe
2014-09-21 12:07 - 2014-09-21 12:07 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-21 12:07 - 2014-09-21 12:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-21 12:02 - 2014-09-21 12:02 - 00026108 _____ () C:\Users\Felix\Documents\cc_20140921_120241.reg
2014-09-21 11:59 - 2014-09-21 11:59 - 00027572 _____ () C:\Users\Felix\Documents\cc_20140921_115940.reg
2014-09-21 11:54 - 2014-09-21 12:07 - 00000000 ____D () C:\Program Files (x86)\Firefox
2014-09-21 11:51 - 2014-09-21 11:51 - 00244392 _____ () C:\Users\Felix\Downloads\Firefox Setup Stub 32.0.2 (2).exe
2014-09-21 11:48 - 2014-09-21 11:49 - 00000000 ____D () C:\Users\Felix\Desktop\DXtory
2014-09-21 11:44 - 2014-09-21 11:44 - 00244392 _____ () C:\Users\Felix\Downloads\Firefox Setup Stub 32.0.2 (1).exe
2014-09-21 11:41 - 2014-09-21 11:41 - 00712280 _____ () C:\Users\Felix\Downloads\FirefoxSetup (1).exe
2014-09-21 11:22 - 2014-09-21 13:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-21 11:22 - 2014-09-21 12:07 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-21 11:21 - 2014-09-21 11:21 - 00719520 _____ ( ) C:\Users\Felix\Downloads\FirefoxSetup.exe
2014-09-21 11:20 - 2014-09-21 11:20 - 00244392 _____ () C:\Users\Felix\Downloads\Firefox Setup Stub 32.0.2.exe
2014-09-21 10:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-21 10:46 - 2014-09-23 20:20 - 00000000 ____D () C:\AdwCleaner
2014-09-21 10:39 - 2014-09-21 10:39 - 00019940 _____ () C:\Users\Felix\Documents\cc_20140921_103859.reg
2014-09-21 09:36 - 2014-09-21 09:36 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-09-21 09:36 - 2014-09-21 09:36 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Adobe Mini Bridge CS5
2014-09-21 09:23 - 2014-09-21 09:23 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Felix-PC-Felix
2014-09-21 09:22 - 2014-09-21 09:35 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-09-21 08:59 - 2014-09-23 20:16 - 00000000 ____D () C:\ProgramData\ercKQlgoeR
2014-09-21 08:59 - 2014-09-23 20:14 - 00000000 ____D () C:\ProgramData\InstaShare
2014-09-21 08:59 - 2014-09-21 09:11 - 1498834686 _____ () C:\Users\Felix\Downloads\226591-658829-adobe-photoshop-cs5.zip
2014-09-19 23:47 - 2014-09-23 20:14 - 00000000 ____D () C:\Windows\Sun
2014-09-16 19:30 - 2014-09-16 19:30 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Nvu
2014-09-16 19:26 - 2014-09-16 19:26 - 00000000 ____D () C:\Users\Felix\Desktop\NVU
2014-09-11 23:55 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 23:55 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 23:55 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 23:55 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 23:55 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 23:55 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 23:55 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 23:55 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 23:55 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 23:55 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 23:55 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 23:55 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 23:55 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 23:55 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 23:55 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 23:55 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 23:55 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 23:55 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 23:55 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 23:55 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 23:55 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 23:55 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 23:55 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 23:55 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 23:55 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 23:55 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 23:55 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 23:55 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 23:55 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 23:55 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 23:55 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 23:55 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 23:55 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 23:55 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 23:55 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 23:55 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 23:55 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 23:55 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 23:55 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 23:55 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 23:55 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 23:55 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 23:55 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 23:55 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 23:55 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 23:55 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 23:55 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 23:55 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 23:55 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 23:55 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 23:55 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 23:55 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 23:55 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 23:55 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 23:55 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 23:55 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 23:52 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 23:52 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 22:31 - 2014-09-21 09:10 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Nitro PDF
2014-09-11 17:07 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 17:07 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 17:07 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 17:07 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 17:07 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 17:07 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 17:07 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 17:07 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 17:07 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 17:07 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 17:07 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 17:31 - 2014-09-10 17:31 - 00001896 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk
2014-09-10 17:31 - 2014-09-10 17:31 - 00001884 _____ () C:\Users\Public\Desktop\Nitro Pro 9.lnk
2014-09-10 17:31 - 2014-09-10 17:31 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Nitro
2014-09-10 17:31 - 2014-09-10 17:31 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Downloaded Installations
2014-09-10 17:31 - 2014-09-10 17:31 - 00000000 ____D () C:\ProgramData\Nitro
2014-09-10 17:31 - 2014-09-10 17:31 - 00000000 ____D () C:\Program Files\Nitro
2014-09-10 17:31 - 2014-09-10 17:31 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-09-10 17:31 - 2014-09-10 17:31 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-09-10 17:31 - 2014-08-01 15:02 - 00029704 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon9.dll
2014-09-10 17:31 - 2014-08-01 15:02 - 00017928 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui9.dll
2014-09-10 17:29 - 2014-09-10 17:29 - 01655704 _____ (Nitro) C:\Users\Felix\Downloads\nitro_pro9.exe
2014-08-28 10:06 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 10:06 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 10:06 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 20:30 - 2014-09-23 20:30 - 00000000 ____D () C:\Users\Felix\Downloads\FRST-OlderVersion
2014-09-23 20:30 - 2014-09-21 16:03 - 00017778 _____ () C:\Users\Felix\Downloads\FRST.txt
2014-09-23 20:30 - 2014-09-21 16:03 - 00000000 ____D () C:\FRST
2014-09-23 20:30 - 2014-09-21 16:02 - 02106368 _____ (Farbar) C:\Users\Felix\Downloads\FRST64.exe
2014-09-23 20:28 - 2009-07-14 19:58 - 08845184 _____ () C:\Windows\system32\perfh007.dat
2014-09-23 20:28 - 2009-07-14 19:58 - 02689408 _____ () C:\Windows\system32\perfc007.dat
2014-09-23 20:28 - 2009-07-14 07:13 - 00006456 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-23 20:28 - 2009-07-14 06:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 20:28 - 2009-07-14 06:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-23 20:27 - 2014-09-23 20:27 - 00004346 _____ () C:\Users\Felix\Desktop\JRT.txt
2014-09-23 20:23 - 2014-09-23 20:23 - 01024790 _____ (Thisisu) C:\Users\Felix\Desktop\JRT.exe
2014-09-23 20:23 - 2014-09-23 20:23 - 00000000 ____D () C:\Windows\ERUNT
2014-09-23 20:21 - 2014-09-23 20:21 - 00001376 _____ () C:\Users\Felix\Desktop\AdwCleaner[S2].txt
2014-09-23 20:21 - 2014-09-22 15:57 - 00003136 _____ () C:\Windows\PFRO.log
2014-09-23 20:21 - 2014-09-21 16:02 - 00000448 _____ () C:\Windows\setupact.log
2014-09-23 20:21 - 2013-12-08 02:05 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 20:21 - 2013-04-01 10:53 - 00000146 _____ () C:\service.log
2014-09-23 20:21 - 2013-04-01 10:49 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-09-23 20:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-23 20:20 - 2014-09-21 10:46 - 00000000 ____D () C:\AdwCleaner
2014-09-23 20:20 - 2014-01-07 20:39 - 01470889 _____ () C:\Windows\WindowsUpdate.log
2014-09-23 20:18 - 2014-09-23 20:18 - 01373475 _____ () C:\Users\Felix\Desktop\AdwCleaner_3.310.exe
2014-09-23 20:16 - 2014-09-21 08:59 - 00000000 ____D () C:\ProgramData\ercKQlgoeR
2014-09-23 20:16 - 2014-09-19 23:47 - 00000000 ____D () C:\Windows\Sun
2014-09-23 20:14 - 2014-09-23 20:14 - 00002639 _____ () C:\Users\Felix\Desktop\mbam.txt
2014-09-23 20:14 - 2014-09-21 08:59 - 00000000 ____D () C:\ProgramData\InstaShare
2014-09-23 20:03 - 2014-09-23 20:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 20:03 - 2014-09-23 20:03 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-23 20:03 - 2014-09-23 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 20:03 - 2014-09-23 20:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-23 20:02 - 2013-04-02 13:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-23 20:01 - 2014-09-23 20:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Felix\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-09-23 19:48 - 2013-12-08 02:05 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-23 18:27 - 2011-10-03 15:48 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-23 13:37 - 2012-08-26 13:04 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-23 13:36 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-22 16:14 - 2014-09-22 16:14 - 00022790 _____ () C:\ComboFix.txt
2014-09-22 16:14 - 2014-09-22 16:00 - 00000000 ____D () C:\Qoobox
2014-09-22 16:13 - 2014-09-22 15:59 - 00000000 ____D () C:\Windows\erdnt
2014-09-22 16:13 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-22 16:03 - 2014-09-22 16:03 - 05579290 ____R (Swearware) C:\Users\Felix\Desktop\ComboFix.exe
2014-09-22 15:57 - 2011-06-11 11:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-21 16:04 - 2014-09-21 16:04 - 00040171 _____ () C:\Users\Felix\Downloads\Addition.txt
2014-09-21 16:02 - 2014-09-21 16:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-21 14:04 - 2014-09-21 14:04 - 00014040 _____ () C:\Users\Felix\Documents\cc_20140921_140423.reg
2014-09-21 13:49 - 2014-09-21 11:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-21 13:45 - 2011-06-11 11:03 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-21 12:11 - 2014-09-21 12:11 - 00002218 _____ () C:\Users\Felix\Desktop\SpyHunter.lnk
2014-09-21 12:11 - 2014-09-21 12:11 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-09-21 12:11 - 2014-09-21 12:11 - 00000000 ____D () C:\sh4ldr
2014-09-21 12:11 - 2014-09-21 12:11 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-21 12:11 - 2014-09-21 12:11 - 00000000 _____ () C:\autoexec.bat
2014-09-21 12:11 - 2014-09-21 12:10 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-21 12:09 - 2014-09-21 12:09 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Felix\Downloads\sh-remover.exe
2014-09-21 12:07 - 2014-09-21 12:07 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-21 12:07 - 2014-09-21 12:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-21 12:07 - 2014-09-21 11:54 - 00000000 ____D () C:\Program Files (x86)\Firefox
2014-09-21 12:07 - 2014-09-21 11:22 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-21 12:02 - 2014-09-21 12:02 - 00026108 _____ () C:\Users\Felix\Documents\cc_20140921_120241.reg
2014-09-21 11:59 - 2014-09-21 11:59 - 00027572 _____ () C:\Users\Felix\Documents\cc_20140921_115940.reg
2014-09-21 11:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-21 11:51 - 2014-09-21 11:51 - 00244392 _____ () C:\Users\Felix\Downloads\Firefox Setup Stub 32.0.2 (2).exe
2014-09-21 11:49 - 2014-09-21 11:48 - 00000000 ____D () C:\Users\Felix\Desktop\DXtory
2014-09-21 11:44 - 2014-09-21 11:44 - 00244392 _____ () C:\Users\Felix\Downloads\Firefox Setup Stub 32.0.2 (1).exe
2014-09-21 11:43 - 2011-06-18 00:03 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-21 11:41 - 2014-09-21 11:41 - 00712280 _____ () C:\Users\Felix\Downloads\FirefoxSetup (1).exe
2014-09-21 11:32 - 2014-08-05 14:20 - 00000000 ____D () C:\Users\Felix\Desktop\Red Faction
2014-09-21 11:32 - 2009-07-14 04:34 - 00000580 _____ () C:\Windows\win.ini
2014-09-21 11:31 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-09-21 11:21 - 2014-09-21 11:21 - 00719520 _____ ( ) C:\Users\Felix\Downloads\FirefoxSetup.exe
2014-09-21 11:20 - 2014-09-21 11:20 - 00244392 _____ () C:\Users\Felix\Downloads\Firefox Setup Stub 32.0.2.exe
2014-09-21 10:51 - 2009-07-14 06:45 - 05050624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-21 10:49 - 2011-03-18 17:27 - 00000000 ____D () C:\ProgramData\ICQ
2014-09-21 10:39 - 2014-09-21 10:39 - 00019940 _____ () C:\Users\Felix\Documents\cc_20140921_103859.reg
2014-09-21 10:38 - 2011-01-24 13:42 - 00000000 ____D () C:\Windows\Minidump
2014-09-21 09:42 - 2011-01-16 20:53 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Adobe
2014-09-21 09:36 - 2014-09-21 09:36 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-09-21 09:36 - 2014-09-21 09:36 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Adobe Mini Bridge CS5
2014-09-21 09:35 - 2014-09-21 09:22 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-09-21 09:24 - 2011-06-11 10:58 - 00000000 ____D () C:\Users\Felix\AppData\Local\Adobe
2014-09-21 09:23 - 2014-09-21 09:23 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Felix-PC-Felix
2014-09-21 09:23 - 2011-01-17 19:02 - 00149320 _____ () C:\Users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-21 09:11 - 2014-09-21 08:59 - 1498834686 _____ () C:\Users\Felix\Downloads\226591-658829-adobe-photoshop-cs5.zip
2014-09-21 09:10 - 2014-09-11 22:31 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Nitro PDF
2014-09-21 08:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-09-20 00:32 - 2013-12-10 13:43 - 00000000 ____D () C:\ProgramData\Origin
2014-09-20 00:31 - 2011-01-17 16:39 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Skype
2014-09-16 19:30 - 2014-09-16 19:30 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Nvu
2014-09-16 19:26 - 2014-09-16 19:26 - 00000000 ____D () C:\Users\Felix\Desktop\NVU
2014-09-15 09:06 - 2011-01-16 13:45 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 15:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-12 20:33 - 2014-08-13 23:15 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\.minecraft
2014-09-11 23:58 - 2011-12-11 18:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 23:54 - 2013-07-28 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 23:52 - 2014-05-06 23:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 23:52 - 2011-01-16 23:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 17:31 - 2014-09-10 17:31 - 00001896 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk
2014-09-10 17:31 - 2014-09-10 17:31 - 00001884 _____ () C:\Users\Public\Desktop\Nitro Pro 9.lnk
2014-09-10 17:31 - 2014-09-10 17:31 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Nitro
2014-09-10 17:31 - 2014-09-10 17:31 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Downloaded Installations
2014-09-10 17:31 - 2014-09-10 17:31 - 00000000 ____D () C:\ProgramData\Nitro
2014-09-10 17:31 - 2014-09-10 17:31 - 00000000 ____D () C:\Program Files\Nitro
2014-09-10 17:31 - 2014-09-10 17:31 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-09-10 17:31 - 2014-09-10 17:31 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-09-10 17:31 - 2013-07-14 09:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-10 17:29 - 2014-09-10 17:29 - 01655704 _____ (Nitro) C:\Users\Felix\Downloads\nitro_pro9.exe
2014-09-10 14:02 - 2013-04-02 13:21 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 14:02 - 2012-09-05 21:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 14:02 - 2011-06-11 10:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-06 18:58 - 2012-12-16 13:47 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\NetSpeedMonitor
2014-09-05 04:10 - 2014-09-11 17:07 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-11 17:07 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 21:24 - 2014-08-14 00:42 - 00000000 ____D () C:\Users\Felix\Desktop\Minecraft-Server
2014-09-03 10:14 - 2014-08-14 00:39 - 00000185 _____ () C:\Users\Felix\Downloads\eula.txt

Some content of TEMP:
====================
C:\Users\Felix\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 14:40

==================== End Of Log ============================
--- --- ---

Alles in der Reihenfolge wie angefragt :)

schrauber 24.09.2014 11:19

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

LordKeksmann 26.09.2014 19:01
Tut mir leid, dass es mit der Antwort solange gedauert hat(vorallem weil ich ihnen schon genug Zeit gestohlen hab), ich hatte die letzten Tage viel mit der Schule am Hals...
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2688a411e18b164aac83b9762b68d58a
# engine=20316
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-26 03:03:33
# local_time=2014-09-26 05:03:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 879300 176164303 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 4742 163373663 0 0
# scanned=235024
# found=43
# cleaned=0
# scan_time=4054
sh=C887157C0193E8F13A4BAA4CCEE2FB4BA05CBB0A ft=1 fh=14d925a6106a41f1 vn="OSX/ChatZum.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\chatzum_nt.exe.vir"
sh=A899A5D40190546FB0C47751A6D73244581349E4 ft=1 fh=e4ed239df281d65d vn="Variante von Win32/BrowseFox.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\ClearThinkbho.dll.vir"
sh=762A7EDE4F0498B22A4C841E5CE3E8176053E003 ft=1 fh=287f83c7e9f0486a vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\ClearThinkUninstall.exe.vir"
sh=7DE4974F2A981A9C1D84D31A75D94FA5A282646F ft=1 fh=aa3befef43d079f6 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\updateClearThink.exe.vir"
sh=20E958325F2E09550386A2D9A02278C5BCFF5DCF ft=1 fh=35efccb967a7d0ae vn="Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\bin\c5e48979bd7f4cf79b73.dll.vir"
sh=BA7E7AE493A12FD88B67EDEDB406A26D6668D239 ft=1 fh=3b8f5b0948184ca0 vn="Variante von Win32/BrowseFox.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\bin\ClearThink.BrowserAdapter.exe.vir"
sh=AAFEF976CFD2EBA321E4D2C3E3020F1DC585EFEC ft=1 fh=f2ec64acb54e54ea vn="Win64/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\bin\ClearThink.BrowserAdapter64.exe.vir"
sh=1601BE51F3203B7A744274EEF49187A230A3D963 ft=1 fh=a2e974e028ef2317 vn="Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\bin\ClearThink.PurBrowse64.exe.vir"
sh=4E973FF34DFC8DA7D07F4DFDE36CA1021BE47543 ft=1 fh=5464065a9a67248c vn="Variante von MSIL/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\bin\ClearThinkBrowserFilter.exe.vir"
sh=7DE4974F2A981A9C1D84D31A75D94FA5A282646F ft=1 fh=aa3befef43d079f6 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\bin\utilClearThink.exe.vir"
sh=053FD2473C6817AD336E21B2C5FC913E65D4510D ft=1 fh=3a488f3fda7642df vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\bin\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}.dll.vir"
sh=65451AF4BE913813BBB6DB81F6D32B8B67241C53 ft=1 fh=fcfd6a88d7c7ba28 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.Bromon.dll.vir"
sh=F8218A87194C1FBC8B97CD4CC875C935DB1CECDC ft=1 fh=e2719dccfada2687 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.BroStats.dll.vir"
sh=5965FC311DF7A4200B74A8822CDD861EAE1650C2 ft=1 fh=155b9f85646b18a2 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.BrowserAdapter.dll.vir"
sh=FBE97C95BE88D49863126BD7E2EE4F97594BB04F ft=1 fh=34f45f42a79519cd vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.BrowserFilterG.dll.vir"
sh=3A5BCC5F3D15929354D44D2F557E7A351C948104 ft=1 fh=cb90561a63130227 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.CompatibilityChecker.dll.vir"
sh=92088E0E9D4722C0958353DF02274EBEC58FFC9C ft=1 fh=9b0eedadaaf3545a vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.FeSvc.dll.vir"
sh=5B8D10BA5BBA7CFE7EFC6D878E87FD7A324E9E99 ft=1 fh=14aae5b294ef12cd vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.FFUpdate.dll.vir"
sh=E42EE516C36DA5BA3E44202B6496C225C1A34C5A ft=1 fh=cf7fdab0bcd7c973 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.GCUpdate.dll.vir"
sh=901319EEB0484A95FACF181DC954D453B4829414 ft=1 fh=ea12ba18ec07b419 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.IEUpdate.dll.vir"
sh=6D04989902BF8C4EB7BBAC328F225E6646973C3F ft=1 fh=ed739f67ad0369b7 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ClearThink\bin\plugins\ClearThink.PurBrowseG.dll.vir"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=1184333220932659830F11F5A140BF2AA6CBDE52 ft=1 fh=dc993b2a02715d30 vn="Variante von Win32/Adware.RK.AM Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PremierOpinion\pmls.dll.vir"
sh=0EB9F64C8967D193F57C1E1713C67B6DF1A2F369 ft=1 fh=7a29425e463c99b3 vn="Variante von Win32/Adware.RK.AE Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PremierOpinion\pmropn.exe.vir"
sh=4CDBD1E1D162781A4EDAEC57C233FF5F6A7997C4 ft=1 fh=624acbd9dc3c3f32 vn="Variante von Win32/Adware.RK Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PremierOpinion\pmservice.exe.vir"
sh=C7C0F42A23562AA6DCCD60326FD8CC2AA41B5448 ft=1 fh=c053642cee9f3def vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=9DC13DB9C123270C2356ED410128E11D5ADF7C6E ft=1 fh=023ab782f0a9b07d vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=AC6D9EAEE290054A7795C4B0455BB168C0551D20 ft=1 fh=2e08452f5cb4be17 vn="Variante von MSIL/Adware.iBryte.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Felix\AppData\Roaming\LookThisUp\LookThisUp.exe.vir"
sh=EB2FBEEE5F2033A88D85AA35E7AAA285109E9D19 ft=1 fh=ffb0d8d0bdce1c18 vn="MSIL/Adware.iBryte.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Felix\AppData\Roaming\LookThisUp\LookThisUpUninstall.exe.vir"
sh=5FD643FC9FDBE1E1B69D9AABDE4A6D4D3A504598 ft=1 fh=a14d8b0ab0fd587c vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys.vir"
sh=8F8107A4878B131D200DB6C32631603461D3618D ft=1 fh=5d42b221c463aa58 vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys.vir"
sh=5AD966D056154284EF4EF29E699D89778716541B ft=1 fh=8b9313df11ef3cae vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Downloads\AdwCleaner - CHIP-Downloader.exe"
sh=DC1FE696A24E0072BA7221FCB0DAFEDB9B3560B4 ft=1 fh=5aa7e24d05d642d5 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Users\Felix\Downloads\ccsetup315.exe"
sh=C662A89E2318810A6012EF702A9C39F6E0AC3B36 ft=1 fh=e8789dd77b481b56 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Felix\Downloads\ccsetup411.exe"
sh=0C8691340307FAFD03EA4F6FDE5B700917D701C8 ft=1 fh=0e38a7c41d3aadb4 vn="Variante von Win32/InstallCore.NF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Downloads\FirefoxSetup.exe"
sh=3ACC3461CB1FBBD7545B3706CC20E2EED1FAD341 ft=1 fh=4d659ca5c0288e47 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Downloads\FRAPS - CHIP-Downloader.exe"
sh=C7FD9B8B2E3E9F4F401227D221DB6D6901F6F54C ft=1 fh=5ffc4ca494553d21 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Downloads\Free AVI Video Converter - CHIP-Installer.exe"
sh=660DBBCCB3CECB907102247E33A2763B885BC22F ft=1 fh=08d795d06aaee6ee vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Downloads\FreeYouTubeToMP3Converter.exe"
sh=C8F9D792FF070BEA732C13C61692E4FCC72F0F6D ft=1 fh=9596907356979eef vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Downloads\MSI Afterburner - CHIP-Downloader(1).exe"
sh=B05C5E325711FD41B52B5EDA373C26CA9AB863F3 ft=1 fh=c45d9ee666295f3d vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Downloads\MSI Afterburner - CHIP-Downloader.exe"
sh=7B3E490A0E4C796272E553C70F00C41C8122CB29 ft=1 fh=0cfe18edab0d375c vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Felix\Downloads\TeamSpeak 3 32 Bit - CHIP-Installer.exe"
sh=9B7AFC05F48AE3F56DBE1A2114F8FDF50067A187 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.C Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\xtxur9x8.default\extensions\plugin@getwebcake.com\content\overlay.js"
sh=9B7AFC05F48AE3F56DBE1A2114F8FDF50067A187 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.C Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\xtxur9x8.default\extensions\plugin@getwebcake.com\content\overlay.js"
Code:
Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67 
 Adobe Flash Player 15.0.0.152 
 Mozilla Firefox (32.0.3)
 Google Chrome 37.0.2062.124 
````````Process Check: objlist.exe by Laurent```````` 
 Alwil Software Avast5 AvastSvc.exe 
 Alwil Software Avast5 avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
Ran by Felix (administrator) on FELIX-PC on 26-09-2014 19:53:04
Running from C:\Users\Felix\Downloads
Loaded Profile: Felix (Available profiles: Felix)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GIGABYTE\EasySaver\essvr.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
(Akamai Technologies, Inc.) C:\Users\Felix\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Felix\AppData\Local\Akamai\netsession_win.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Felix\Desktop\SecurityCheck(1).exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [3036944 2007-07-18] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2191632 2007-07-18] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-02-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3303595683-2564122614-857300725-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-08-25] (AMD)
HKU\S-1-5-21-3303595683-2564122614-857300725-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Felix\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:55304;https=127.0.0.1:55304
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - 8D0AC6577A4F416B9778D359C9F9A8CB URL = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=81993083-06cf-469e-a758-c06d6bb4425b&searchtype=ds&q={searchTerms}&installDate=03/06/2013
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\0xq35cv6.default-1400692676604
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\0xq35cv6.default-1400692676604\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-07-29]
FF Extension: Adblock Plus - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\0xq35cv6.default-1400692676604\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-14]

Chrome:
=======
CHR HomePage: Default -> C452D265D4CA69F1E605DF7684612C3215341EAA4571004FF10C0B88570D234C
CHR DefaultSearchKeyword: Default -> 67CAA63DF8C05C54D9783D2DE4158AA3669739690C24F340EFE97D9A6D614167
CHR DefaultSearchURL: Default -> EE0643793A77402CED50C3CFC348C1EFD53D302AF50EEFF681D4760B1E4D80D0
CHR Profile: C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-08]
CHR Extension: (Google Drive) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (YouTube) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-08]
CHR Extension: (Google Search) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-08]
CHR Extension: (avast! Online Security) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-08]
CHR Extension: (Google Wallet) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (Gmail) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-02-23] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-08-01] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [418312 2014-08-01] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4330168 2011-05-11] (INCA Internet Co., Ltd.) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-10] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-05-29] ()
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-05-14] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-05-29] ()
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dump_wmimmc; \??\C:\Program Files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 15:48 - 2014-09-26 15:48 - 02347384 _____ (ESET) C:\Users\Felix\Desktop\esetsmartinstaller_deu(1).exe
2014-09-26 15:48 - 2014-09-26 15:48 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-26 15:45 - 2014-09-26 15:45 - 00854417 _____ () C:\Users\Felix\Desktop\SecurityCheck(1).exe
2014-09-26 15:43 - 2014-09-26 15:43 - 00854417 _____ () C:\Users\Felix\Desktop\SecurityCheck.exe
2014-09-26 14:07 - 2014-09-26 14:08 - 02347384 _____ (ESET) C:\Users\Felix\Desktop\esetsmartinstaller_deu.exe
2014-09-25 14:51 - 2014-09-25 14:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 09:46 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 09:46 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 20:30 - 2014-09-26 19:52 - 00000000 ____D () C:\Users\Felix\Downloads\FRST-OlderVersion
2014-09-23 20:27 - 2014-09-23 20:27 - 00004346 _____ () C:\Users\Felix\Desktop\JRT.txt
2014-09-23 20:23 - 2014-09-23 20:23 - 01024790 _____ (Thisisu) C:\Users\Felix\Desktop\JRT.exe
2014-09-23 20:23 - 2014-09-23 20:23 - 00000000 ____D () C:\Windows\ERUNT
2014-09-23 20:21 - 2014-09-23 20:21 - 00001376 _____ () C:\Users\Felix\Desktop\AdwCleaner[S2].txt
2014-09-23 20:18 - 2014-09-23 20:18 - 01373475 _____ () C:\Users\Felix\Desktop\AdwCleaner_3.310.exe
2014-09-23 20:14 - 2014-09-23 20:14 - 00002639 _____ () C:\Users\Felix\Desktop\mbam.txt
2014-09-23 20:03 - 2014-09-23 20:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 20:03 - 2014-09-23 20:03 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-23 20:03 - 2014-09-23 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 20:03 - 2014-09-23 20:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-23 20:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-23 20:03 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-23 20:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-23 20:01 - 2014-09-23 20:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Felix\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-09-22 16:14 - 2014-09-22 16:14 - 00022790 _____ () C:\ComboFix.txt
2014-09-22 16:03 - 2014-09-22 16:03 - 05579290 ____R (Swearware) C:\Users\Felix\Desktop\ComboFix.exe
2014-09-22 16:00 - 2014-09-22 16:14 - 00000000 ____D () C:\Qoobox
2014-09-22 16:00 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-22 16:00 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-22 16:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-22 16:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-22 16:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-22 16:00 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-22 16:00 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-22 16:00 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-22 15:59 - 2014-09-22 16:13 - 00000000 ____D () C:\Windows\erdnt
2014-09-22 15:57 - 2014-09-26 14:03 - 00003452 _____ () C:\Windows\PFRO.log
2014-09-21 16:04 - 2014-09-21 16:04 - 00040171 _____ () C:\Users\Felix\Downloads\Addition.txt
2014-09-21 16:03 - 2014-09-26 19:53 - 00018228 _____ () C:\Users\Felix\Downloads\FRST.txt
2014-09-21 16:03 - 2014-09-26 19:53 - 00000000 ____D () C:\FRST
2014-09-21 16:02 - 2014-09-26 19:52 - 02108928 _____ (Farbar) C:\Users\Felix\Downloads\FRST64.exe
2014-09-21 16:02 - 2014-09-26 14:04 - 00000896 _____ () C:\Windows\setupact.log
2014-09-21 16:02 - 2014-09-21 16:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-21 14:04 - 2014-09-21 14:04 - 00014040 _____ () C:\Users\Felix\Documents\cc_20140921_140423.reg
2014-09-21 12:11 - 2014-09-21 12:11 - 00002218 _____ () C:\Users\Felix\Desktop\SpyHunter.lnk
2014-09-21 12:11 - 2014-09-21 12:11 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-09-21 12:11 - 2014-09-21 12:11 - 00000000 ____D () C:\sh4ldr
2014-09-21 12:11 - 2014-09-21 12:11 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-21 12:11 - 2014-09-21 12:11 - 00000000 _____ () C:\autoexec.bat
2014-09-21 12:10 - 2014-09-21 12:11 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-21 12:09 - 2014-09-21 12:09 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Felix\Downloads\sh-remover.exe
2014-09-21 12:07 - 2014-09-21 12:07 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-21 12:02 - 2014-09-21 12:02 - 00026108 _____ () C:\Users\Felix\Documents\cc_20140921_120241.reg
2014-09-21 11:59 - 2014-09-21 11:59 - 00027572 _____ () C:\Users\Felix\Documents\cc_20140921_115940.reg
2014-09-21 11:54 - 2014-09-21 12:07 - 00000000 ____D () C:\Program Files (x86)\Firefox
2014-09-21 11:51 - 2014-09-21 11:51 - 00244392 _____ () C:\Users\Felix\Downloads\Firefox Setup Stub 32.0.2 (2).exe
2014-09-21 11:48 - 2014-09-21 11:49 - 00000000 ____D () C:\Users\Felix\Desktop\DXtory
2014-09-21 11:44 - 2014-09-21 11:44 - 00244392 _____ () C:\Users\Felix\Downloads\Firefox Setup Stub 32.0.2 (1).exe
2014-09-21 11:41 - 2014-09-21 11:41 - 00712280 _____ () C:\Users\Felix\Downloads\FirefoxSetup (1).exe
2014-09-21 11:22 - 2014-09-26 14:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-21 11:22 - 2014-09-21 12:07 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-21 11:21 - 2014-09-21 11:21 - 00719520 _____ ( ) C:\Users\Felix\Downloads\FirefoxSetup.exe
2014-09-21 11:20 - 2014-09-21 11:20 - 00244392 _____ () C:\Users\Felix\Downloads\Firefox Setup Stub 32.0.2.exe
2014-09-21 10:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-21 10:46 - 2014-09-23 20:20 - 00000000 ____D () C:\AdwCleaner
2014-09-21 10:39 - 2014-09-21 10:39 - 00019940 _____ () C:\Users\Felix\Documents\cc_20140921_103859.reg
2014-09-21 09:36 - 2014-09-21 09:36 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-09-21 09:36 - 2014-09-21 09:36 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Adobe Mini Bridge CS5
2014-09-21 09:23 - 2014-09-21 09:23 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Felix-PC-Felix
2014-09-21 09:22 - 2014-09-21 09:35 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-09-21 08:59 - 2014-09-23 20:16 - 00000000 ____D () C:\ProgramData\ercKQlgoeR
2014-09-21 08:59 - 2014-09-23 20:14 - 00000000 ____D () C:\ProgramData\InstaShare
2014-09-21 08:59 - 2014-09-21 09:11 - 1498834686 _____ () C:\Users\Felix\Downloads\226591-658829-adobe-photoshop-cs5.zip
2014-09-19 23:47 - 2014-09-23 20:16 - 00000000 ____D () C:\Windows\Sun
2014-09-16 19:30 - 2014-09-16 19:30 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Nvu
2014-09-16 19:26 - 2014-09-16 19:26 - 00000000 ____D () C:\Users\Felix\Desktop\NVU
2014-09-11 23:55 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 23:55 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 23:55 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 23:55 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 23:55 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 23:55 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 23:55 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 23:55 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 23:55 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 23:55 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 23:55 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 23:55 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 23:55 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 23:55 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 23:55 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 23:55 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 23:55 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 23:55 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 23:55 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 23:55 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 23:55 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 23:55 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 23:55 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 23:55 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 23:55 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 23:55 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 23:55 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 23:55 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 23:55 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 23:55 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 23:55 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 23:55 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 23:55 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 23:55 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 23:55 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 23:55 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 23:55 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 23:55 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 23:55 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 23:55 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 23:55 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 23:55 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 23:55 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 23:55 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 23:55 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 23:55 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 23:55 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 23:55 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 23:55 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 23:55 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 23:55 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 23:55 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 23:55 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 23:55 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 23:55 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 23:55 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 23:52 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 23:52 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 22:31 - 2014-09-21 09:10 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Nitro PDF
2014-09-11 17:07 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 17:07 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 17:07 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 17:07 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 17:07 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 17:07 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 17:07 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 17:07 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 17:07 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 17:07 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 17:07 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 17:31 - 2014-09-10 17:31 - 00001896 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk
2014-09-10 17:31 - 2014-09-10 17:31 - 00001884 _____ () C:\Users\Public\Desktop\Nitro Pro 9.lnk
2014-09-10 17:31 - 2014-09-10 17:31 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Nitro
2014-09-10 17:31 - 2014-09-10 17:31 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Downloaded Installations
2014-09-10 17:31 - 2014-09-10 17:31 - 00000000 ____D () C:\ProgramData\Nitro
2014-09-10 17:31 - 2014-09-10 17:31 - 00000000 ____D () C:\Program Files\Nitro
2014-09-10 17:31 - 2014-09-10 17:31 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-09-10 17:31 - 2014-09-10 17:31 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-09-10 17:31 - 2014-08-01 15:02 - 00029704 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon9.dll
2014-09-10 17:31 - 2014-08-01 15:02 - 00017928 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui9.dll
2014-09-10 17:29 - 2014-09-10 17:29 - 01655704 _____ (Nitro) C:\Users\Felix\Downloads\nitro_pro9.exe
2014-08-28 10:06 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 10:06 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 10:06 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 19:48 - 2013-12-08 02:05 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-26 19:02 - 2013-04-02 13:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-26 17:16 - 2014-01-07 20:39 - 01729696 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 16:31 - 2011-10-03 15:48 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-26 14:11 - 2009-07-14 06:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 14:11 - 2009-07-14 06:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 14:10 - 2009-07-14 19:58 - 08889314 _____ () C:\Windows\system32\perfh007.dat
2014-09-26 14:10 - 2009-07-14 19:58 - 02703466 _____ () C:\Windows\system32\perfc007.dat
2014-09-26 14:10 - 2009-07-14 07:13 - 00006456 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-26 14:04 - 2013-12-08 02:05 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-26 14:04 - 2013-04-01 10:53 - 00000146 _____ () C:\service.log
2014-09-26 14:04 - 2013-04-01 10:49 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-09-26 14:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 19:49 - 2011-06-18 00:03 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-25 16:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-23 13:37 - 2012-08-26 13:04 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-23 13:36 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-22 16:13 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-22 15:57 - 2011-06-11 11:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-21 13:45 - 2011-06-11 11:03 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-21 11:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-21 11:32 - 2014-08-05 14:20 - 00000000 ____D () C:\Users\Felix\Desktop\Red Faction
2014-09-21 11:32 - 2009-07-14 04:34 - 00000580 _____ () C:\Windows\win.ini
2014-09-21 11:31 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-09-21 10:51 - 2009-07-14 06:45 - 05050624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-21 10:49 - 2011-03-18 17:27 - 00000000 ____D () C:\ProgramData\ICQ
2014-09-21 10:38 - 2011-01-24 13:42 - 00000000 ____D () C:\Windows\Minidump
2014-09-21 09:42 - 2011-01-16 20:53 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Adobe
2014-09-21 09:24 - 2011-06-11 10:58 - 00000000 ____D () C:\Users\Felix\AppData\Local\Adobe
2014-09-21 09:23 - 2011-01-17 19:02 - 00149320 _____ () C:\Users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-21 08:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-09-20 00:32 - 2013-12-10 13:43 - 00000000 ____D () C:\ProgramData\Origin
2014-09-20 00:31 - 2011-01-17 16:39 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\Skype
2014-09-15 09:06 - 2011-01-16 13:45 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-12 20:33 - 2014-08-13 23:15 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\.minecraft
2014-09-11 23:58 - 2011-12-11 18:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 23:54 - 2013-07-28 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 23:52 - 2014-05-06 23:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 23:52 - 2011-01-16 23:35 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 17:31 - 2013-07-14 09:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-10 14:02 - 2013-04-02 13:21 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 14:02 - 2012-09-05 21:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 14:02 - 2011-06-11 10:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-06 18:58 - 2012-12-16 13:47 - 00000000 ____D () C:\Users\Felix\AppData\Roaming\NetSpeedMonitor
2014-09-04 21:24 - 2014-08-14 00:42 - 00000000 ____D () C:\Users\Felix\Desktop\Minecraft-Server
2014-09-03 10:14 - 2014-08-14 00:39 - 00000185 _____ () C:\Users\Felix\Downloads\eula.txt

Some content of TEMP:
====================
C:\Users\Felix\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 17:25

==================== End Of Log ============================
--- --- ---

Und ja, das Virus scheint "besiegt" zu sein, ich bedanke mich wirklich für ihre Hilfe und das sie ihre Zeit hierfür geopfert haben :)

schrauber 27.09.2014 19:08
Download Ordner leeren.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ProxyServer: http=127.0.0.1:55304;https=127.0.0.1:55304

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

LordKeksmann 29.09.2014 21:13
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-09-2014
Ran by Felix at 2014-09-29 22:07:56 Run:1
Running from C:\Users\Felix\Downloads
Loaded Profile: Felix (Available profiles: Felix)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyServer: http=127.0.0.1:55304;https=127.0.0.1:55304
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

==== End of Fixlog ====
Erneut bedanke ich mich für ihre Ratschläge und Hilfe :)

schrauber 30.09.2014 15:24
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:10 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131