Ads by OnlineBrowserAdvertising entfernen?

stewiecali · 31.05.2014, 16:10

Hallo, ich versuche seit einiger Zeit diese Malware zu entfernen und habe viele Programme schon versucht (CCleaner(Adwcleaner usw.) Ich habe auch schon probiert in meinen Systemeinstellungen Programme mit komischen Name zu deinstallieren allerdings hat nichts geholfen.
Ich hoffe jemand kann mir helfen.

mfg

M-K-D-B · 31.05.2014, 16:12

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Welche Programme hast du schon auf eigene Faust ausgeführt????

Alle Logdateien von AdwCleaner, etc. posten!!!

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

stewiecali · 31.05.2014, 16:29

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014
Ran by User (administrator) on PC1 on 31-05-2014 17:25:49
Running from C:\Users\User\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(TeamSpeak Systems GmbH) C:\Users\User\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-09-19] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-13] (Nullsoft, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3701525457-4283376491-4006895372-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-3701525457-4283376491-4006895372-1000\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3701525457-4283376491-4006895372-1000\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-3701525457-4283376491-4006895372-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3701525457-4283376491-4006895372-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3701525457-4283376491-4006895372-1000\...\MountPoints2: {f83ce596-d3fc-11e2-9cc3-806e6f6e6963} - SETUP.EXE
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Users\User\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x72AF0974E9E2CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{67B02B1A-7418-48EF-B2E5-02FC8EC69392}: [NameServer]192.168.178.1,192.168.178.46

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lpqe0v84.default
FF NetworkProxy: "socks_version", 4
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: AdRemoverrUuTubbe - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lpqe0v84.default\Extensions\y-ov@vasoobdhdw.net [2014-04-17]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome: 
=======
CHR Extension: (AdRemoverrUuTubbe) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dibpjnjgdeendckdpigimgmolffmpoca [2014-04-13]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR HKCU\...\Chrome\Extension: [bcfjehbfanfhgoehogmbiebedkidedjb] - C:\Users\User\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [bcfjehbfanfhgoehogmbiebedkidedjb] - C:\Users\User\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx [2013-08-21]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
S2 ReimageRealTimeProtection; C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-06-19] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
S3 b57xdbd; system32\DRIVERS\b57xdbd.sys [X]
S3 b57xdmp; system32\DRIVERS\b57xdmp.sys [X]
S3 bScsiMSa; system32\DRIVERS\bScsiMSa.sys [X]
S3 bScsiSDa; system32\DRIVERS\bScsiSDa.sys [X]
S3 cpuz134; \??\C:\Users\User\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 RwDrv; \??\C:\Windows\SysWOW64\Drivers\RwDrv.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-31 17:25 - 2014-05-31 17:26 - 00012597 _____ () C:\Users\User\Desktop\FRST.txt
2014-05-31 17:25 - 2014-05-31 17:25 - 02066944 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-05-31 17:25 - 2014-05-31 17:25 - 02066944 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-05-31 17:25 - 2014-05-31 17:25 - 00000000 ____D () C:\FRST
2014-05-31 16:44 - 2014-05-31 16:44 - 00961360 _____ (Chip Digital GmbH) C:\Users\User\Downloads\AdwCleaner - CHIP-Installer.exe
2014-05-31 14:24 - 2014-05-31 14:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\IMVUClient
2014-05-31 14:22 - 2014-05-31 14:23 - 00079248 _____ () C:\Users\User\Downloads\InstallIMVU_502.0_st_c.exe
2014-05-30 15:43 - 2014-05-30 15:43 - 00379963 _____ () C:\Users\User\Downloads\Yakuza-Keybinder.rar
2014-05-30 08:35 - 2014-05-30 08:35 - 08388904 _____ () C:\Users\User\Downloads\[Hochladen.to Dateien - Files kostenlos hochladen]fonts.txd
2014-05-29 21:15 - 2014-05-29 21:15 - 00161351 _____ () C:\Users\User\Downloads\-ORIGINAL--SKINS.rar
2014-05-29 21:15 - 2014-05-29 21:15 - 00000000 ____D () C:\Users\User\Desktop\-ORIGINAL--SKINS
2014-05-28 16:43 - 2014-05-28 16:43 - 00000000 ____D () C:\ProgramData\CDB
2014-05-28 16:42 - 2014-05-28 16:48 - 00000000 ____D () C:\rei
2014-05-28 16:42 - 2014-05-28 16:43 - 00000163 _____ () C:\Windows\Reimage.ini
2014-05-28 16:42 - 2014-05-28 16:42 - 00821320 _____ (Reimage®) C:\Users\User\Downloads\ReimageRepair.exe
2014-05-28 16:42 - 2014-05-28 16:42 - 00821320 _____ (Reimage®) C:\Users\User\Downloads\ReimageRepair (1).exe
2014-05-28 16:42 - 2014-05-28 16:42 - 00000000 ____D () C:\Program Files\Reimage
2014-05-26 15:45 - 2014-05-26 15:46 - 06067280 _____ () C:\Users\User\Downloads\#swaqman (2).zip
2014-05-25 10:29 - 2014-05-25 10:29 - 00412626 _____ () C:\Users\User\Downloads\Freundesliste System.zip
2014-05-25 10:29 - 2014-05-25 10:29 - 00000000 ____D () C:\Users\User\Desktop\Freundesliste System
2014-05-24 20:56 - 2014-05-24 20:56 - 02250240 _____ () C:\Users\User\Downloads\SA-Keybinder.exe
2014-05-24 20:40 - 2014-05-24 20:41 - 03684312 _____ () C:\Users\User\Downloads\rgnlauncher0.9.6 (2).exe
2014-05-24 10:17 - 2014-05-24 10:17 - 01993005 _____ () C:\Users\User\Downloads\Bilder.rar
2014-05-23 21:41 - 2014-05-23 21:41 - 00008192 _____ () C:\Users\User\Downloads\Adlerauge.exe
2014-05-23 21:39 - 2014-05-23 21:39 - 00008192 _____ () C:\Users\User\Downloads\SAMP-NameTag-Hack.exe
2014-05-23 20:50 - 2014-05-23 20:50 - 01131529 _____ () C:\Users\User\Downloads\edits.rar
2014-05-22 16:30 - 2014-05-22 16:30 - 00028670 _____ () C:\Users\User\Downloads\peko-ist-geil.wav
2014-05-21 18:48 - 2014-05-21 18:48 - 26151954 _____ () C:\Users\User\Downloads\GENRL0 (2)
2014-05-21 18:24 - 2014-05-22 14:30 - 00000000 ____D () C:\Users\User\Documents\Overlay-Optionen
2014-05-21 18:24 - 2014-05-21 18:24 - 00860672 _____ () C:\Users\User\Downloads\Overlay_1.45.exe
2014-05-21 18:24 - 2014-05-21 18:24 - 00860672 _____ () C:\Users\User\Desktop\Overlay_1.45.exe
2014-05-21 18:13 - 2014-05-21 18:13 - 24913027 _____ () C:\Users\User\Downloads\PigMussy-Pack.rar
2014-05-21 17:38 - 2014-05-21 17:38 - 08353712 _____ () C:\Users\User\Downloads\Kenny wat is den los mit dir_.mp4
2014-05-18 19:29 - 2014-05-18 19:29 - 00004760 _____ () C:\Users\User\Downloads\Weapon.dat - default.ide v3.rar
2014-05-18 10:35 - 2014-05-18 10:35 - 06247465 _____ () C:\Users\User\Downloads\Lagg oder DDos_.mp4
2014-05-17 18:58 - 2014-05-17 18:58 - 06362224 _____ () C:\Users\User\Downloads\Felix_Diesel #Healhack.mp4
2014-05-17 18:37 - 2014-05-17 18:37 - 00000000 ____D () C:\Users\User\Desktop\Deaglepack (1)
2014-05-17 18:36 - 2014-05-17 18:37 - 05643950 _____ () C:\Users\User\Downloads\Deaglepack (1).rar
2014-05-17 16:50 - 2014-05-17 16:50 - 00001174 _____ () C:\Users\User\Desktop\TeamSpeak 3 Client.lnk
2014-05-17 16:50 - 2014-05-17 16:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-17 16:40 - 2014-05-17 16:40 - 00961360 _____ (Chip Digital GmbH) C:\Users\User\Downloads\TeamSpeak 3 64 Bit - CHIP-Downloader.exe
2014-05-17 16:39 - 2014-05-17 16:39 - 00961360 _____ (Chip Digital GmbH) C:\Users\User\Downloads\TeamSpeak 3 32 Bit - CHIP-Downloader.exe
2014-05-17 12:44 - 2014-05-17 12:44 - 00080476 _____ () C:\Users\User\Downloads\YakuZa-Skin-f--r-die-Tomate.rar
2014-05-17 12:21 - 2014-05-17 12:21 - 00768428 _____ () C:\Users\User\Downloads\1341069701_HDiconsSAbyZera.zip
2014-05-17 11:43 - 2014-05-17 11:43 - 08388904 _____ () C:\Users\User\Downloads\fonts (4).txd
2014-05-16 20:32 - 2014-05-16 20:32 - 05220703 _____ () C:\Users\User\Desktop\RPG CITY  TEAM  USER  PRESENTATION  !.webm
2014-05-16 14:21 - 2014-05-16 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-16 14:21 - 2014-05-16 14:21 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-05-13 19:55 - 2014-05-19 20:34 - 00000000 ____D () C:\Users\User\Desktop\frag
2014-05-13 19:43 - 2014-05-13 19:43 - 00839913 _____ () C:\Users\User\Downloads\Yakuza-Intro.mp4
2014-05-10 18:45 - 2014-05-10 18:45 - 19568865 _____ () C:\Users\User\Downloads\Fertige-GENRL.rar
2014-05-10 16:30 - 2014-05-12 20:09 - 00000000 ____D () C:\Users\User\Desktop\King
2014-05-10 16:28 - 2014-05-10 16:30 - 106494550 _____ () C:\Users\User\Downloads\King.zip
2014-05-10 15:37 - 2014-05-10 15:37 - 00000000 ____D () C:\Users\User\Desktop\selfmadeavi
2014-05-09 18:38 - 2014-05-09 18:38 - 05355643 _____ () C:\Users\User\Downloads\Khalife.zip
2014-05-09 16:46 - 2014-05-09 16:46 - 00000000 ____D () C:\Users\User\Desktop\-Gerami-HD-Modpack- (3)
2014-05-09 16:45 - 2014-05-09 16:45 - 00892557 _____ () C:\Users\User\Downloads\-Gerami-HD-Modpack- (3).rar
2014-05-08 18:42 - 2014-05-16 19:57 - 00000000 ____D () C:\Users\User\Desktop\Overlay-by-swiix (3)
2014-05-08 18:42 - 2014-05-08 18:42 - 00798872 _____ () C:\Users\User\Downloads\Overlay-by-swiix (3).rar
2014-05-08 16:57 - 2014-05-08 16:57 - 00124902 _____ () C:\Users\User\Downloads\Bonas Ghosts CC Looks.rar
2014-05-08 16:52 - 2014-05-08 16:52 - 13661550 _____ () C:\Users\User\Downloads\SoundPack by xDeso1337.rar
2014-05-08 14:44 - 2014-05-08 14:45 - 00000000 ____D () C:\Program Files\Virtual Audio Cable
2014-05-08 14:44 - 2014-05-08 14:44 - 00537138 _____ () C:\Users\User\Downloads\vac413.zip
2014-05-08 14:44 - 2014-05-08 14:44 - 00108960 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys
2014-05-08 14:44 - 2014-05-08 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2014-05-08 14:41 - 2014-05-08 14:43 - 00279379 _____ () C:\Users\User\Downloads\VirtualAudioCable409.zip
2014-05-08 14:40 - 2014-05-08 14:40 - 00629584 _____ (Chip Digital GmbH) C:\Users\User\Downloads\Virtual Audio Cable - CHIP-Downloader.exe
2014-05-08 14:37 - 2014-05-31 17:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\Winamp
2014-05-08 14:36 - 2014-05-08 14:36 - 12855384 _____ (Nullsoft, Inc.) C:\Users\User\Downloads\winamp5666_full_de-de_b3516.exe
2014-05-08 14:35 - 2014-05-08 14:35 - 00042311 _____ () C:\Users\User\Downloads\TS3MusicBot-plugin.rar
2014-05-07 19:47 - 2014-05-07 19:48 - 34014392 _____ (DVDVideoSoft Ltd. ) C:\Users\User\Downloads\FreeYouTubeToMP3Converter34430 (1).exe
2014-05-07 16:19 - 2014-05-07 16:19 - 00401185 _____ () C:\Users\User\Downloads\AutoHotkey111500_ansi.zip
2014-05-06 16:58 - 2014-05-06 16:58 - 03684312 _____ () C:\Users\User\Downloads\rgnlauncher0.9.6 (1).exe
2014-05-06 15:20 - 2014-05-06 15:20 - 00444998 _____ () C:\Users\User\Downloads\Allgemeiner Keybinder (2).zip
2014-05-06 14:40 - 2014-05-06 14:40 - 00352765 _____ () C:\Users\User\Downloads\Beep-Tones by SCProductions.rar
2014-05-05 20:02 - 2014-05-05 20:03 - 121715851 _____ () C:\Users\User\Downloads\Icons (4).rar
2014-05-04 17:06 - 2014-05-09 16:32 - 00000055 _____ () C:\Users\User\Desktop\---.txt
2014-05-04 14:30 - 2014-05-04 14:30 - 01430648 _____ () C:\Users\User\Downloads\Bilder-by-javiguiza.rar
2014-05-04 09:44 - 2014-05-04 09:44 - 22981524 _____ () C:\Users\User\Downloads\GTA SA Backup Skins 123Axell.rar
2014-05-04 09:27 - 2014-05-04 09:27 - 06067280 _____ () C:\Users\User\Downloads\#swaqman (1).zip
2014-05-03 16:29 - 2014-05-03 16:29 - 00378583 _____ () C:\Users\User\Downloads\Chromatic Editing 200 subs CC pack.rar
2014-05-03 10:37 - 2014-05-03 10:49 - 00000831 _____ () C:\Users\User\Desktop\FBI Bewerbunggespräch.txt
2014-05-02 11:20 - 2014-05-02 11:20 - 00286640 _____ () C:\Windows\Minidump\050214-22308-01.dmp
2014-05-01 21:59 - 2014-05-01 21:59 - 00015869 _____ () C:\Users\User\Downloads\BULLSfisticon.rar
2014-05-01 21:51 - 2014-05-01 21:51 - 00635315 _____ () C:\Users\User\Downloads\Storm Sounds (1).zip
2014-05-01 21:49 - 2014-05-01 21:49 - 00378947 _____ () C:\Users\User\Downloads\Detektiv-Skillbot (1).rar
2014-05-01 16:03 - 2014-05-01 16:03 - 01088395 _____ () C:\Users\User\Downloads\Skin-edit-by-Johnisson.rar
2014-05-01 13:36 - 2014-05-01 13:36 - 00320103 _____ () C:\Users\User\Downloads\Yakuza-brillenSkin-Red.rar
2014-05-01 13:17 - 2014-05-01 13:17 - 00188505 _____ () C:\Users\User\Downloads\Yakuza-Anzug-Skins-colored.rar
2014-05-01 13:14 - 2014-05-01 13:14 - 00049449 _____ () C:\Users\User\Downloads\Interface (8).rar
2014-05-01 13:10 - 2014-05-01 13:10 - 00113716 _____ () C:\Users\User\Downloads\Interface - BluZe.rar
2014-05-01 13:06 - 2014-05-01 13:06 - 00416994 _____ () C:\Users\User\Downloads\Interface-Cataldi.rar
2014-05-01 12:56 - 2014-05-01 12:56 - 00049449 _____ () C:\Users\User\Downloads\Interface (7).rar
2014-05-01 10:58 - 2014-05-01 10:58 - 01169275 _____ () C:\Users\User\Downloads\3--Icons-by-caTaLdi (1).rar

==================== One Month Modified Files and Folders =======

2014-05-31 17:26 - 2014-05-31 17:25 - 00012597 _____ () C:\Users\User\Desktop\FRST.txt
2014-05-31 17:26 - 2013-06-13 11:51 - 00000000 ____D () C:\Users\User\AppData\Local\Temp
2014-05-31 17:25 - 2014-05-31 17:25 - 02066944 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-05-31 17:25 - 2014-05-31 17:25 - 02066944 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-05-31 17:25 - 2014-05-31 17:25 - 00000000 ____D () C:\FRST
2014-05-31 17:24 - 2014-04-12 16:22 - 00000000 ____D () C:\AdwCleaner
2014-05-31 17:19 - 2014-05-08 14:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\Winamp
2014-05-31 17:19 - 2014-04-11 17:32 - 00000000 ____D () C:\Users\User\AppData\Local\LogMeIn Hamachi
2014-05-31 17:19 - 2014-01-01 17:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-31 17:19 - 2013-06-13 12:49 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{148E43A9-7EF6-4727-974F-C29C4A3AB0B6}
2014-05-31 17:16 - 2013-06-13 19:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-31 17:15 - 2013-06-14 15:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2014-05-31 16:57 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-31 16:57 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-31 16:55 - 2011-04-12 09:43 - 00709248 _____ () C:\Windows\system32\perfh007.dat
2014-05-31 16:55 - 2011-04-12 09:43 - 00154102 _____ () C:\Windows\system32\perfc007.dat
2014-05-31 16:55 - 2009-07-14 07:13 - 01647172 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-31 16:53 - 2013-06-13 09:47 - 02088562 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 16:51 - 2013-06-19 14:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\IMVU
2014-05-31 16:51 - 2013-06-13 20:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-05-31 16:50 - 2013-08-11 19:37 - 00074423 _____ () C:\Windows\setupact.log
2014-05-31 16:49 - 2013-08-12 14:58 - 00190686 _____ () C:\Windows\PFRO.log
2014-05-31 16:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 16:44 - 2014-05-31 16:44 - 00961360 _____ (Chip Digital GmbH) C:\Users\User\Downloads\AdwCleaner - CHIP-Installer.exe
2014-05-31 16:37 - 2013-06-13 19:22 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-31 14:39 - 2013-06-13 11:51 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-31 14:24 - 2014-05-31 14:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\IMVUClient
2014-05-31 14:23 - 2014-05-31 14:22 - 00079248 _____ () C:\Users\User\Downloads\InstallIMVU_502.0_st_c.exe
2014-05-31 13:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-30 18:10 - 2013-11-30 12:44 - 00000000 ____D () C:\Users\User\Desktop\JBG2
2014-05-30 15:43 - 2014-05-30 15:43 - 00379963 _____ () C:\Users\User\Downloads\Yakuza-Keybinder.rar
2014-05-30 15:43 - 2013-11-02 12:39 - 00000020 _____ () C:\Users\User\AppData\Roaming\dx.ini
2014-05-30 08:35 - 2014-05-30 08:35 - 08388904 _____ () C:\Users\User\Downloads\[Hochladen.to Dateien - Files kostenlos hochladen]fonts.txd
2014-05-29 21:15 - 2014-05-29 21:15 - 00161351 _____ () C:\Users\User\Downloads\-ORIGINAL--SKINS.rar
2014-05-29 21:15 - 2014-05-29 21:15 - 00000000 ____D () C:\Users\User\Desktop\-ORIGINAL--SKINS
2014-05-29 18:08 - 2013-07-14 09:54 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-05-29 12:50 - 2013-08-11 19:41 - 00000000 ____D () C:\Users\User\Desktop\Alle SAMP Mods ♥
2014-05-28 16:48 - 2014-05-28 16:42 - 00000000 ____D () C:\rei
2014-05-28 16:43 - 2014-05-28 16:43 - 00000000 ____D () C:\ProgramData\CDB
2014-05-28 16:43 - 2014-05-28 16:42 - 00000163 _____ () C:\Windows\Reimage.ini
2014-05-28 16:42 - 2014-05-28 16:42 - 00821320 _____ (Reimage®) C:\Users\User\Downloads\ReimageRepair.exe
2014-05-28 16:42 - 2014-05-28 16:42 - 00821320 _____ (Reimage®) C:\Users\User\Downloads\ReimageRepair (1).exe
2014-05-28 16:42 - 2014-05-28 16:42 - 00000000 ____D () C:\Program Files\Reimage
2014-05-26 15:46 - 2014-05-26 15:45 - 06067280 _____ () C:\Users\User\Downloads\#swaqman (2).zip
2014-05-25 10:29 - 2014-05-25 10:29 - 00412626 _____ () C:\Users\User\Downloads\Freundesliste System.zip
2014-05-25 10:29 - 2014-05-25 10:29 - 00000000 ____D () C:\Users\User\Desktop\Freundesliste System
2014-05-25 09:27 - 2014-03-25 20:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-25 09:27 - 2013-06-13 20:16 - 00000000 ____D () C:\ProgramData\Skype
2014-05-24 20:56 - 2014-05-24 20:56 - 02250240 _____ () C:\Users\User\Downloads\SA-Keybinder.exe
2014-05-24 20:41 - 2014-05-24 20:40 - 03684312 _____ () C:\Users\User\Downloads\rgnlauncher0.9.6 (2).exe
2014-05-24 10:17 - 2014-05-24 10:17 - 01993005 _____ () C:\Users\User\Downloads\Bilder.rar
2014-05-24 08:32 - 2013-12-22 12:50 - 00000000 ____D () C:\Users\User\Desktop\Sony Vegas
2014-05-23 21:41 - 2014-05-23 21:41 - 00008192 _____ () C:\Users\User\Downloads\Adlerauge.exe
2014-05-23 21:39 - 2014-05-23 21:39 - 00008192 _____ () C:\Users\User\Downloads\SAMP-NameTag-Hack.exe
2014-05-23 20:50 - 2014-05-23 20:50 - 01131529 _____ () C:\Users\User\Downloads\edits.rar
2014-05-23 16:31 - 2013-08-08 17:01 - 00005120 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-22 16:30 - 2014-05-22 16:30 - 00028670 _____ () C:\Users\User\Downloads\peko-ist-geil.wav
2014-05-22 16:25 - 2014-03-16 15:08 - 00000000 ____D () C:\Users\User\Desktop\crashes
2014-05-22 14:30 - 2014-05-21 18:24 - 00000000 ____D () C:\Users\User\Documents\Overlay-Optionen
2014-05-22 14:22 - 2013-06-13 19:13 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-22 14:22 - 2013-06-13 19:13 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-21 19:32 - 2013-09-13 18:28 - 00000000 ____D () C:\Users\User\Desktop\SAMP Original Files
2014-05-21 18:48 - 2014-05-21 18:48 - 26151954 _____ () C:\Users\User\Downloads\GENRL0 (2)
2014-05-21 18:24 - 2014-05-21 18:24 - 00860672 _____ () C:\Users\User\Downloads\Overlay_1.45.exe
2014-05-21 18:24 - 2014-05-21 18:24 - 00860672 _____ () C:\Users\User\Desktop\Overlay_1.45.exe
2014-05-21 18:13 - 2014-05-21 18:13 - 24913027 _____ () C:\Users\User\Downloads\PigMussy-Pack.rar
2014-05-21 17:38 - 2014-05-21 17:38 - 08353712 _____ () C:\Users\User\Downloads\Kenny wat is den los mit dir_.mp4
2014-05-19 20:34 - 2014-05-13 19:55 - 00000000 ____D () C:\Users\User\Desktop\frag
2014-05-18 19:29 - 2014-05-18 19:29 - 00004760 _____ () C:\Users\User\Downloads\Weapon.dat - default.ide v3.rar
2014-05-18 10:35 - 2014-05-18 10:35 - 06247465 _____ () C:\Users\User\Downloads\Lagg oder DDos_.mp4
2014-05-17 18:58 - 2014-05-17 18:58 - 06362224 _____ () C:\Users\User\Downloads\Felix_Diesel #Healhack.mp4
2014-05-17 18:37 - 2014-05-17 18:37 - 00000000 ____D () C:\Users\User\Desktop\Deaglepack (1)
2014-05-17 18:37 - 2014-05-17 18:36 - 05643950 _____ () C:\Users\User\Downloads\Deaglepack (1).rar
2014-05-17 16:50 - 2014-05-17 16:50 - 00001174 _____ () C:\Users\User\Desktop\TeamSpeak 3 Client.lnk
2014-05-17 16:50 - 2014-05-17 16:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-17 16:50 - 2013-07-30 17:15 - 00000000 ____D () C:\Users\User\AppData\Local\TeamSpeak 3 Client
2014-05-17 16:40 - 2014-05-17 16:40 - 00961360 _____ (Chip Digital GmbH) C:\Users\User\Downloads\TeamSpeak 3 64 Bit - CHIP-Downloader.exe
2014-05-17 16:39 - 2014-05-17 16:39 - 00961360 _____ (Chip Digital GmbH) C:\Users\User\Downloads\TeamSpeak 3 32 Bit - CHIP-Downloader.exe
2014-05-17 12:44 - 2014-05-17 12:44 - 00080476 _____ () C:\Users\User\Downloads\YakuZa-Skin-f--r-die-Tomate.rar
2014-05-17 12:21 - 2014-05-17 12:21 - 00768428 _____ () C:\Users\User\Downloads\1341069701_HDiconsSAbyZera.zip
2014-05-17 11:43 - 2014-05-17 11:43 - 08388904 _____ () C:\Users\User\Downloads\fonts (4).txd
2014-05-17 11:09 - 2013-06-13 19:22 - 00001286 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-17 11:09 - 2013-06-13 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-17 11:09 - 2013-06-13 11:51 - 00000997 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-16 20:32 - 2014-05-16 20:32 - 05220703 _____ () C:\Users\User\Desktop\RPG CITY  TEAM  USER  PRESENTATION  !.webm
2014-05-16 19:57 - 2014-05-08 18:42 - 00000000 ____D () C:\Users\User\Desktop\Overlay-by-swiix (3)
2014-05-16 14:21 - 2014-05-16 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-16 14:21 - 2014-05-16 14:21 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-05-14 18:16 - 2013-06-13 19:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 18:16 - 2013-06-13 19:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 18:16 - 2013-06-13 19:22 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 19:43 - 2014-05-13 19:43 - 00839913 _____ () C:\Users\User\Downloads\Yakuza-Intro.mp4
2014-05-12 20:09 - 2014-05-10 16:30 - 00000000 ____D () C:\Users\User\Desktop\King
2014-05-10 18:45 - 2014-05-10 18:45 - 19568865 _____ () C:\Users\User\Downloads\Fertige-GENRL.rar
2014-05-10 16:30 - 2014-05-10 16:28 - 106494550 _____ () C:\Users\User\Downloads\King.zip
2014-05-10 15:37 - 2014-05-10 15:37 - 00000000 ____D () C:\Users\User\Desktop\selfmadeavi
2014-05-09 18:38 - 2014-05-09 18:38 - 05355643 _____ () C:\Users\User\Downloads\Khalife.zip
2014-05-09 16:46 - 2014-05-09 16:46 - 00000000 ____D () C:\Users\User\Desktop\-Gerami-HD-Modpack- (3)
2014-05-09 16:45 - 2014-05-09 16:45 - 00892557 _____ () C:\Users\User\Downloads\-Gerami-HD-Modpack- (3).rar
2014-05-09 16:32 - 2014-05-04 17:06 - 00000055 _____ () C:\Users\User\Desktop\---.txt
2014-05-08 18:42 - 2014-05-08 18:42 - 00798872 _____ () C:\Users\User\Downloads\Overlay-by-swiix (3).rar
2014-05-08 17:02 - 2014-01-01 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Bullet Looks
2014-05-08 16:57 - 2014-05-08 16:57 - 00124902 _____ () C:\Users\User\Downloads\Bonas Ghosts CC Looks.rar
2014-05-08 16:52 - 2014-05-08 16:52 - 13661550 _____ () C:\Users\User\Downloads\SoundPack by xDeso1337.rar
2014-05-08 14:45 - 2014-05-08 14:44 - 00000000 ____D () C:\Program Files\Virtual Audio Cable
2014-05-08 14:44 - 2014-05-08 14:44 - 00537138 _____ () C:\Users\User\Downloads\vac413.zip
2014-05-08 14:44 - 2014-05-08 14:44 - 00108960 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys
2014-05-08 14:44 - 2014-05-08 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2014-05-08 14:43 - 2014-05-08 14:41 - 00279379 _____ () C:\Users\User\Downloads\VirtualAudioCable409.zip
2014-05-08 14:40 - 2014-05-08 14:40 - 00629584 _____ (Chip Digital GmbH) C:\Users\User\Downloads\Virtual Audio Cable - CHIP-Downloader.exe
2014-05-08 14:37 - 2014-01-13 17:57 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-05-08 14:36 - 2014-05-08 14:36 - 12855384 _____ (Nullsoft, Inc.) C:\Users\User\Downloads\winamp5666_full_de-de_b3516.exe
2014-05-08 14:35 - 2014-05-08 14:35 - 00042311 _____ () C:\Users\User\Downloads\TS3MusicBot-plugin.rar
2014-05-07 19:49 - 2013-08-25 19:28 - 00001540 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-05-07 19:49 - 2013-07-07 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-07 19:49 - 2013-07-07 20:21 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-05-07 19:48 - 2014-05-07 19:47 - 34014392 _____ (DVDVideoSoft Ltd. ) C:\Users\User\Downloads\FreeYouTubeToMP3Converter34430 (1).exe
2014-05-07 19:48 - 2013-07-07 20:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\DVDVideoSoft
2014-05-07 16:19 - 2014-05-07 16:19 - 00401185 _____ () C:\Users\User\Downloads\AutoHotkey111500_ansi.zip
2014-05-06 16:58 - 2014-05-06 16:58 - 03684312 _____ () C:\Users\User\Downloads\rgnlauncher0.9.6 (1).exe
2014-05-06 15:20 - 2014-05-06 15:20 - 00444998 _____ () C:\Users\User\Downloads\Allgemeiner Keybinder (2).zip
2014-05-06 14:40 - 2014-05-06 14:40 - 00352765 _____ () C:\Users\User\Downloads\Beep-Tones by SCProductions.rar
2014-05-05 20:03 - 2014-05-05 20:02 - 121715851 _____ () C:\Users\User\Downloads\Icons (4).rar
2014-05-04 14:30 - 2014-05-04 14:30 - 01430648 _____ () C:\Users\User\Downloads\Bilder-by-javiguiza.rar
2014-05-04 09:44 - 2014-05-04 09:44 - 22981524 _____ () C:\Users\User\Downloads\GTA SA Backup Skins 123Axell.rar
2014-05-04 09:27 - 2014-05-04 09:27 - 06067280 _____ () C:\Users\User\Downloads\#swaqman (1).zip
2014-05-03 16:29 - 2014-05-03 16:29 - 00378583 _____ () C:\Users\User\Downloads\Chromatic Editing 200 subs CC pack.rar
2014-05-03 10:49 - 2014-05-03 10:37 - 00000831 _____ () C:\Users\User\Desktop\FBI Bewerbunggespräch.txt
2014-05-02 11:20 - 2014-05-02 11:20 - 00286640 _____ () C:\Windows\Minidump\050214-22308-01.dmp
2014-05-02 11:20 - 2014-04-12 10:21 - 316477296 _____ () C:\Windows\MEMORY.DMP
2014-05-02 11:20 - 2013-06-15 20:52 - 00000000 ____D () C:\Windows\Minidump
2014-05-02 11:20 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-01 21:59 - 2014-05-01 21:59 - 00015869 _____ () C:\Users\User\Downloads\BULLSfisticon.rar
2014-05-01 21:51 - 2014-05-01 21:51 - 00635315 _____ () C:\Users\User\Downloads\Storm Sounds (1).zip
2014-05-01 21:51 - 2013-06-14 16:39 - 00000000 ____D () C:\Users\User\Desktop\Game ♥
2014-05-01 21:49 - 2014-05-01 21:49 - 00378947 _____ () C:\Users\User\Downloads\Detektiv-Skillbot (1).rar
2014-05-01 16:03 - 2014-05-01 16:03 - 01088395 _____ () C:\Users\User\Downloads\Skin-edit-by-Johnisson.rar
2014-05-01 13:36 - 2014-05-01 13:36 - 00320103 _____ () C:\Users\User\Downloads\Yakuza-brillenSkin-Red.rar
2014-05-01 13:17 - 2014-05-01 13:17 - 00188505 _____ () C:\Users\User\Downloads\Yakuza-Anzug-Skins-colored.rar
2014-05-01 13:14 - 2014-05-01 13:14 - 00049449 _____ () C:\Users\User\Downloads\Interface (8).rar
2014-05-01 13:10 - 2014-05-01 13:10 - 00113716 _____ () C:\Users\User\Downloads\Interface - BluZe.rar
2014-05-01 13:06 - 2014-05-01 13:06 - 00416994 _____ () C:\Users\User\Downloads\Interface-Cataldi.rar
2014-05-01 12:56 - 2014-05-01 12:56 - 00049449 _____ () C:\Users\User\Downloads\Interface (7).rar
2014-05-01 10:58 - 2014-05-01 10:58 - 01169275 _____ () C:\Users\User\Downloads\3--Icons-by-caTaLdi (1).rar

Files to move or delete:
====================
C:\Users\User\AppData\Roaming\dx.ini


Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\InstallIMVU_502.0.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-10 14:14

==================== End Of Log ============================

--- --- ---

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2014
Ran by User at 2014-05-31 17:26:53
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
AntiCrash 3.6.1 (HKLM-x32\...\{39F8BF57-47FA-4F8D-9404-1B41321743AF}) (Version:  - )
AutoHotkey 1.1.14.01 (HKLM-x32\...\AutoHotkey) (Version: 1.1.14.01 - Lexikos)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.235.19 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)
Camtasia Studio 8 (HKLM-x32\...\{2B1F8DD0-873D-4AC3-8400-766F255FE263}) (Version: 8.1.0.1281 - TechSmith Corporation)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
CLEO v3.0.950 (HKLM-x32\...\{8FB91814-FE42-4B62-9B54-4B677A420715}_is1) (Version:  - Seemann (www.sannybuilder.com))
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dxtory version 2.0.124 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.124 - ExKode Co. Ltd.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Audio Converter version 5.0.38.423 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.38.423 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.34.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Grand Theft Auto San Andreas (HKLM-x32\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games)
IMVU Avatar Chat Software (HKCU\...\IMVU Avatar chat client software BETA) (Version:  - )
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3062 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.193 - LogMeIn, Inc.) Hidden
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{26055432-339E-4776-803B-F22240B91864}) (Version: 11.1.2 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.1.2 - Red Giant Software) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.1 - Notepad++ Team)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Reimage Protector (HKLM\...\Reimage Protector) (Version:  - Reimage)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sandboxie 4.06 (64-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
SciTE4AutoHotkey v3.0.04 (HKLM-x32\...\SciTE4AutoHotkey) (Version: v3.0.04 - fincs)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Vegas Pro 12.0 (64-bit) (HKLM\...\{A1A75F4F-9C9F-11E2-8FCB-F04DA23A5C58}) (Version: 12.0.563 - Sony)
Virtual Audio Cable 4.13 (HKLM\...\Virtual Audio Cable 4.13) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

17-05-2014 09:24:55 Windows Update
28-05-2014 14:37:07 Removed System Requirements Lab for Intel
31-05-2014 15:20:31 Removed XSplit

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0D3010E0-AE40-44C9-89E5-1C0DDA7E7B51} - \MySearchDial No Task File <==== ATTENTION
Task: {253F9BC2-1CF0-4D83-9B3F-880166F8C292} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {480C3B2F-9164-434C-A1A9-3EB40DAA0F04} - \PriceMeterLiveUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {4B0CDF8F-9460-4281-9E08-8EBC74B9BB13} - \PriceMeterLiveUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {54EB0E28-0F94-4E82-A21E-710D6C482D1F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-13] (Google Inc.)
Task: {558AC428-01AB-496F-97B5-D661CDE8A229} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-13] (Google Inc.)
Task: {59179B25-AD1A-433F-8827-CD2A0CEF9141} - \BrowserDefendert No Task File <==== ATTENTION
Task: {5C9B5541-252E-4273-AAD3-1D00A5E6CA4C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {867B102B-6D97-4576-9E90-F9F30E4083F2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {96EFB2BB-E37A-4C46-AE47-EEEA03AB84C8} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {97169AD0-9ACE-4C1D-B309-8FC96B68727E} - \Dealply No Task File <==== ATTENTION
Task: {AB04294C-250F-4926-B189-8C3E9C7DE56F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {C1E92974-A63C-4E29-80C6-77801B6EF052} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-01-09] (Enigma Software Group USA, LLC.)
Task: {C99732FB-4EA5-4AC4-A004-CBEC2A92735D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {D5A01C56-9DC9-4630-B883-4A9336CC6C72} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {F124AA82-88EA-46D2-8DA3-C208AE268264} - \pricemeterdownloader No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef348ab479b3a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Oxy.job => C:\Users\User\AppData\Roaming\Oxy\Updater.exe
Task: C:\Windows\Tasks\PDR11.exe_20130707_205027_0738.job => C:\Program Files\CyberLink\PowerDirector11\PDR11.exe
Task: C:\Windows\Tasks\RDReminder.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\RunOW.job => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe

==================== Loaded Modules (whitelisted) =============

2014-01-31 14:20 - 2013-12-19 20:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-28 11:14 - 2014-02-28 11:14 - 00173568 _____ () C:\Users\User\AppData\Local\TeamSpeak 3 Client\quazip.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 01080832 _____ () C:\Users\User\AppData\Local\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00833024 _____ () C:\Users\User\AppData\Local\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-02-28 15:07 - 2014-02-28 15:07 - 00102344 _____ () C:\Users\User\AppData\Local\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-02-28 15:07 - 2014-02-28 15:07 - 00108488 _____ () C:\Users\User\AppData\Local\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00030208 _____ () C:\Users\User\AppData\Local\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00233984 _____ () C:\Users\User\AppData\Local\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-02-28 15:10 - 2014-02-28 15:10 - 00563656 _____ () C:\Users\User\AppData\Local\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-02-28 15:10 - 2014-02-28 15:10 - 00577480 _____ () C:\Users\User\AppData\Local\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00159232 _____ () C:\Users\User\AppData\Local\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2014-01-28 15:10 - 2014-01-23 07:56 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
2014-01-28 15:10 - 2014-01-23 07:56 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll
2014-01-28 15:10 - 2014-01-23 07:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-28 15:10 - 2014-01-23 07:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-28 15:10 - 2014-01-23 07:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
2014-02-20 17:11 - 2014-02-20 17:11 - 13632904 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\12.0.0.70\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\User\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\User\AppData\Roaming:NT

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AntiCrash.lnk => C:\Windows\pss\AntiCrash.lnk.Startup
MSCONFIG\startupreg: RGSC => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2014 04:51:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2014 04:50:11 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (05/31/2014 04:50:11 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (05/31/2014 04:50:11 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (05/31/2014 04:49:56 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (05/31/2014 04:49:56 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (05/31/2014 04:49:56 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (05/31/2014 04:49:11 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (05/31/2014 01:45:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2014 01:43:58 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0


System errors:
=============
Error: (05/31/2014 04:50:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protection" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/31/2014 01:44:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protection" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/31/2014 01:41:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Automatische WLAN-Konfiguration" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/31/2014 01:41:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sitzungs-Manager für Desktopfenster-Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/31/2014 01:41:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Überwachung verteilter Verknüpfungen (Client)" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/31/2014 01:41:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/31/2014 01:41:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Programmkompatibilitäts-Assistent-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/31/2014 01:41:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Netzwerkverbindungen" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/31/2014 01:41:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Zugriff auf Eingabegeräte" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/31/2014 01:41:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Offlinedateien" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (05/31/2014 04:51:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2014 04:50:11 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (05/31/2014 04:50:11 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (05/31/2014 04:50:11 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (05/31/2014 04:49:56 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name43900

Error: (05/31/2014 04:49:56 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name25900

Error: (05/31/2014 04:49:56 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name17900

Error: (05/31/2014 04:49:11 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (05/31/2014 01:45:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/31/2014 01:43:58 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name43900


==================== Memory info =========================== 

Percentage of memory in use: 29%
Total physical RAM: 8043.86 MB
Available physical RAM: 5681.56 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 13699.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:680.54 GB) (Free:222.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Disk_2) (CDROM) (Total:5.55 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 2A180AE6)
Partition 1: (Active) - (Size=681 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B · 31.05.2014, 17:52

Bitte lies meine Posts genau durch, sonst dauert es nur länger...

Zitat:

Zitat von M-K-D-B

Welche Programme hast du schon auf eigene Faust ausgeführt????

Alle Logdateien von AdwCleaner, etc. posten!!!

stewiecali · 31.05.2014, 20:28

Oh Entschuldigung, ich habe Ccleaner, Adwcleaner und Spyhunter ausprobiert.
Ich habe die Programme nicht mehr auf dem PC kann ich die Logdateien noch irgentwie wieder finden?

M-K-D-B · 31.05.2014, 20:31

Servus,

SpyHunter bitte wieder deinstallieren, das Programm verspricht viel, kann aber gar nichts. Zudem wird es von den meisten selbst als Fake Tool angesehen.

Dann geht es so weiter:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

stewiecali · 01.06.2014, 09:25

Code:

ATTFilter

ComboFix 14-05-29.01 - User 01.06.2014  10:03:00.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8044.6367 [GMT 2:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\book\Generic_User_Guide.pdf
c:\cflog\book\Quick_Guide.pdf
c:\cflog\EPLog.txt
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dibpjnjgdeendckdpigimgmolffmpoca
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dibpjnjgdeendckdpigimgmolffmpoca\1.9_1\background.html
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dibpjnjgdeendckdpigimgmolffmpoca\1.9_1\content.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dibpjnjgdeendckdpigimgmolffmpoca\1.9_1\lsdb.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dibpjnjgdeendckdpigimgmolffmpoca\1.9_1\manifest.json
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dibpjnjgdeendckdpigimgmolffmpoca\1.9_1\sHo5.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dibpjnjgdeendckdpigimgmolffmpoca_0.localstorage
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\User\AppData\Roaming\ds.exe
c:\users\User\AppData\Roaming\install_flashplayer.exe
c:\users\User\AppData\Roaming\load_winupd.exe
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lpqe0v84.default\Extensions\y-ov@vasoobdhdw.net
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lpqe0v84.default\Extensions\y-ov@vasoobdhdw.net\bootstrap.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lpqe0v84.default\Extensions\y-ov@vasoobdhdw.net\chrome.manifest
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lpqe0v84.default\Extensions\y-ov@vasoobdhdw.net\content\bg.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lpqe0v84.default\Extensions\y-ov@vasoobdhdw.net\install.rdf
c:\users\User\AppData\Roaming\User3SQLite3.dll
c:\users\User\AppData\Roaming\Userlog.dat
c:\users\User\AppData\Roaming\Windir
c:\windows\SysWow64\settings.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-01 bis 2014-06-01  ))))))))))))))))))))))))))))))
.
.
2014-06-01 08:12 . 2014-06-01 08:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-01 07:59 . 2014-06-01 07:59	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{62A7607C-FBC8-48C8-869D-6070B05802C3}\offreg.dll
2014-05-31 15:25 . 2014-05-31 15:27	--------	d-----w-	C:\FRST
2014-05-31 12:24 . 2014-05-31 12:24	--------	d-----w-	c:\users\User\AppData\Roaming\IMVUClient
2014-05-28 14:43 . 2014-05-28 14:43	--------	d-----w-	c:\programdata\CDB
2014-05-28 14:42 . 2014-05-28 14:42	--------	d-----w-	c:\program files\Reimage
2014-05-28 14:42 . 2014-05-28 14:48	--------	d-----w-	C:\rei
2014-05-25 07:27 . 2014-05-25 07:27	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-05-17 09:25 . 2014-04-17 03:31	10651704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{62A7607C-FBC8-48C8-869D-6070B05802C3}\mpengine.dll
2014-05-16 12:21 . 2014-05-16 12:21	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2014-05-08 12:44 . 2014-05-08 12:45	--------	d-----w-	c:\program files\Virtual Audio Cable
2014-05-08 12:44 . 2014-05-08 12:44	108960	----a-w-	c:\windows\system32\drivers\vrtaucbl.sys
2014-05-08 12:37 . 2014-05-31 15:19	--------	d-----w-	c:\users\User\AppData\Roaming\Winamp
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-22 12:22 . 2013-06-13 17:13	130584	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-05-22 12:22 . 2013-06-13 17:13	112080	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-05-14 16:16 . 2013-06-13 17:22	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 16:16 . 2013-06-13 17:22	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-20 07:36 . 2014-04-20 07:36	0	---ha-w-	c:\users\User\AppData\Local\BIT3C44.tmp
2014-03-31 07:35 . 2010-11-21 03:27	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-03-09 17:10 . 2014-03-09 17:10	98304	----a-w-	c:\windows\SysWow64\CmdLineExt.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dxtory Update Checker 2.0"="c:\program files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2013-10-16 759496]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21446272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-05-22 737872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2013-12-13 85600]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-05-13 3814736]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IMVU.lnk - c:\users\User\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe "--startup" [2014-5-22 51496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ReimageRealTimeProtection;Reimage Real Time Protection;c:\program files\Reimage\Reimage Repair\ReiGuard.exe;c:\program files\Reimage\Reimage Repair\ReiGuard.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
R3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
R3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
R3 cpuz134;cpuz134;c:\users\User\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\User\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 RwDrv;RwDrv;c:\windows\SysWOW64\Drivers\RwDrv.sys;c:\windows\SysWOW64\Drivers\RwDrv.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys;c:\windows\SYSNATIVE\DRIVERS\vrtaucbl.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-28 13:10	1211672	----a-w-	c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13 16:16]
.
2013-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cef348ab479b3a.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-13 17:22]
.
2014-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-13 17:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-06-15 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-06-15 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-06-15 442352]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-09-19 1028896]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: Interfaces\{67B02B1A-7418-48EF-B2E5-02FC8EC69392}: NameServer = 192.168.178.1,192.168.178.46
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lpqe0v84.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Overwolf - c:\program files (x86)\Overwolf\Overwolf.exe
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{8FB91814-FE42-4B62-9B54-4B677A420715}_is1 - c:\program files (x86)\Rockstar Games\Grand Theft Auto San Andreas\unins000.exe
AddRemove-{0CC15B17-F592-48E6-B442-D74E45ADFC89} - c:\users\User\AppData\Local\{31D1DBE2-787B-49D2-BB70-930928C139F5}\Setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3701525457-4283376491-4006895372-1000\Software\SecuROM\License information*]
"datasecu"=hex:51,62,7f,0c,cd,92,c1,1d,a4,27,d1,d7,be,f0,34,45,2b,60,5a,af,f0,
   6a,b4,23,7a,7a,4d,c6,b5,7e,66,b9,95,76,ab,19,c8,45,b2,46,e3,8c,0e,8b,77,8c,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-01  10:14:50
ComboFix-quarantined-files.txt  2014-06-01 08:14
.
Vor Suchlauf: 23 Verzeichnis(se), 277.829.042.176 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 277.350.014.976 Bytes frei
.
- - End Of File - - D842D69F60E741C97CC6848EE8B08B25
A36C5E4F47E84449FF07ED3517B43A31

M-K-D-B · 01.06.2014, 11:13

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 3
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 4
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.

Starte Zoek.exe mit einem Doppelklick.
Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
Code:
ATTFilter
```
iedefaults;
resetIEproxy;
FFdefaults;
CHRdefaults;
emptyclsid;
autoclean;
         
```
Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).

Schritt 5

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von JRT,
die Logdatei von MBAM,
die Logdatei von Zoek,
die beiden neuen Logdateien von FRST.

stewiecali · 01.06.2014, 19:41

Hallo Matthias, nachdem ich zoek.exe durchlaufen lies, hat alles super funktioniert. Mein Problem ist gelöst, danke dir vielmals. Falls Freunde auch dieses Problem haben werde ich sie an dich weiterleiten. Brauchst du die Logfiles trotzdem noch oder kann ich diese löschen?

Gruß Max

M-K-D-B · 02.06.2014, 14:25

Zitat:

Zitat von stewiecali

Hallo Matthias, nachdem ich zoek.exe durchlaufen lies, hat alles super funktioniert. Mein Problem ist gelöst, danke dir vielmals. Falls Freunde auch dieses Problem haben werde ich sie an dich weiterleiten. Brauchst du die Logfiles trotzdem noch oder kann ich diese löschen?

Könntest du bitte so lange die Logdateien posten und mit mir mitarbeiten, bis ich dir sage, dass wir fertig sind?

Vielen Dank.

stewiecali · 02.06.2014, 15:02

Adw

Code:

ATTFilter

# AdwCleaner v3.211 - Bericht erstellt am 01/06/2014 um 16:41:06
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : User - PC1
# Gestartet von : C:\Users\User\Downloads\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16635


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lpqe0v84.default\prefs.js ]


-\\ Google Chrome v32.0.1700.102

[ Datei : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [25239 octets] - [17/05/2014 11:07:14]
AdwCleaner[R1].txt - [1730 octets] - [31/05/2014 16:44:58]
AdwCleaner[R2].txt - [1403 octets] - [31/05/2014 17:24:11]
AdwCleaner[R3].txt - [1374 octets] - [01/06/2014 16:38:36]
AdwCleaner[S0].txt - [22658 octets] - [17/05/2014 11:09:17]
AdwCleaner[S1].txt - [1694 octets] - [31/05/2014 16:48:49]
AdwCleaner[S2].txt - [1249 octets] - [01/06/2014 16:41:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1309 octets] ##########

Frst Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014 01
Ran by User at 2014-06-01 17:18:22
Running from C:\Users\User\Desktop\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
AntiCrash 3.6.1 (HKLM-x32\...\{39F8BF57-47FA-4F8D-9404-1B41321743AF}) (Version:  - )
AutoHotkey 1.1.14.01 (HKLM-x32\...\AutoHotkey) (Version: 1.1.14.01 - Lexikos)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.100.235.19 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)
Camtasia Studio 8 (HKLM-x32\...\{2B1F8DD0-873D-4AC3-8400-766F255FE263}) (Version: 8.1.0.1281 - TechSmith Corporation)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
CLEO v3.0.950 (HKLM-x32\...\{8FB91814-FE42-4B62-9B54-4B677A420715}_is1) (Version:  - Seemann (www.sannybuilder.com))
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dxtory version 2.0.124 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.124 - ExKode Co. Ltd.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Audio Converter version 5.0.38.423 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.38.423 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.34.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Grand Theft Auto San Andreas (HKLM-x32\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games)
IMVU Avatar Chat Software (HKCU\...\IMVU Avatar chat client software BETA) (Version:  - )
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3062 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.193 - LogMeIn, Inc.) Hidden
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{26055432-339E-4776-803B-F22240B91864}) (Version: 11.1.2 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.1.2 - Red Giant Software) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.1 - Notepad++ Team)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Reimage Protector (HKLM\...\Reimage Protector) (Version:  - Reimage)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sandboxie 4.06 (64-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
SciTE4AutoHotkey v3.0.04 (HKLM-x32\...\SciTE4AutoHotkey) (Version: v3.0.04 - fincs)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Vegas Pro 12.0 (64-bit) (HKLM\...\{A1A75F4F-9C9F-11E2-8FCB-F04DA23A5C58}) (Version: 12.0.563 - Sony)
Virtual Audio Cable 4.13 (HKLM\...\Virtual Audio Cable 4.13) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

28-05-2014 14:37:07 Removed System Requirements Lab for Intel
31-05-2014 15:20:31 Removed XSplit
01-06-2014 07:59:02 Removed SpyHunter

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-06-01 10:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0D3010E0-AE40-44C9-89E5-1C0DDA7E7B51} - \MySearchDial No Task File <==== ATTENTION
Task: {253F9BC2-1CF0-4D83-9B3F-880166F8C292} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {480C3B2F-9164-434C-A1A9-3EB40DAA0F04} - \PriceMeterLiveUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {4B0CDF8F-9460-4281-9E08-8EBC74B9BB13} - \PriceMeterLiveUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {54EB0E28-0F94-4E82-A21E-710D6C482D1F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-13] (Google Inc.)
Task: {558AC428-01AB-496F-97B5-D661CDE8A229} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-13] (Google Inc.)
Task: {59179B25-AD1A-433F-8827-CD2A0CEF9141} - \BrowserDefendert No Task File <==== ATTENTION
Task: {5C9B5541-252E-4273-AAD3-1D00A5E6CA4C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {867B102B-6D97-4576-9E90-F9F30E4083F2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {96EFB2BB-E37A-4C46-AE47-EEEA03AB84C8} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {97169AD0-9ACE-4C1D-B309-8FC96B68727E} - \Dealply No Task File <==== ATTENTION
Task: {AB04294C-250F-4926-B189-8C3E9C7DE56F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {C99732FB-4EA5-4AC4-A004-CBEC2A92735D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {D5A01C56-9DC9-4630-B883-4A9336CC6C72} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {F124AA82-88EA-46D2-8DA3-C208AE268264} - \pricemeterdownloader No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef348ab479b3a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-31 14:20 - 2013-12-19 20:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-28 11:14 - 2014-02-28 11:14 - 00173568 _____ () C:\Users\User\AppData\Local\TeamSpeak 3 Client\quazip.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 01080832 _____ () C:\Users\User\AppData\Local\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00833024 _____ () C:\Users\User\AppData\Local\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-02-28 15:07 - 2014-02-28 15:07 - 00102344 _____ () C:\Users\User\AppData\Local\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-02-28 15:07 - 2014-02-28 15:07 - 00108488 _____ () C:\Users\User\AppData\Local\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00030208 _____ () C:\Users\User\AppData\Local\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00233984 _____ () C:\Users\User\AppData\Local\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-02-28 15:10 - 2014-02-28 15:10 - 00563656 _____ () C:\Users\User\AppData\Local\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-02-28 15:10 - 2014-02-28 15:10 - 00577480 _____ () C:\Users\User\AppData\Local\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00159232 _____ () C:\Users\User\AppData\Local\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2014-01-28 15:10 - 2014-01-23 07:56 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
2014-01-28 15:10 - 2014-01-23 07:56 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll
2014-01-28 15:10 - 2014-01-23 07:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-28 15:10 - 2014-01-23 07:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-28 15:10 - 2014-01-23 07:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
2014-02-20 17:11 - 2014-02-20 17:11 - 13632904 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\12.0.0.70\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\User\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\User\AppData\Roaming:NT

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AntiCrash.lnk => C:\Windows\pss\AntiCrash.lnk.Startup
MSCONFIG\startupreg: RGSC => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/01/2014 04:43:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2014 04:41:56 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (06/01/2014 04:41:56 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (06/01/2014 04:41:56 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (06/01/2014 04:41:13 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (06/01/2014 04:04:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2014 04:03:16 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (06/01/2014 04:03:16 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (06/01/2014 04:03:16 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (06/01/2014 04:03:06 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0


System errors:
=============
Error: (06/01/2014 04:42:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protection" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/01/2014 04:04:50 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (06/01/2014 04:03:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protection" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/01/2014 10:35:40 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (06/01/2014 10:12:41 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/01/2014 10:12:10 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/01/2014 10:09:51 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/01/2014 09:37:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protection" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/31/2014 04:50:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protection" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (05/31/2014 01:44:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protection" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (06/01/2014 04:43:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2014 04:41:56 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name43900

Error: (06/01/2014 04:41:56 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name25900

Error: (06/01/2014 04:41:56 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name17900

Error: (06/01/2014 04:41:13 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (06/01/2014 04:04:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2014 04:03:16 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (06/01/2014 04:03:16 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (06/01/2014 04:03:16 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (06/01/2014 04:03:06 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Eap method DLL path name43900


CodeIntegrity Errors:
===================================
  Date: 2014-06-01 10:12:10.136
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-01 10:12:10.105
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 25%
Total physical RAM: 8043.86 MB
Available physical RAM: 5969.55 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 13952.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:680.54 GB) (Free:258.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Disk_2) (CDROM) (Total:5.55 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 2A180AE6)
Partition 1: (Active) - (Size=681 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by User (administrator) on PC1 on 01-06-2014 17:17:46
Running from C:\Users\User\Desktop\FRST
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) C:\Users\User\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-09-19] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-13] (Nullsoft, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3701525457-4283376491-4006895372-1000\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-3701525457-4283376491-4006895372-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2013-10-16] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3701525457-4283376491-4006895372-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> C:\Users\User\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x72AF0974E9E2CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{67B02B1A-7418-48EF-B2E5-02FC8EC69392}: [NameServer]192.168.178.1,192.168.178.46

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lpqe0v84.default
FF NetworkProxy: "socks_version", 4
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-01]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-01]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-01]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-01]
CHR Extension: (Google-Suche) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-01]
CHR Extension: (AdRemoverrUuTubbe) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dibpjnjgdeendckdpigimgmolffmpoca [2014-06-01]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-01]
CHR HKCU\...\Chrome\Extension: [bcfjehbfanfhgoehogmbiebedkidedjb] - C:\Users\User\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [bcfjehbfanfhgoehogmbiebedkidedjb] - C:\Users\User\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx [2013-08-21]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
S2 ReimageRealTimeProtection; C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-06-19] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
S3 b57xdbd; system32\DRIVERS\b57xdbd.sys [X]
S3 b57xdmp; system32\DRIVERS\b57xdmp.sys [X]
S3 bScsiMSa; system32\DRIVERS\bScsiMSa.sys [X]
S3 bScsiSDa; system32\DRIVERS\bScsiSDa.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\User\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 RwDrv; \??\C:\Windows\SysWOW64\Drivers\RwDrv.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-01 16:38 - 2014-06-01 16:38 - 01327971 _____ () C:\Users\User\Downloads\adwcleaner_3.211.exe
2014-06-01 10:14 - 2014-06-01 10:14 - 00018840 _____ () C:\ComboFix.txt
2014-06-01 10:14 - 2014-06-01 10:14 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-01 10:14 - 2014-06-01 10:14 - 00000000 ____D () C:\Users\fbwuser\AppData\Local\temp
2014-06-01 10:14 - 2014-06-01 10:14 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-01 10:14 - 2014-06-01 10:14 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-01 10:14 - 2014-06-01 10:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-01 10:01 - 2014-06-01 10:14 - 00000000 ____D () C:\Qoobox
2014-06-01 10:01 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-01 10:01 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-01 10:01 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-01 10:01 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-01 10:01 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-01 10:01 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-01 10:01 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-01 10:01 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-01 10:00 - 2014-06-01 10:13 - 00000000 ____D () C:\Windows\erdnt
2014-06-01 10:00 - 2014-06-01 10:00 - 05203398 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-06-01 10:00 - 2014-06-01 10:00 - 05203398 _____ (Swearware) C:\Users\User\Downloads\ComboFix.exe
2014-05-31 17:29 - 2014-06-01 17:18 - 00000000 ____D () C:\Users\User\Desktop\FRST
2014-05-31 17:25 - 2014-06-01 17:17 - 00000000 ____D () C:\FRST
2014-05-31 17:25 - 2014-05-31 17:25 - 02066944 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-05-31 16:44 - 2014-05-31 16:44 - 00961360 _____ (Chip Digital GmbH) C:\Users\User\Downloads\AdwCleaner - CHIP-Installer.exe
2014-05-31 14:24 - 2014-05-31 14:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\IMVUClient
2014-05-31 14:22 - 2014-05-31 14:23 - 00079248 _____ () C:\Users\User\Downloads\InstallIMVU_502.0_st_c.exe
2014-05-30 15:43 - 2014-05-30 15:43 - 00379963 _____ () C:\Users\User\Downloads\Yakuza-Keybinder.rar
2014-05-30 08:35 - 2014-05-30 08:35 - 08388904 _____ () C:\Users\User\Downloads\[Hochladen.to Dateien - Files kostenlos hochladen]fonts.txd
2014-05-29 21:15 - 2014-05-29 21:15 - 00161351 _____ () C:\Users\User\Downloads\-ORIGINAL--SKINS.rar
2014-05-29 21:15 - 2014-05-29 21:15 - 00000000 ____D () C:\Users\User\Desktop\-ORIGINAL--SKINS
2014-05-28 16:43 - 2014-05-28 16:43 - 00000000 ____D () C:\ProgramData\CDB
2014-05-28 16:42 - 2014-05-28 16:48 - 00000000 ____D () C:\rei
2014-05-28 16:42 - 2014-05-28 16:43 - 00000163 _____ () C:\Windows\Reimage.ini
2014-05-28 16:42 - 2014-05-28 16:42 - 00821320 _____ (Reimage®) C:\Users\User\Downloads\ReimageRepair.exe
2014-05-28 16:42 - 2014-05-28 16:42 - 00821320 _____ (Reimage®) C:\Users\User\Downloads\ReimageRepair (1).exe
2014-05-28 16:42 - 2014-05-28 16:42 - 00000000 ____D () C:\Program Files\Reimage
2014-05-26 15:45 - 2014-05-26 15:46 - 06067280 _____ () C:\Users\User\Downloads\#swaqman (2).zip
2014-05-25 10:29 - 2014-05-25 10:29 - 00412626 _____ () C:\Users\User\Downloads\Freundesliste System.zip
2014-05-25 10:29 - 2014-05-25 10:29 - 00000000 ____D () C:\Users\User\Desktop\Freundesliste System
2014-05-24 20:56 - 2014-05-24 20:56 - 02250240 _____ () C:\Users\User\Downloads\SA-Keybinder.exe
2014-05-24 20:40 - 2014-05-24 20:41 - 03684312 _____ () C:\Users\User\Downloads\rgnlauncher0.9.6 (2).exe
2014-05-24 10:17 - 2014-05-24 10:17 - 01993005 _____ () C:\Users\User\Downloads\Bilder.rar
2014-05-23 21:41 - 2014-05-23 21:41 - 00008192 _____ () C:\Users\User\Downloads\Adlerauge.exe
2014-05-23 21:39 - 2014-05-23 21:39 - 00008192 _____ () C:\Users\User\Downloads\SAMP-NameTag-Hack.exe
2014-05-23 20:50 - 2014-05-23 20:50 - 01131529 _____ () C:\Users\User\Downloads\edits.rar
2014-05-22 16:30 - 2014-05-22 16:30 - 00028670 _____ () C:\Users\User\Downloads\peko-ist-geil.wav
2014-05-21 18:48 - 2014-05-21 18:48 - 26151954 _____ () C:\Users\User\Downloads\GENRL0 (2)
2014-05-21 18:24 - 2014-05-22 14:30 - 00000000 ____D () C:\Users\User\Documents\Overlay-Optionen
2014-05-21 18:24 - 2014-05-21 18:24 - 00860672 _____ () C:\Users\User\Downloads\Overlay_1.45.exe
2014-05-21 18:24 - 2014-05-21 18:24 - 00860672 _____ () C:\Users\User\Desktop\Overlay_1.45.exe
2014-05-21 18:13 - 2014-05-21 18:13 - 24913027 _____ () C:\Users\User\Downloads\PigMussy-Pack.rar
2014-05-21 17:38 - 2014-05-21 17:38 - 08353712 _____ () C:\Users\User\Downloads\Kenny wat is den los mit dir_.mp4
2014-05-18 19:29 - 2014-05-18 19:29 - 00004760 _____ () C:\Users\User\Downloads\Weapon.dat - default.ide v3.rar
2014-05-18 10:35 - 2014-05-18 10:35 - 06247465 _____ () C:\Users\User\Downloads\Lagg oder DDos_.mp4
2014-05-17 18:58 - 2014-05-17 18:58 - 06362224 _____ () C:\Users\User\Downloads\Felix_Diesel #Healhack.mp4
2014-05-17 18:37 - 2014-05-17 18:37 - 00000000 ____D () C:\Users\User\Desktop\Deaglepack (1)
2014-05-17 18:36 - 2014-05-17 18:37 - 05643950 _____ () C:\Users\User\Downloads\Deaglepack (1).rar
2014-05-17 16:50 - 2014-05-17 16:50 - 00001174 _____ () C:\Users\User\Desktop\TeamSpeak 3 Client.lnk
2014-05-17 16:50 - 2014-05-17 16:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-17 16:40 - 2014-05-17 16:40 - 00961360 _____ (Chip Digital GmbH) C:\Users\User\Downloads\TeamSpeak 3 64 Bit - CHIP-Downloader.exe
2014-05-17 16:39 - 2014-05-17 16:39 - 00961360 _____ (Chip Digital GmbH) C:\Users\User\Downloads\TeamSpeak 3 32 Bit - CHIP-Downloader.exe
2014-05-17 12:44 - 2014-05-17 12:44 - 00080476 _____ () C:\Users\User\Downloads\YakuZa-Skin-f--r-die-Tomate.rar
2014-05-17 12:21 - 2014-05-17 12:21 - 00768428 _____ () C:\Users\User\Downloads\1341069701_HDiconsSAbyZera.zip
2014-05-17 11:43 - 2014-05-17 11:43 - 08388904 _____ () C:\Users\User\Downloads\fonts (4).txd
2014-05-16 20:32 - 2014-05-16 20:32 - 05220703 _____ () C:\Users\User\Desktop\RPG CITY  TEAM  USER  PRESENTATION  !.webm
2014-05-16 14:21 - 2014-05-16 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-16 14:21 - 2014-05-16 14:21 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-05-13 19:55 - 2014-05-19 20:34 - 00000000 ____D () C:\Users\User\Desktop\frag
2014-05-13 19:43 - 2014-05-13 19:43 - 00839913 _____ () C:\Users\User\Downloads\Yakuza-Intro.mp4
2014-05-10 18:45 - 2014-05-10 18:45 - 19568865 _____ () C:\Users\User\Downloads\Fertige-GENRL.rar
2014-05-10 16:30 - 2014-05-12 20:09 - 00000000 ____D () C:\Users\User\Desktop\King
2014-05-10 16:28 - 2014-05-10 16:30 - 106494550 _____ () C:\Users\User\Downloads\King.zip
2014-05-10 15:37 - 2014-05-10 15:37 - 00000000 ____D () C:\Users\User\Desktop\selfmadeavi
2014-05-09 18:38 - 2014-05-09 18:38 - 05355643 _____ () C:\Users\User\Downloads\Khalife.zip
2014-05-09 16:46 - 2014-05-09 16:46 - 00000000 ____D () C:\Users\User\Desktop\-Gerami-HD-Modpack- (3)
2014-05-09 16:45 - 2014-05-09 16:45 - 00892557 _____ () C:\Users\User\Downloads\-Gerami-HD-Modpack- (3).rar
2014-05-08 18:42 - 2014-05-16 19:57 - 00000000 ____D () C:\Users\User\Desktop\Overlay-by-swiix (3)
2014-05-08 18:42 - 2014-05-08 18:42 - 00798872 _____ () C:\Users\User\Downloads\Overlay-by-swiix (3).rar
2014-05-08 16:57 - 2014-05-08 16:57 - 00124902 _____ () C:\Users\User\Downloads\Bonas Ghosts CC Looks.rar
2014-05-08 16:52 - 2014-05-08 16:52 - 13661550 _____ () C:\Users\User\Downloads\SoundPack by xDeso1337.rar
2014-05-08 14:44 - 2014-05-08 14:45 - 00000000 ____D () C:\Program Files\Virtual Audio Cable
2014-05-08 14:44 - 2014-05-08 14:44 - 00537138 _____ () C:\Users\User\Downloads\vac413.zip
2014-05-08 14:44 - 2014-05-08 14:44 - 00108960 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys
2014-05-08 14:44 - 2014-05-08 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2014-05-08 14:41 - 2014-05-08 14:43 - 00279379 _____ () C:\Users\User\Downloads\VirtualAudioCable409.zip
2014-05-08 14:40 - 2014-05-08 14:40 - 00629584 _____ (Chip Digital GmbH) C:\Users\User\Downloads\Virtual Audio Cable - CHIP-Downloader.exe
2014-05-08 14:37 - 2014-05-31 17:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\Winamp
2014-05-08 14:36 - 2014-05-08 14:36 - 12855384 _____ (Nullsoft, Inc.) C:\Users\User\Downloads\winamp5666_full_de-de_b3516.exe
2014-05-08 14:35 - 2014-05-08 14:35 - 00042311 _____ () C:\Users\User\Downloads\TS3MusicBot-plugin.rar
2014-05-07 19:47 - 2014-05-07 19:48 - 34014392 _____ (DVDVideoSoft Ltd. ) C:\Users\User\Downloads\FreeYouTubeToMP3Converter34430 (1).exe
2014-05-07 16:19 - 2014-05-07 16:19 - 00401185 _____ () C:\Users\User\Downloads\AutoHotkey111500_ansi.zip
2014-05-06 16:58 - 2014-05-06 16:58 - 03684312 _____ () C:\Users\User\Downloads\rgnlauncher0.9.6 (1).exe
2014-05-06 15:20 - 2014-05-06 15:20 - 00444998 _____ () C:\Users\User\Downloads\Allgemeiner Keybinder (2).zip
2014-05-06 14:40 - 2014-05-06 14:40 - 00352765 _____ () C:\Users\User\Downloads\Beep-Tones by SCProductions.rar
2014-05-05 20:02 - 2014-05-05 20:03 - 121715851 _____ () C:\Users\User\Downloads\Icons (4).rar
2014-05-04 17:06 - 2014-05-09 16:32 - 00000055 _____ () C:\Users\User\Desktop\---.txt
2014-05-04 14:30 - 2014-05-04 14:30 - 01430648 _____ () C:\Users\User\Downloads\Bilder-by-javiguiza.rar
2014-05-04 09:44 - 2014-05-04 09:44 - 22981524 _____ () C:\Users\User\Downloads\GTA SA Backup Skins 123Axell.rar
2014-05-04 09:27 - 2014-05-04 09:27 - 06067280 _____ () C:\Users\User\Downloads\#swaqman (1).zip
2014-05-03 16:29 - 2014-05-03 16:29 - 00378583 _____ () C:\Users\User\Downloads\Chromatic Editing 200 subs CC pack.rar
2014-05-03 10:37 - 2014-05-03 10:49 - 00000831 _____ () C:\Users\User\Desktop\FBI Bewerbunggespräch.txt
2014-05-02 11:20 - 2014-05-02 11:20 - 00286640 _____ () C:\Windows\Minidump\050214-22308-01.dmp

==================== One Month Modified Files and Folders =======

2014-06-01 17:18 - 2014-05-31 17:29 - 00000000 ____D () C:\Users\User\Desktop\FRST
2014-06-01 17:17 - 2014-05-31 17:25 - 00000000 ____D () C:\FRST
2014-06-01 17:17 - 2013-06-13 11:51 - 00000000 ____D () C:\Users\User\AppData\Local\Temp
2014-06-01 17:16 - 2013-06-14 15:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2014-06-01 17:16 - 2013-06-13 19:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-01 17:08 - 2013-06-13 12:49 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{148E43A9-7EF6-4727-974F-C29C4A3AB0B6}
2014-06-01 17:00 - 2013-08-11 19:37 - 00075487 _____ () C:\Windows\setupact.log
2014-06-01 17:00 - 2013-06-13 09:47 - 01051352 _____ () C:\Windows\WindowsUpdate.log
2014-06-01 16:59 - 2011-04-12 09:43 - 00709248 _____ () C:\Windows\system32\perfh007.dat
2014-06-01 16:59 - 2011-04-12 09:43 - 00154102 _____ () C:\Windows\system32\perfc007.dat
2014-06-01 16:59 - 2009-07-14 07:13 - 01647172 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-01 16:49 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-01 16:49 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-01 16:43 - 2014-04-11 17:32 - 00000000 ____D () C:\Users\User\AppData\Local\LogMeIn Hamachi
2014-06-01 16:43 - 2013-06-19 14:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\IMVU
2014-06-01 16:41 - 2014-04-12 16:22 - 00000000 ____D () C:\AdwCleaner
2014-06-01 16:41 - 2013-08-12 14:58 - 00191536 _____ () C:\Windows\PFRO.log
2014-06-01 16:41 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-01 16:38 - 2014-06-01 16:38 - 01327971 _____ () C:\Users\User\Downloads\adwcleaner_3.211.exe
2014-06-01 16:37 - 2013-06-13 19:22 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-01 16:10 - 2013-06-13 20:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-06-01 16:04 - 2013-12-30 13:52 - 00002356 _____ () C:\Windows\Sandboxie.ini
2014-06-01 10:14 - 2014-06-01 10:14 - 00018840 _____ () C:\ComboFix.txt
2014-06-01 10:14 - 2014-06-01 10:14 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-01 10:14 - 2014-06-01 10:14 - 00000000 ____D () C:\Users\fbwuser\AppData\Local\temp
2014-06-01 10:14 - 2014-06-01 10:14 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-01 10:14 - 2014-06-01 10:14 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-01 10:14 - 2014-06-01 10:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-01 10:14 - 2014-06-01 10:01 - 00000000 ____D () C:\Qoobox
2014-06-01 10:13 - 2014-06-01 10:00 - 00000000 ____D () C:\Windows\erdnt
2014-06-01 10:12 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-01 10:10 - 2013-07-05 08:50 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-01 10:00 - 2014-06-01 10:00 - 05203398 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-06-01 10:00 - 2014-06-01 10:00 - 05203398 _____ (Swearware) C:\Users\User\Downloads\ComboFix.exe
2014-06-01 09:59 - 2014-04-17 15:19 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-06-01 09:42 - 2013-12-22 12:50 - 00000000 ____D () C:\Users\User\Desktop\Sony Vegas
2014-05-31 17:25 - 2014-05-31 17:25 - 02066944 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-05-31 17:19 - 2014-05-08 14:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\Winamp
2014-05-31 17:19 - 2014-01-01 17:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-31 16:44 - 2014-05-31 16:44 - 00961360 _____ (Chip Digital GmbH) C:\Users\User\Downloads\AdwCleaner - CHIP-Installer.exe
2014-05-31 14:39 - 2013-06-13 11:51 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-31 14:24 - 2014-05-31 14:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\IMVUClient
2014-05-31 14:23 - 2014-05-31 14:22 - 00079248 _____ () C:\Users\User\Downloads\InstallIMVU_502.0_st_c.exe
2014-05-31 13:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-30 18:10 - 2013-11-30 12:44 - 00000000 ____D () C:\Users\User\Desktop\JBG2
2014-05-30 15:43 - 2014-05-30 15:43 - 00379963 _____ () C:\Users\User\Downloads\Yakuza-Keybinder.rar
2014-05-30 15:43 - 2013-11-02 12:39 - 00000020 _____ () C:\Users\User\AppData\Roaming\dx.ini
2014-05-30 08:35 - 2014-05-30 08:35 - 08388904 _____ () C:\Users\User\Downloads\[Hochladen.to Dateien - Files kostenlos hochladen]fonts.txd
2014-05-29 21:15 - 2014-05-29 21:15 - 00161351 _____ () C:\Users\User\Downloads\-ORIGINAL--SKINS.rar
2014-05-29 21:15 - 2014-05-29 21:15 - 00000000 ____D () C:\Users\User\Desktop\-ORIGINAL--SKINS
2014-05-29 18:08 - 2013-07-14 09:54 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-05-29 12:50 - 2013-08-11 19:41 - 00000000 ____D () C:\Users\User\Desktop\Alle SAMP Mods ?
2014-05-28 16:48 - 2014-05-28 16:42 - 00000000 ____D () C:\rei
2014-05-28 16:43 - 2014-05-28 16:43 - 00000000 ____D () C:\ProgramData\CDB
2014-05-28 16:43 - 2014-05-28 16:42 - 00000163 _____ () C:\Windows\Reimage.ini
2014-05-28 16:42 - 2014-05-28 16:42 - 00821320 _____ (Reimage®) C:\Users\User\Downloads\ReimageRepair.exe
2014-05-28 16:42 - 2014-05-28 16:42 - 00821320 _____ (Reimage®) C:\Users\User\Downloads\ReimageRepair (1).exe
2014-05-28 16:42 - 2014-05-28 16:42 - 00000000 ____D () C:\Program Files\Reimage
2014-05-26 15:46 - 2014-05-26 15:45 - 06067280 _____ () C:\Users\User\Downloads\#swaqman (2).zip
2014-05-25 10:29 - 2014-05-25 10:29 - 00412626 _____ () C:\Users\User\Downloads\Freundesliste System.zip
2014-05-25 10:29 - 2014-05-25 10:29 - 00000000 ____D () C:\Users\User\Desktop\Freundesliste System
2014-05-25 09:27 - 2014-03-25 20:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-25 09:27 - 2013-06-13 20:16 - 00000000 ____D () C:\ProgramData\Skype
2014-05-24 20:56 - 2014-05-24 20:56 - 02250240 _____ () C:\Users\User\Downloads\SA-Keybinder.exe
2014-05-24 20:41 - 2014-05-24 20:40 - 03684312 _____ () C:\Users\User\Downloads\rgnlauncher0.9.6 (2).exe
2014-05-24 10:17 - 2014-05-24 10:17 - 01993005 _____ () C:\Users\User\Downloads\Bilder.rar
2014-05-23 21:41 - 2014-05-23 21:41 - 00008192 _____ () C:\Users\User\Downloads\Adlerauge.exe
2014-05-23 21:39 - 2014-05-23 21:39 - 00008192 _____ () C:\Users\User\Downloads\SAMP-NameTag-Hack.exe
2014-05-23 20:50 - 2014-05-23 20:50 - 01131529 _____ () C:\Users\User\Downloads\edits.rar
2014-05-23 16:31 - 2013-08-08 17:01 - 00005120 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-22 16:30 - 2014-05-22 16:30 - 00028670 _____ () C:\Users\User\Downloads\peko-ist-geil.wav
2014-05-22 16:25 - 2014-03-16 15:08 - 00000000 ____D () C:\Users\User\Desktop\crashes
2014-05-22 14:30 - 2014-05-21 18:24 - 00000000 ____D () C:\Users\User\Documents\Overlay-Optionen
2014-05-22 14:22 - 2013-06-13 19:13 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-22 14:22 - 2013-06-13 19:13 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-21 19:32 - 2013-09-13 18:28 - 00000000 ____D () C:\Users\User\Desktop\SAMP Original Files
2014-05-21 18:48 - 2014-05-21 18:48 - 26151954 _____ () C:\Users\User\Downloads\GENRL0 (2)
2014-05-21 18:24 - 2014-05-21 18:24 - 00860672 _____ () C:\Users\User\Downloads\Overlay_1.45.exe
2014-05-21 18:24 - 2014-05-21 18:24 - 00860672 _____ () C:\Users\User\Desktop\Overlay_1.45.exe
2014-05-21 18:13 - 2014-05-21 18:13 - 24913027 _____ () C:\Users\User\Downloads\PigMussy-Pack.rar
2014-05-21 17:38 - 2014-05-21 17:38 - 08353712 _____ () C:\Users\User\Downloads\Kenny wat is den los mit dir_.mp4
2014-05-19 20:34 - 2014-05-13 19:55 - 00000000 ____D () C:\Users\User\Desktop\frag
2014-05-18 19:29 - 2014-05-18 19:29 - 00004760 _____ () C:\Users\User\Downloads\Weapon.dat - default.ide v3.rar
2014-05-18 10:35 - 2014-05-18 10:35 - 06247465 _____ () C:\Users\User\Downloads\Lagg oder DDos_.mp4
2014-05-17 18:58 - 2014-05-17 18:58 - 06362224 _____ () C:\Users\User\Downloads\Felix_Diesel #Healhack.mp4
2014-05-17 18:37 - 2014-05-17 18:37 - 00000000 ____D () C:\Users\User\Desktop\Deaglepack (1)
2014-05-17 18:37 - 2014-05-17 18:36 - 05643950 _____ () C:\Users\User\Downloads\Deaglepack (1).rar
2014-05-17 16:50 - 2014-05-17 16:50 - 00001174 _____ () C:\Users\User\Desktop\TeamSpeak 3 Client.lnk
2014-05-17 16:50 - 2014-05-17 16:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-17 16:50 - 2013-07-30 17:15 - 00000000 ____D () C:\Users\User\AppData\Local\TeamSpeak 3 Client
2014-05-17 16:40 - 2014-05-17 16:40 - 00961360 _____ (Chip Digital GmbH) C:\Users\User\Downloads\TeamSpeak 3 64 Bit - CHIP-Downloader.exe
2014-05-17 16:39 - 2014-05-17 16:39 - 00961360 _____ (Chip Digital GmbH) C:\Users\User\Downloads\TeamSpeak 3 32 Bit - CHIP-Downloader.exe
2014-05-17 12:44 - 2014-05-17 12:44 - 00080476 _____ () C:\Users\User\Downloads\YakuZa-Skin-f--r-die-Tomate.rar
2014-05-17 12:21 - 2014-05-17 12:21 - 00768428 _____ () C:\Users\User\Downloads\1341069701_HDiconsSAbyZera.zip
2014-05-17 11:43 - 2014-05-17 11:43 - 08388904 _____ () C:\Users\User\Downloads\fonts (4).txd
2014-05-17 11:09 - 2013-06-13 19:22 - 00001286 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-17 11:09 - 2013-06-13 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-17 11:09 - 2013-06-13 11:51 - 00000997 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-16 20:32 - 2014-05-16 20:32 - 05220703 _____ () C:\Users\User\Desktop\RPG CITY  TEAM  USER  PRESENTATION  !.webm
2014-05-16 19:57 - 2014-05-08 18:42 - 00000000 ____D () C:\Users\User\Desktop\Overlay-by-swiix (3)
2014-05-16 14:21 - 2014-05-16 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-16 14:21 - 2014-05-16 14:21 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-05-14 18:16 - 2013-06-13 19:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 18:16 - 2013-06-13 19:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 18:16 - 2013-06-13 19:22 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 19:43 - 2014-05-13 19:43 - 00839913 _____ () C:\Users\User\Downloads\Yakuza-Intro.mp4
2014-05-12 20:09 - 2014-05-10 16:30 - 00000000 ____D () C:\Users\User\Desktop\King
2014-05-10 18:45 - 2014-05-10 18:45 - 19568865 _____ () C:\Users\User\Downloads\Fertige-GENRL.rar
2014-05-10 16:30 - 2014-05-10 16:28 - 106494550 _____ () C:\Users\User\Downloads\King.zip
2014-05-10 15:37 - 2014-05-10 15:37 - 00000000 ____D () C:\Users\User\Desktop\selfmadeavi
2014-05-09 18:38 - 2014-05-09 18:38 - 05355643 _____ () C:\Users\User\Downloads\Khalife.zip
2014-05-09 16:46 - 2014-05-09 16:46 - 00000000 ____D () C:\Users\User\Desktop\-Gerami-HD-Modpack- (3)
2014-05-09 16:45 - 2014-05-09 16:45 - 00892557 _____ () C:\Users\User\Downloads\-Gerami-HD-Modpack- (3).rar
2014-05-09 16:32 - 2014-05-04 17:06 - 00000055 _____ () C:\Users\User\Desktop\---.txt
2014-05-08 18:42 - 2014-05-08 18:42 - 00798872 _____ () C:\Users\User\Downloads\Overlay-by-swiix (3).rar
2014-05-08 17:02 - 2014-01-01 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Bullet Looks
2014-05-08 16:57 - 2014-05-08 16:57 - 00124902 _____ () C:\Users\User\Downloads\Bonas Ghosts CC Looks.rar
2014-05-08 16:52 - 2014-05-08 16:52 - 13661550 _____ () C:\Users\User\Downloads\SoundPack by xDeso1337.rar
2014-05-08 14:45 - 2014-05-08 14:44 - 00000000 ____D () C:\Program Files\Virtual Audio Cable
2014-05-08 14:44 - 2014-05-08 14:44 - 00537138 _____ () C:\Users\User\Downloads\vac413.zip
2014-05-08 14:44 - 2014-05-08 14:44 - 00108960 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys
2014-05-08 14:44 - 2014-05-08 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2014-05-08 14:43 - 2014-05-08 14:41 - 00279379 _____ () C:\Users\User\Downloads\VirtualAudioCable409.zip
2014-05-08 14:40 - 2014-05-08 14:40 - 00629584 _____ (Chip Digital GmbH) C:\Users\User\Downloads\Virtual Audio Cable - CHIP-Downloader.exe
2014-05-08 14:37 - 2014-01-13 17:57 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-05-08 14:36 - 2014-05-08 14:36 - 12855384 _____ (Nullsoft, Inc.) C:\Users\User\Downloads\winamp5666_full_de-de_b3516.exe
2014-05-08 14:35 - 2014-05-08 14:35 - 00042311 _____ () C:\Users\User\Downloads\TS3MusicBot-plugin.rar
2014-05-07 19:49 - 2013-08-25 19:28 - 00001540 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-05-07 19:49 - 2013-07-07 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-07 19:49 - 2013-07-07 20:21 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-05-07 19:48 - 2014-05-07 19:47 - 34014392 _____ (DVDVideoSoft Ltd. ) C:\Users\User\Downloads\FreeYouTubeToMP3Converter34430 (1).exe
2014-05-07 19:48 - 2013-07-07 20:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\DVDVideoSoft
2014-05-07 16:19 - 2014-05-07 16:19 - 00401185 _____ () C:\Users\User\Downloads\AutoHotkey111500_ansi.zip
2014-05-06 16:58 - 2014-05-06 16:58 - 03684312 _____ () C:\Users\User\Downloads\rgnlauncher0.9.6 (1).exe
2014-05-06 15:20 - 2014-05-06 15:20 - 00444998 _____ () C:\Users\User\Downloads\Allgemeiner Keybinder (2).zip
2014-05-06 14:40 - 2014-05-06 14:40 - 00352765 _____ () C:\Users\User\Downloads\Beep-Tones by SCProductions.rar
2014-05-05 20:03 - 2014-05-05 20:02 - 121715851 _____ () C:\Users\User\Downloads\Icons (4).rar
2014-05-04 14:30 - 2014-05-04 14:30 - 01430648 _____ () C:\Users\User\Downloads\Bilder-by-javiguiza.rar
2014-05-04 09:44 - 2014-05-04 09:44 - 22981524 _____ () C:\Users\User\Downloads\GTA SA Backup Skins 123Axell.rar
2014-05-04 09:27 - 2014-05-04 09:27 - 06067280 _____ () C:\Users\User\Downloads\#swaqman (1).zip
2014-05-03 16:29 - 2014-05-03 16:29 - 00378583 _____ () C:\Users\User\Downloads\Chromatic Editing 200 subs CC pack.rar
2014-05-03 10:49 - 2014-05-03 10:37 - 00000831 _____ () C:\Users\User\Desktop\FBI Bewerbunggespräch.txt
2014-05-02 11:20 - 2014-05-02 11:20 - 00286640 _____ () C:\Windows\Minidump\050214-22308-01.dmp
2014-05-02 11:20 - 2014-04-12 10:21 - 316477296 _____ () C:\Windows\MEMORY.DMP
2014-05-02 11:20 - 2013-06-15 20:52 - 00000000 ____D () C:\Windows\Minidump
2014-05-02 11:20 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\Users\User\AppData\Roaming\dx.ini


Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-31 19:20

==================== End Of Log ============================

--- --- ---

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by User on 01.06.2014 at 20:03:03,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3701525457-4283376491-4006895372-1000\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{CE4059F7-0C8F-4371-9169-877F92F1DB0A}



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.06.2014 at 20:10:00,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

mbam

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 01.06.2014
Suchlauf-Zeit: 17:28:27
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.01.05
Rootkit Datenbank: v2014.05.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: User

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 338072
Verstrichene Zeit: 35 Min, 56 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 4
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [85c423500774d5618ad18440db28c13f], 
PUP.Optional.PutLockerDownloader.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\APPDATALOW\SOFTWARE\PutLocker-Downloader V9.0, Löschen bei Neustart, [cd7cf77c6f0c91a5ccbce3c3bf43cd33], 
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\WNLT, Löschen bei Neustart, [ed5c680b9ae12214a3e18b3f778cbf41], 
Backdoor.Trace, HKU\S-1-5-21-3701525457-4283376491-4006895372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\CYBER, Löschen bei Neustart, [d178522186f51f1784b493e36e95f60a], 

Registrierungswerte: 3
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {D94847BA-6138-49A5-A652-279C74184F10}, In Quarantäne, [85c423500774d5618ad18440db28c13f]
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\WNLT|URL, SIM, Löschen bei Neustart, [ed5c680b9ae12214a3e18b3f778cbf41]
Backdoor.Trace, HKU\S-1-5-21-3701525457-4283376491-4006895372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\CYBER|FirstExecution, 29/06/2013 -- 19:21, Löschen bei Neustart, [d178522186f51f1784b493e36e95f60a]

Registrierungsdaten: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[e168571caccfff3757131f414eb63fc1]

Ordner: 0
(No malicious items detected)

Dateien: 39
PUP.Optional.MultiPlug.A, C:\ProgramData\AdRemoverrUuTubbe\sV.dll, In Quarantäne, [f455274cf08b0c2aeaa9ae9d659cb54b], 
PUP.Optional.MultiPlug.A, C:\ProgramData\AdRemoverrUuTubbe\sV.exe, In Quarantäne, [7ccd33404437f046474ccf7cea1733cd], 
PUP.Optional.Somoto, C:\Users\User\Downloads\SumatraPDFSetup-1Qzshwu.exe, In Quarantäne, [ec5d60132e4def47752da9da6b996799], 
Trojan.AimBot, C:\Users\User\Downloads\SAMP Aimbot (1).zip, In Quarantäne, [f7528ae981fa57dfe9c5b93b40c31ee2], 
Hacktool.Agent, C:\Users\User\Downloads\w7.loader.v1.9.6-DAZ.rar, In Quarantäne, [e1683d363c3fea4c53d6db707c85aa56], 
PUP.Optional.Conduit.A, C:\Users\User\Downloads\IMVU (1).exe, In Quarantäne, [89c04330c3b8b5813396a1aaeb161ee2], 
PUP.Optional.Conduit.A, C:\Users\User\Downloads\IMVU (2).exe, In Quarantäne, [8ebb6a096d0e3006c306321947ba58a8], 
PUP.Optional.Conduit.A, C:\Users\User\Downloads\IMVU.exe, In Quarantäne, [72d788eb126946f059706edd34cdf60a], 
PUP.Optional.Softonic, C:\Users\User\Downloads\SoftonicDownloader_fuer_cyberlink-powerdirector.exe, In Quarantäne, [5ced43305625a29448bf5bab7190857b], 
PUP.Optional.Softonic, C:\Users\User\Downloads\SoftonicDownloader_fuer_imvu.exe, In Quarantäne, [d6732f44601bb97deb1c49bd5ba67090], 
PUP.Optional.Softonic, C:\Users\User\Downloads\SoftonicDownloader_fuer_logitech-hd-webcam-software.exe, In Quarantäne, [05444d269ae164d261a6679f9c653dc3], 
PUP.Optional.Softonic, C:\Users\User\Downloads\SoftonicDownloader_fuer_photo-booth-fur-windows-7.exe, In Quarantäne, [d6737cf7bac1270f80870006d62b59a7], 
PUP.Optional.Softonic, C:\Users\User\Downloads\SoftonicDownloader_fuer_simple-webcam-capture.exe, In Quarantäne, [3a0fe093a2d90c2a4cbb1ee8639e3dc3], 
PUP.Optional.Softonic, C:\Users\User\Downloads\SoftonicDownloader_fuer_webcammax.exe, In Quarantäne, [77d2a4cf9dde2a0c887f5fa7d42dc739], 
PUP.Optional.Softonic, C:\Users\User\Downloads\SoftonicDownloader_fuer_windows-live-movie-maker.exe, In Quarantäne, [7acf195a2f4cfb3bc64126e0ea171ce4], 
PUP.Optional.SweetIM, C:\Users\User\Downloads\AngryBirdsStarWarsSetup.exe, In Quarantäne, [3019185b90ebdd598c6f62218a7a8878], 
Adware.InstallBrain, C:\Users\User\Downloads\CodecPerformerSetup.exe, In Quarantäne, [8bbeb6bded8eba7c3ee329e012efd52b], 
PUP.BundleInstaller.DW, C:\Users\User\Downloads\codec_pack_659889_ch.exe, In Quarantäne, [b29742315f1c6bcb9e4fce37b150b64a], 
PUP.Optional.4Shared, C:\Users\User\Downloads\Mod Pack Skins Yakuza V1.0.exe, In Quarantäne, [d8716c07007b3df9a5b854ca10f004fc], 
PUP.Optional.InstalleRex, C:\Users\User\Downloads\GTA_SA_SNOW_MOD_samp.rar.exe, In Quarantäne, [84c5413257240135252046e7cc357c84], 
PUP.Optional.4Shared, C:\Users\User\Downloads\teknogods.modern.warfare.3.mod.2.7.0.1.exe, In Quarantäne, [6cdd77fcd2a90333e7769688fc04dd23], 
PUP.Optional.InstalleRex, C:\Users\User\Downloads\SkypEmoticons.exe, In Quarantäne, [bc8d4a2987f4ba7cba38232657aa02fe], 
PUP.Optional.4Shared, C:\Users\User\Downloads\Backup Radar gta sa.exe, In Quarantäne, [c38690e396e5d85e85d869b5b05005fb], 
PUP.Optional.OpenCandy, C:\Users\User\Downloads\PhotoScape_V3.6.3.exe, In Quarantäne, [9baedb980972201684e6aed644c0827e], 
PUP.Optional.OneClickDownloader.A, C:\Users\User\Downloads\Deagle_(101).wav.exe, In Quarantäne, [f3561360b5c6f2446cee7d96e71aa45c], 
PUP.Optional.InstallMonetizer, C:\Users\User\Downloads\Demo AWP WALLBANG Minute 13.rar.exe, In Quarantäne, [1b2e12614b303006f196feeebf447090], 
PUP.Optional.Somoto, C:\Users\User\Downloads\FLVPlayerSetup-cuYIq75.exe, In Quarantäne, [df6a155e6b1046f0208298eb51b34cb4], 
PUP.Optional.Somoto, C:\Users\User\Downloads\FLVPlayerSetup-e17i8pa.exe, In Quarantäne, [3b0e4132681376c0831fa6dddf25dd23], 
PUP.Optional.Installrex, C:\Users\User\Downloads\download.dll-files.com_bc8e5c4â?¦2a0b3_zlib.zip_0WLiXAbDgR.exe, In Quarantäne, [7dcc0172b9c2ed49d44790dcbb467888], 
PUP.Optional.Softonic, C:\Users\User\Downloads\SoftonicDownloader_for_camtasia-studio.exe, In Quarantäne, [44053a39a4d7df57b65135d1ef126e92], 
PUP.Optional.FreeNew.A, C:\Users\User\Downloads\Razer_Game_Booster_downloader.exe, In Quarantäne, [ed5ca3d044372d0993b9130168999d63], 
Trojan.MSIL, C:\Users\User\Downloads\InstallIW4M (1).exe, In Quarantäne, [2524571c413ae353c777be8e857ce51b], 
Trojan.MSIL, C:\Users\User\Downloads\InstallIW4M (2).exe, In Quarantäne, [15343b3885f6340268d63c1002fff010], 
Trojan.MSIL, C:\Users\User\Downloads\InstallIW4M.exe, In Quarantäne, [123743302e4da98d5fdfda72d928946c], 
PUP.Optional.4Shared, C:\Users\User\Downloads\Anti Cheat 1.0 + Samp Fix.exe, In Quarantäne, [95b43c370f6c58def568f12d7f81f60a], 
PUP.Optional.4Shared, C:\Users\User\Downloads\anticrash para samp 0.3x by alexisflow99 (1).exe, In Quarantäne, [51f82b48a1da0135ed70d14df30d24dc], 
PUP.Optional.4Shared, C:\Users\User\Downloads\anticrash para samp 0.3x by alexisflow99.exe, In Quarantäne, [91b86013f586ca6c6bf2f925b34d13ed], 
PUP.Optional.Superfish.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Löschen bei Neustart, [77d29ed5d0abee48e998088cc43ecd33], 
PUP.Optional.Superfish.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [232682f1413abc7ad4ad583c27db639d], 

Physische Sektoren: 0
(No malicious items detected)


(end)

zoek

Code:

ATTFilter

restore;|C_Users_User_AppData_Roaming_Mozilla_Firefox_Profiles_lpqe0v84.default_prefs__2023_.backup.vir|C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lpqe0v84.default\prefs.js
restore;|C_Users_User_AppData_LocalLow_{06FDA2D6-CAC1-BBDD-91AA-E81B907A5B1F}|C:\Users\User\AppData\LocalLow\{06FDA2D6-CAC1-BBDD-91AA-E81B907A5B1F}
restore;|C_Users_User_AppData_Local_Packages_windows_ie_ac_001_AC_{06FDA2D6-CAC1-BBDD-91AA-E81B907A5B1F}|C:\Users\User\AppData\Local\Packages\windows_ie_ac_001\AC\{06FDA2D6-CAC1-BBDD-91AA-E81B907A5B1F}
restore;|C_Windows_SysNative_config_systemprofile_AppData_Local_Packages_windows_ie_ac_001_AC_{AE08F98E-6780-75B3-08D9-D3E8AFD77FA2}|C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{AE08F98E-6780-75B3-08D9-D3E8AFD77FA2}
restore;|C_PROGRA~3_dibpjnjgdeendckdpigimgmolffmpoca|C:\PROGRA~3\dibpjnjgdeendckdpigimgmolffmpoca
restore;|C_PROGRA~3_2cbc95e7a1741a2b|C:\PROGRA~3\2cbc95e7a1741a2b
restore;|C_PROGRA~3_AdRemoverrUuTubbe|C:\PROGRA~3\AdRemoverrUuTubbe
restore;|C_PROGRA~2_ss Supporter|C:\PROGRA~2\ss Supporter
restore;|C_PROGRA~2_COMMON~1_DVDVideoSoft_bin|C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin
restore;|C_Program Files_Reimage|C:\Program Files\Reimage
restore;|C_PROGRA~3_InstallMate|C:\PROGRA~3\InstallMate
restore;|C_Users_User_AppData_Local_CRE|C:\Users\User\AppData\Local\CRE
restore;|C_Windows_SysWow64_searchplugins|C:\Windows\SysWow64\searchplugins
restore;|C_Windows_SysWow64_Extensions|C:\Windows\SysWow64\Extensions
restore;|C_Users_User_AppData_Local_{E6295A46-0AEE-400A-88D4-0A845D4AFD2B}.vir|C:\Users\User\AppData\Local\{E6295A46-0AEE-400A-88D4-0A845D4AFD2B}
restore;|C_Users_User_AppData_Roaming_started2.vir|C:\Users\User\AppData\Roaming\started2
restore;|C_Users_User_AppData_Roaming_dx.ini.vir|C:\Users\User\AppData\Roaming\dx.ini
restore;|C_Users_User_AppData_Roaming_prefs.js.vir|C:\Users\User\AppData\Roaming\prefs.js
restore;|C_Users_User_AppData_Local_BIT3C44.tmp.vir|C:\Users\User\AppData\Local\BIT3C44.tmp
restore;|C_Users_User_Downloads_FreeYouTubeToMP3Converter (1).exe.vir|C:\Users\User\Downloads\FreeYouTubeToMP3Converter (1).exe
restore;|C_Users_User_Downloads_FreeYouTubeToMP3Converter (2).exe.vir|C:\Users\User\Downloads\FreeYouTubeToMP3Converter (2).exe
restore;|C_Users_User_Downloads_FreeYouTubeToMP3Converter (3).exe.vir|C:\Users\User\Downloads\FreeYouTubeToMP3Converter (3).exe
restore;|C_Users_User_Downloads_FreeYouTubeToMP3Converter (4).exe.vir|C:\Users\User\Downloads\FreeYouTubeToMP3Converter (4).exe
restore;|C_Users_User_Downloads_FreeYouTubeToMP3Converter.exe.vir|C:\Users\User\Downloads\FreeYouTubeToMP3Converter.exe
restore;|C_Users_User_Downloads_FreeYouTubeToMP3Converter34430 (1).exe.vir|C:\Users\User\Downloads\FreeYouTubeToMP3Converter34430 (1).exe
restore;|C_Users_User_Downloads_FreeYouTubeToMP3Converter5628.exe.vir|C:\Users\User\Downloads\FreeYouTubeToMP3Converter5628.exe
restore;|C_Users_User_Downloads_FreeYouTubeToMP3Converter_3.12.32.327.exe.vir|C:\Users\User\Downloads\FreeYouTubeToMP3Converter_3.12.32.327.exe
restore;|C_Windows_Reimage.ini.vir|C:\Windows\Reimage.ini
restore;|C_Users_User_AppData_Roaming_install_flashplayer11x32_mssd_aih.exe.vir|C:\Users\User\AppData\Roaming\install_flashplayer11x32_mssd_aih.exe
restore;|C_Users_User_AppData_Local_Google_Chrome_User Data_Default_Extensions_dibpjnjgdeendckdpigimgmolffmpoca|C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dibpjnjgdeendckdpigimgmolffmpoca
restore;|C_Users_User_AppData_Local_Google_Chrome_User Data_Default_Extensions_dibpjnjgdeendckdpigimgmolffmpoca|C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dibpjnjgdeendckdpigimgmolffmpoca
restore;|C_Users_User_AppData_Local_Google_Chrome_User Data_Default_Local Storage_chrome-extension_dibpjnjgdeendckdpigimgmolffmpoca_0.localstorage.vir|C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dibpjnjgdeendckdpigimgmolffmpoca_0.localstorage
restore;|C_Users_User_AppData_Local_Google_Chrome_User Data_Default_Local Storage_chrome-extension_dibpjnjgdeendckdpigimgmolffmpoca_0.localstorage-journal.vir|C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dibpjnjgdeendckdpigimgmolffmpoca_0.localstorage-journal
restore;|C_Users_User_AppData_Local_Google_Chrome_User Data_Default_Local Storage_chrome-extension_dibpjnjgdeendckdpigimgmolffmpoca_0.localstorage.vir|C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dibpjnjgdeendckdpigimgmolffmpoca_0.localstorage
restore;|C_Users_User_AppData_Local_Google_Chrome_User Data_Default_Local Storage_chrome-extension_dibpjnjgdeendckdpigimgmolffmpoca_0.localstorage-journal.vir|C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dibpjnjgdeendckdpigimgmolffmpoca_0.localstorage-journal

M-K-D-B · 02.06.2014, 18:44

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR Extension: (AdRemoverrUuTubbe) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dibpjnjgdeendckdpigimgmolffmpoca [2014-06-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\...\Chrome\Extension: [bcfjehbfanfhgoehogmbiebedkidedjb] - C:\Users\User\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [bcfjehbfanfhgoehogmbiebedkidedjb] - C:\Users\User\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx [2013-08-21]
S2 ReimageRealTimeProtection; C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe [X]
C:\Users\User\AppData\Roaming\dx.ini
Task: {0D3010E0-AE40-44C9-89E5-1C0DDA7E7B51} - \MySearchDial No Task File <==== ATTENTION
Task: {59179B25-AD1A-433F-8827-CD2A0CEF9141} - \BrowserDefendert No Task File <==== ATTENTION
Task: {97169AD0-9ACE-4C1D-B309-8FC96B68727E} - \Dealply No Task File <==== ATTENTION
Task: {F124AA82-88EA-46D2-8DA3-C208AE268264} - \pricemeterdownloader No Task File <==== ATTENTION
C:\ProgramData\AdRemoverrUuTubbe
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:regfind
AdRemoverrUuTubbe
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von FRST,
die Logdatei von SystemLook,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

M-K-D-B · 05.06.2014, 15:55

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

05.06.2014, 15:55	#13
M-K-D-B /// TB-Ausbilder	Ads by OnlineBrowserAdvertising entfernen? Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

Ads by OnlineBrowserAdvertising entfernen?

Plagegeister aller Art und deren Bekämpfung: Ads by OnlineBrowserAdvertising entfernen?