|
Plagegeister aller Art und deren Bekämpfung: Nervige Popupwerbung im Browser, Steam etc.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.03.2015, 21:34 | #1 |
| Nervige Popupwerbung im Browser, Steam etc. Guden Tach ! Seit 3 Tagen bekomme ich ständig irgendwelche Popup Fenster im Browser, Steam etc. Die Popups sind meistens auf Russisch oder so... habe schon hier im Forum gesucht und die Seite "adultcameras.info" scheint bei manchen im Umlauf zu sein. Habe schon etliche Lösungsvorschläge durchgeführt (ADWCleaner, Wiederherstellung. sämtliche Antiviren Scanner drüberlaufen lassen aber alles keine Wirkung. Ich denke die Popups werden durch irgendein Java-Script aufgerufen falls das bei der Bearbeitung vllt. hilft Ich hoffe, ihr könnt mir helfen Vielen Dank im Voraus, Drasurc |
17.03.2015, 23:17 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | Nervige Popupwerbung im Browser, Steam etc.Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweis: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst. Los geht's: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
18.03.2015, 16:43 | #3 |
| Nervige Popupwerbung im Browser, Steam etc. Erstmal DANKE für die schnelle Antowort Jürgen !
__________________Habe FRST durchlaufen lassen. FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Peter (administrator) on PETER-PC on 18-03-2015 16:39:55 Running from C:\Users\Peter\Desktop Loaded Profiles: Peter (Available profiles: Peter) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files (x86)\RocketDock\RocketDock.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe () C:\Program Files (x86)\puush\puush.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-05-02] () HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\Run: [Spybot-S&D Cleaning] => D:\Programme\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.) HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\MountPoints2: {8e8a9428-e7d6-11e2-a6b7-9962696beedf} - F:\pushinst.exe HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\MountPoints2: {9b679813-d1d6-11e2-a9f3-b4acd1d2e3db} - H:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\MountPoints2: {cc656008-f84a-11e2-b371-ef19b39dfaa7} - F:\setup.exe HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\MountPoints2: {fb03321c-cebc-11e2-86ba-8816c3223ed8} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-14] (Microsoft Corporation) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () ShellIconOverlayIdentifiers: [WebDrive] -> {37D70BD3-073C-4180-ADD9-C032EA5A7204} => C:\Windows\system32\wdShellExt.dll (South River Technologies, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\..\Interfaces\{1B1F3298-A30A-49DB-AC15-6FF50F039D4D}: [NameServer] 8.8.8.8 FireFox: ======== FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\78zcl8l0.default FF NewTab: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] () FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-06-11] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Mozilla Plugins\npitunes.dll No File FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2013-11-21] (EA Digital Illusions CE AB) FF Plugin-x32: @idsoftware.com/QuakeLive -> C:\ProgramData\id Software\QuakeLive\npquakezero.dll [2012-02-14] (id Software Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Peter\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-03-30] (Raidcall) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3058922360-1817362732-2215544763-1000: @screenleap.com/ScreenleapPlugin,version=1.1 -> C:\Users\Peter\AppData\Local\Screenleap\npscreenleap1.1.dll [2014-11-27] (ScreenLeap, Inc.) FF Plugin HKU\S-1-5-21-3058922360-1817362732-2215544763-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3058922360-1817362732-2215544763-1000: electronicarts.com/GameFacePlugin -> C:\Users\Peter\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts) Chrome: ======= CHR StartupUrls: Default -> "hxxp://google.de/" CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-20] CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-20] CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-20] CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-20] CHR Extension: (Adblock Plus) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-24] CHR Extension: (Google Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-20] CHR Extension: (Google Sheets) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-20] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Google Wallet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27] CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-20] CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Peter\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2012-04-19] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed] S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-01] () [File not signed] R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5278064 2014-09-09] (Binary Fortress Software) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174624 2015-01-30] (EasyAntiCheat Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-02-16] (LogMeIn, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation) S4 OpenVPNService; D:\Programme\vpn\OpenVPN\bin\openvpnserv.exe [32568 2014-06-05] (The OpenVPN Project) S3 Origin Client Service; D:\Programme\Origin\OriginClientService.exe [1910640 2015-03-07] (Electronic Arts) S4 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-30] () S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed] S4 WebDriveService; C:\Program Files\WebDrive\wdService.exe [4773592 2013-08-22] (South River Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S4 BRSptSvc; "C:\ProgramData\BitRaider\BRSptSvc.exe" [X] S4 HiPatchService; D:\Spiele\smite\HiPatchService.exe [X] S4 NetBalancerService; "C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe" [X] S4 nlsvc; D:\Programme\NetLimiter\NLSvc.exe [X] S2 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-04] (AVM Berlin) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-29] (DT Soft Ltd) S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH) R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc.) R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation) R1 nbdrv; C:\Windows\System32\DRIVERS\nbdrv.sys [41392 2013-11-25] (SeriousBit) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-06-25] (SteelSeries Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-05-19] (Duplex Secure Ltd.) S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-05-09] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-05-09] (Acronis International GmbH) S3 V0770Vid; C:\Windows\System32\DRIVERS\V0770Vid.sys [379776 2012-06-01] (Creative Technology Ltd.) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-05-09] (Acronis International GmbH) R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31824 2013-10-18] (VMware, Inc.) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) R2 WebDriveFSD; C:\Program Files\WebDrive\wdfsd.sys [89816 2013-08-22] () U3 aq17ur1s; C:\Windows\System32\Drivers\aq17ur1s.sys [0 ] (NVIDIA Corporation) <==== ATTENTION (zero size file/folder) U3 av7w3y1l; No ImagePath S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X] S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X] S2 nldrv; \??\D:\Programme\NetLimiter\nldrv.sys [X] S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-18 16:39 - 2015-03-18 16:40 - 00019595 _____ () C:\Users\Peter\Desktop\FRST.txt 2015-03-18 16:39 - 2015-03-18 16:39 - 02095616 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe 2015-03-17 21:24 - 2015-03-18 16:39 - 00000000 ____D () C:\FRST 2015-03-12 15:09 - 2015-03-12 15:09 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-03-12 14:57 - 2015-03-12 14:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-12 14:57 - 2015-03-12 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-12 14:57 - 2015-03-12 14:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-12 14:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-12 14:57 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-12 14:57 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-07 19:02 - 2015-03-07 19:03 - 00000000 ____D () C:\Users\Peter\AppData\Local\Origin 2015-03-07 19:02 - 2015-03-07 19:02 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Origin 2015-03-07 17:49 - 2015-03-07 17:49 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\WinRAR 2015-03-07 17:42 - 2015-03-07 17:42 - 00000000 ____D () C:\Users\Public\Documents\Tunngle 2015-03-07 17:42 - 2015-03-07 17:42 - 00000000 ____D () C:\ProgramData\Tunngle 2015-03-07 17:42 - 2015-03-07 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle 2015-03-07 17:40 - 2015-03-07 17:40 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat 2015-03-07 15:37 - 2015-03-07 15:37 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\NVIDIA 2015-03-07 15:34 - 2015-03-07 15:34 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\java 2015-02-24 19:15 - 2015-02-24 19:15 - 00000000 ____D () C:\Users\Peter\AppData\Local\Macromedia 2015-02-24 19:13 - 2015-02-24 19:16 - 00000000 ____D () C:\Users\Peter\AppData\Local\CrashDumps 2015-02-24 19:06 - 2015-02-24 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-02-24 19:06 - 2015-02-24 19:06 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2015-02-24 18:34 - 2015-02-24 18:35 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\A Bird Story 2015-02-23 20:27 - 2015-02-23 20:27 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2015-02-23 20:22 - 2015-02-24 19:05 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-02-23 20:22 - 2015-02-23 20:22 - 00000000 ____D () C:\Program Files\HitmanPro 2015-02-23 20:16 - 2015-02-23 20:16 - 00000000 ____D () C:\Users\Peter\AppData\Local\Adobe 2015-02-23 20:09 - 2015-02-23 20:09 - 00114688 _____ () C:\Users\Peter\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-23 20:09 - 2015-02-23 20:09 - 00000000 ____D () C:\Users\Peter\AppData\Local\Deployment 2015-02-23 18:21 - 2015-02-23 18:21 - 00000000 _____ () C:\autoexec.bat 2015-02-22 16:50 - 2015-02-22 16:50 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\LolClient 2015-02-22 16:12 - 2015-02-22 16:12 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\SteelSeries 2015-02-22 16:12 - 2015-02-22 16:12 - 00000000 ____D () C:\Users\Peter\AppData\Local\VirtualStore 2015-02-21 17:11 - 2015-02-21 17:11 - 00000000 ____D () C:\Users\Peter\AppData\Local\Steam 2015-02-21 14:48 - 2015-02-21 14:48 - 00000000 ____D () C:\Users\Peter\AppData\Local\Mozilla 2015-02-21 13:18 - 2015-02-21 13:18 - 00000000 ____D () C:\Users\Peter\AppData\Local\DisplayFusion 2015-02-21 13:13 - 2015-02-21 13:13 - 00000000 ____D () C:\Users\Peter\AppData\Local\LogMeIn 2015-02-20 18:39 - 2015-02-20 18:39 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2015-02-20 18:38 - 2015-02-24 19:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-18 16:40 - 2013-05-07 18:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-18 16:37 - 2013-05-07 17:49 - 02070114 _____ () C:\Windows\WindowsUpdate.log 2015-03-18 16:34 - 2015-01-28 17:15 - 00019260 _____ () C:\Windows\setupact.log 2015-03-18 16:34 - 2014-01-13 22:00 - 00000000 ____D () C:\Users\Peter\AppData\Local\LogMeIn Hamachi 2015-03-18 16:33 - 2014-04-01 17:17 - 00000000 ____D () C:\ProgramData\VMware 2015-03-18 16:33 - 2013-05-07 18:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-18 16:33 - 2013-05-07 18:17 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-18 16:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-17 22:36 - 2014-01-29 18:43 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\TS3Client 2015-03-17 22:18 - 2013-10-10 16:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-17 18:34 - 2009-07-14 05:45 - 00014944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-17 18:34 - 2009-07-14 05:45 - 00014944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-17 18:33 - 2009-07-14 18:58 - 00702138 _____ () C:\Windows\system32\perfh007.dat 2015-03-17 18:33 - 2009-07-14 18:58 - 00150804 _____ () C:\Windows\system32\perfc007.dat 2015-03-17 18:33 - 2009-07-14 06:13 - 01628890 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-16 18:30 - 2014-12-29 18:05 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\.minecraft 2015-03-15 17:59 - 2013-07-23 17:24 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\vlc 2015-03-13 17:45 - 2015-02-06 07:49 - 00049288 _____ () C:\Windows\PFRO.log 2015-03-07 21:03 - 2013-08-18 15:32 - 00000000 ____D () C:\ProgramData\Origin 2015-03-07 19:12 - 2013-10-12 15:00 - 00000000 ____D () C:\Users\Peter\Documents\FIFA 14 2015-03-07 17:42 - 2013-07-12 19:38 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Tunngle 2015-03-07 15:44 - 2013-10-21 13:59 - 00000000 ____D () C:\ProgramData\Oracle 2015-03-07 15:44 - 2013-07-11 16:29 - 00000000 ____D () C:\Program Files (x86)\Java 2015-03-07 15:44 - 2013-05-07 21:12 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-03-07 15:44 - 2013-05-07 21:12 - 00000000 ____D () C:\Program Files\Java 2015-03-07 15:43 - 2014-06-04 16:11 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-03-03 14:17 - 2013-05-10 16:14 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-03-02 20:24 - 2013-05-07 17:49 - 00000000 ____D () C:\Users\Peter 2015-02-28 19:00 - 2013-08-10 13:04 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Skype 2015-02-24 19:16 - 2013-05-07 18:24 - 00000000 ____D () C:\Users\Peter\AppData\Local\Google 2015-02-24 19:15 - 2013-11-17 18:39 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Mozilla 2015-02-24 19:06 - 2015-01-29 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2015-02-24 19:06 - 2015-01-27 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette 2015-02-24 19:06 - 2013-05-22 17:50 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Spotify 2015-02-24 19:05 - 2015-02-07 17:02 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Sony 2015-02-24 19:05 - 2015-02-07 17:02 - 00000000 ____D () C:\Users\Peter\AppData\Local\Sony 2015-02-24 19:05 - 2015-02-05 21:25 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Locktime Software 2015-02-24 19:05 - 2015-02-05 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLimiter 4 2015-02-24 19:05 - 2015-02-05 17:04 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Anvsoft 2015-02-24 19:05 - 2015-01-28 17:49 - 00000000 ____D () C:\Users\Public\Documents\MAGIX 2015-02-24 19:05 - 2015-01-28 17:48 - 00000000 ___RD () C:\Users\Peter\Documents\MAGIX 2015-02-24 19:05 - 2015-01-27 18:52 - 00000000 ____D () C:\Windows\C0E8FE43C35B451DB35FD4BD056D70E7.TMP 2015-02-24 19:05 - 2015-01-27 17:52 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Creative 2015-02-24 19:05 - 2015-01-27 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme 2015-02-24 19:05 - 2015-01-27 16:41 - 00000000 ____D () C:\Program Files (x86)\NCH Software 2015-02-24 19:05 - 2015-01-18 19:54 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\globalip 2015-02-24 19:05 - 2015-01-14 19:04 - 00000000 ____D () C:\Program Files\iPod 2015-02-24 19:05 - 2015-01-14 19:04 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update 2015-02-24 19:05 - 2014-12-03 21:28 - 00000000 ____D () C:\Users\Peter\AppData\Local\gDaap 2015-02-24 19:05 - 2014-11-27 19:33 - 00000000 ____D () C:\Users\Peter\AppData\Local\Screenleap 2015-02-24 19:05 - 2014-11-16 14:24 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\SpaceEngineers 2015-02-24 19:05 - 2014-09-06 01:47 - 00000000 ____D () C:\Users\Peter\AppData\Local\Skype 2015-02-24 19:05 - 2014-08-31 16:30 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Electronic Arts 2015-02-24 19:05 - 2014-08-31 16:22 - 00000000 ____D () C:\Users\Peter\AppData\Local\Unity 2015-02-24 19:05 - 2014-08-19 18:38 - 00000000 ____D () C:\Users\Peter\AppData\Local\UWebKit151 2015-02-24 19:05 - 2014-07-04 14:03 - 00000000 ____D () C:\Users\Peter\AppData\Local\CrashRpt 2015-02-24 19:05 - 2014-07-03 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeskNotifier 2015-02-24 19:05 - 2014-06-30 16:24 - 00000000 ____D () C:\Program Files (x86)\Screaming Bee 2015-02-24 19:05 - 2014-06-05 20:22 - 00000000 ____D () C:\Users\Peter\AppData\Local\SniperV2 2015-02-24 19:05 - 2014-05-31 08:09 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Notepad++ 2015-02-24 19:05 - 2014-05-10 23:47 - 00000000 ____D () C:\Users\Peter\AppData\Local\Downloaded Installations 2015-02-24 19:05 - 2014-05-10 23:15 - 00000000 ____D () C:\Users\Peter\AppData\Local\SWTORPerf 2015-02-24 19:05 - 2014-05-02 18:52 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\puush 2015-02-24 19:05 - 2014-04-21 13:31 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Curse Client 2015-02-24 19:05 - 2014-03-22 16:49 - 00000000 ____D () C:\Users\Peter\AppData\Local\Arma 3 2015-02-24 19:05 - 2014-03-05 14:44 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\MAGIX 2015-02-24 19:05 - 2014-03-05 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX 2015-02-24 19:05 - 2014-03-05 14:42 - 00000000 ____D () C:\ProgramData\MAGIX 2015-02-24 19:05 - 2014-03-05 14:42 - 00000000 ____D () C:\Program Files\Common Files\MAGIX Services 2015-02-24 19:05 - 2014-03-05 14:42 - 00000000 ____D () C:\Program Files (x86)\MAGIX 2015-02-24 19:05 - 2014-02-22 15:04 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Banished 1.0 2015-02-24 19:05 - 2014-02-12 20:43 - 00000000 ____D () C:\Users\Peter\AppData\Local\Ahri.tw 2015-02-24 19:05 - 2014-01-02 10:34 - 00000000 ____D () C:\Users\Peter\AppData\Local\DayZ 2015-02-24 19:05 - 2014-01-01 22:15 - 00000000 ____D () C:\Program Files (x86)\Dotjosh Studios 2015-02-24 19:05 - 2014-01-01 15:02 - 00000000 ____D () C:\Users\Peter\AppData\Local\SIX Networks 2015-02-24 19:05 - 2013-12-31 14:03 - 00000000 ____D () C:\Users\Peter\AppData\Local\ArmA 2 OA 2015-02-24 19:05 - 2013-12-31 14:02 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive 2015-02-24 19:05 - 2013-12-30 17:13 - 00000000 ____D () C:\Users\Peter\AppData\Local\CDWLauncher 2015-02-24 19:05 - 2013-12-25 12:44 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\TeamViewer 2015-02-24 19:05 - 2013-12-16 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No23 Recorder 2015-02-24 19:05 - 2013-12-16 17:22 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Audacity 2015-02-24 19:05 - 2013-11-26 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloody trapland 2015-02-24 19:05 - 2013-11-26 20:20 - 00000000 ____D () C:\Program Files (x86)\Bloody trapland 2015-02-24 19:05 - 2013-11-26 20:11 - 00000000 ____D () C:\ProgramData\Desura 2015-02-24 19:05 - 2013-11-25 21:14 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Bloody Trapland 2015-02-24 19:05 - 2013-11-10 03:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebDrive 2015-02-24 19:05 - 2013-11-10 03:11 - 00000000 ____D () C:\Program Files\WebDrive 2015-02-24 19:05 - 2013-11-08 16:06 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Screaming Bee 2015-02-24 19:05 - 2013-11-08 16:06 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screaming Bee 2015-02-24 19:05 - 2013-11-08 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee 2015-02-24 19:05 - 2013-11-05 21:07 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-02-24 19:05 - 2013-10-30 18:24 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Battle.net 2015-02-24 19:05 - 2013-10-27 19:43 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\.technic 2015-02-24 19:05 - 2013-10-22 18:38 - 00000000 ____D () C:\Users\Peter\AppData\Local\Temp8a5f2e77e6cf663bfd522ffc8dea0465 2015-02-24 19:05 - 2013-10-22 18:38 - 00000000 ____D () C:\Users\Peter\AppData\Local\Temp78556cc9e59cb76a90f74f77140ad6ad 2015-02-24 19:05 - 2013-10-06 14:47 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\raidcall 2015-02-24 19:05 - 2013-10-03 13:00 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ 2015-02-24 19:05 - 2013-10-03 13:00 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\ICQM 2015-02-24 19:05 - 2013-09-30 19:59 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\ftblauncher 2015-02-24 19:05 - 2013-09-28 03:53 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-02-24 19:05 - 2013-09-19 16:59 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike 2015-02-24 19:05 - 2013-09-18 20:24 - 00000000 ____D () C:\Users\Peter\AppData\Local\fabi.me 2015-02-24 19:05 - 2013-09-10 17:50 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf 2015-02-24 19:05 - 2013-09-10 17:49 - 00000000 ____D () C:\Users\Peter\AppData\Local\Overwolf 2015-02-24 19:05 - 2013-09-07 16:25 - 00000000 ____D () C:\Program Files (x86)\Alcohol Soft 2015-02-24 19:05 - 2013-08-21 16:42 - 00000000 ____D () C:\Users\Peter\AppData\Local\PunkBuster 2015-02-24 19:05 - 2013-08-10 19:45 - 00000000 ____D () C:\Users\Peter\AppData\Local\Black_Tree_Gaming 2015-02-24 19:05 - 2013-08-09 22:11 - 00000000 ____D () C:\Users\Peter\AppData\Local\SteelSeries_ApS 2015-02-24 19:05 - 2013-08-09 22:10 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries 2015-02-24 19:05 - 2013-08-05 19:41 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft 2015-02-24 19:05 - 2013-08-05 15:20 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\MKKE 2015-02-24 19:05 - 2013-07-29 13:37 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\DAEMON Tools Lite 2015-02-24 19:05 - 2013-07-25 17:31 - 00000000 ____D () C:\ProgramData\TechSmith 2015-02-24 19:05 - 2013-07-25 17:15 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps 2015-02-24 19:05 - 2013-07-25 16:33 - 00000000 ____D () C:\Users\Peter\AppData\Local\Dxtory Software 2015-02-24 19:05 - 2013-07-16 18:27 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\OBS 2015-02-24 19:05 - 2013-07-16 18:26 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software 2015-02-24 19:05 - 2013-07-08 15:26 - 00000000 ____D () C:\Program Files (x86)\avmwlanstick 2015-02-24 19:05 - 2013-07-08 15:25 - 00000000 ____D () C:\Users\Peter\AVM_Driver 2015-02-24 19:05 - 2013-07-06 21:02 - 00000000 ____D () C:\Users\Peter\AppData\Local\gtk-2.0 2015-02-24 19:05 - 2013-07-04 16:14 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\RIFT 2015-02-24 19:05 - 2013-07-04 16:14 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT 2015-02-24 19:05 - 2013-06-28 16:22 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Appadaumen.de 2015-02-24 19:05 - 2013-06-25 16:52 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\AVG2013 2015-02-24 19:05 - 2013-06-19 20:51 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\uTorrent 2015-02-24 19:05 - 2013-06-15 18:01 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\DVDVideoSoft 2015-02-24 19:05 - 2013-06-05 16:39 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\OpenOffice.org 2015-02-24 19:05 - 2013-06-01 00:21 - 00000000 ____D () C:\BrickForce 2015-02-24 19:05 - 2013-05-19 14:07 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Canneverbe Limited 2015-02-24 19:05 - 2013-05-08 16:07 - 00000000 ____D () C:\Windows\pss 2015-02-24 19:05 - 2013-05-07 19:40 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-02-24 19:05 - 2013-05-07 19:26 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Macromedia 2015-02-24 19:05 - 2013-05-07 19:26 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Adobe 2015-02-24 19:05 - 2013-05-07 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-02-24 19:05 - 2013-05-07 18:35 - 00000000 ____D () C:\Users\Peter\AppData\Local\TeamSpeak 3 Client 2015-02-24 19:05 - 2013-05-07 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-02-24 19:05 - 2013-05-07 18:24 - 00000000 ____D () C:\Users\Peter\AppData\Local\Apps\2.0 2015-02-24 19:05 - 2013-05-07 17:49 - 00000000 ___RD () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-02-24 19:05 - 2013-05-07 17:49 - 00000000 ___RD () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-02-24 19:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2015-02-24 19:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2015-02-24 19:04 - 2013-12-16 17:32 - 00000000 ____D () C:\ProgramData\Caphyon 2015-02-24 19:04 - 2013-05-07 18:24 - 00000000 ____D () C:\Program Files (x86)\Google 2015-02-16 16:20 - 2013-05-07 19:32 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys ==================== Files in the root of some directories ======= 2013-12-18 19:38 - 2014-03-05 14:38 - 0000147 _____ () C:\Users\Peter\AppData\Roaming\WB.CFG 2013-07-25 17:36 - 2015-02-03 19:31 - 0010752 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some content of TEMP: ==================== C:\Users\Peter\AppData\Local\Temp\jre-8u40-windows-au.exe C:\Users\Peter\AppData\Local\Temp\Quarantine.exe C:\Users\Peter\AppData\Local\Temp\SkypeSetup.exe C:\Users\Peter\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-10 14:57 ==================== End Of Log ============================ und die Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Peter at 2015-03-18 16:40:25 Running from C:\Users\Peter\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ¡¶300Ó¢ÐÛ¡· °æ±¾ 0.2.0 (HKLM-x32\...\{6F985E79-2AAA-48A4-B9A4-4953B5D95D90}_is1) (Version: 0.2.0 - ) µTorrent (HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\uTorrent) (Version: 3.4.0.30345 - BitTorrent Inc.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) A Bird Story (HKLM-x32\...\Steam App 327410) (Version: - Freebird Games) Acronis True Image 2014 (HKLM-x32\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis) Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Amazon Music (HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\Amazon Amazon Music) (Version: 3.7.0.693 - Amazon Services LLC) Any Video Converter 5.7.7 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive) ArtMoney SE v7.43 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.43 - System SoftLab) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin) AwesomiumSetup (HKLM-x32\...\{19EF99D1-7EE6-4B5E-ABEE-0B3825F703B0}) (Version: 1.00.0000 - SIX Networks GmbH) BananaMt2 2.0 (HKLM-x32\...\BananaMt2) (Version: 2.0 - BananaMt2) Banished 1.0 (HKLM-x32\...\Banished 1.0) (Version: 1.0 - Cat-A-Cat) Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version: - WB Games Montreal) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC) Blender (HKLM\...\Blender) (Version: 2.70a - Blender Foundation) Bloody trapland version 1.45 (HKLM-x32\...\{79C07A47-0ED1-4C16-9412-C572897CE10F}_is1) (Version: 1.45 - 2Play Studios) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software) Brick-Force (HKLM-x32\...\Brick-Force) (Version: - Infernum Productions AG) Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - ) Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version: - ) Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version: - Treyarch) Camtasia Studio 7 (HKLM-x32\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation) Camtasia Studio 8 (HKLM-x32\...\{6BED66AA-1DC6-474B-AC70-205CC3A68A39}) (Version: 8.4.4.1859 - TechSmith Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP) Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Creative Live! Central 3 (HKLM-x32\...\Creative Live! Central 2) (Version: 3.01.21 - Creative Technology Ltd) Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited) Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited) Crossfire Europe (HKLM-x32\...\Crossfire Europe) (Version: 1.172 - SG Europe) Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma) Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd) Damned (HKLM-x32\...\Steam App 251170) (Version: - 9heads Game Studios) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios) Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Debut Videorekorder (HKLM-x32\...\Debut) (Version: 1.95 - NCH Software) Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform) DeskNotifier 2.0.0 (HKLM-x32\...\DeskNotifier) (Version: 2.0.0 - elfsoft) Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) DisplayFusion 6.1.2 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 6.1.2.0 - Binary Fortress Software) DJ Streamer (HKLM-x32\...\{D971FAE4-35BC-4FD7-8F12-2557077D8BB9}) (Version: 1.3.5 - Screaming Bee) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment) Dxtory version 2.0.122 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.122 - Dxtory Software) EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts) EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts) EA SPORTS™ FIFA 15 Demo (HKLM-x32\...\{108C0C19-6316-4944-A62F-C744488F8639}) (Version: 1.0.0.0 - Electronic Arts) Eryi's Action (HKLM-x32\...\Steam App 261700) (Version: - Xtal Sword) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software) Euro Truck Simulator 2 Multiplayer 0.1.2 R2 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.1.2 R2 Alpha - ETS2MP Team) EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) F1 2013 (HKLM-x32\...\Steam App 223670) (Version: - Codemasters Birmingham) F1RFT 2010 MP V1.0 Final (HKLM-x32\...\F1RFT 2010 MP V1.0 Final) (Version: - ) F1RFT 2010 MP V2.1 Update (HKLM-x32\...\F1RFT 2010 MP V2.1 Update) (Version: - ) Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft) FastAccess Web Alert (HKLM-x32\...\FastAccess Web Alert) (Version: 1.00 - Sensible Vision) FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts) FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse) Forged By Chaos (HKLM-x32\...\ForgedByChaos) (Version: - ) Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Free YouTube Download version 3.2.3.610 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.3.610 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.5.628 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.5.628 - DVDVideoSoft Ltd.) Game Dev Tycoon Version 1.4.5 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.4.5 - Greenheart Games Pty. Ltd.) Game of Thrones - A Telltale Games Series (HKLM-x32\...\Steam App 330840) (Version: - Telltale Games) Gameforge Live 2.0.4 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.4 - Gameforge) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) Goofball Goals (HKLM-x32\...\Goofball Goals) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden GTR Evolution (HKLM-x32\...\Steam App 8660) (Version: - SimBin) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) ICQ 8.1 (build 6337) (HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\ICQ) (Version: 8.1.6337.0 - Mail.Ru) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche) Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - JC2-MP Team) Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - ) League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.5.1.0 - Lightworks) Live! Cam Sync HD VF0770 Driver (1.00.02.00) (HKLM\...\Creative VF0770) (Version: - Creative Technology Ltd.) LMMS 1.0.2 (HKLM-x32\...\LMMS) (Version: 1.0.2 - LMMS Developers) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.319 - LogMeIn, Inc.) Hidden LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.11 - www.leaguereplays.com) MAGIX Burn routines (64-Bit) (HKLM\...\{49146694-5F5F-4B1F-AD15-6587F47A0FD7}) (Version: 9.0.0.212 - MAGIX AG) MAGIX Low Latency Driver (64-Bit) (HKLM\...\{42976FDB-5756-4077-A491-095F228E99E2}) (Version: 2.10.2011.0 - MAGIX AG) MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{AB8304F0-383F-4F80-8988-87727C415BF7}) (Version: 7.0.2.6 - MAGIX Software GmbH) MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden MAGIX Video deluxe 2015 (HKLM\...\MX.{FFDC29E6-5C7C-4AA8-AF5A-99E015165382}) (Version: 14.0.0.159 - MAGIX Software GmbH) MAGIX Video deluxe 2015 (Version: 14.0.0.159 - MAGIX Software GmbH) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) ManyCam 4.0.77 (HKLM-x32\...\ManyCam) (Version: 4.0.77 - Visicom Media Inc.) Mausi3 (HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\4729debaf2cd0ca4) (Version: 1.0.0.1 - Appadaumen.de) Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.215.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts) Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version: - Virtual Heroes) MorphVOX Junior (HKLM-x32\...\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}) (Version: 2.8.1 - Screaming Bee) Mortal Kombat Komplete Edition (HKLM-x32\...\Steam App 237110) (Version: - NetherRealm Studios) MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 25.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0 (x86 en-US)) (Version: 25.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MTA:SA v1.3.4 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.4 - Multi Theft Auto) MTA:SA v1.4.0 (HKLM-x32\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto) My Game Long Name (HKLM\...\UDK-361e498d-77da-4c68-9b04-b8e83c1c1f6a) (Version: - Epic Games, Inc.) Nether (HKLM-x32\...\Steam App 247730) (Version: - Phosphor Games) NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.9.0) (Version: 4.0.9.0 - Locktime Software) NetLimiter 4 (Version: 4.0.9.0 - Locktime Software) Hidden No23 Recorder (HKLM-x32\...\No23 Recorder) (Version: 2.1.0.3 - No23) No23 Recorder (x32 Version: 2.1.0.3 - No23) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) OpenVPN 2.3.4-I002 (HKLM-x32\...\OpenVPN) (Version: 2.3.4-I002 - ) Orcs Must Die 2 (HKLM-x32\...\Orcs Must Die 2_is1) (Version: - ) Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment) Orcs Must Die! Unchained (HKLM-x32\...\{8EBA33AF-48E0-4207-A4EE-96029415AD76}_is1) (Version: - Gameforge 4D GmbH) Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.) osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy) Overwolf (HKLM-x32\...\{48615A7B-F026-4F62-A3F1-49001B8E21CB}) (Version: 0.44.256 - Overwolf) Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC) Panzar (HKLM-x32\...\{4FF82163-423A-43CE-898D-3B60D19A5E8F}_is1) (Version: 1.0 - Panzar) PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert) Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation) Quake Live (HKLM-x32\...\Quake Live) (Version: - id Software) Quake Live Mozilla Plugin (HKLM-x32\...\{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}) (Version: 1.0.520 - id Software) QuickDownloader (HKLM-x32\...\QuickDownloader) (Version: - ) RACE 07 (HKLM-x32\...\Steam App 8600) (Version: - SimBin) RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.8-1.0.8500.20 - raidcall.com) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek) rFactor (remove only) (HKLM-x32\...\rFactor) (Version: - ) RIFT (HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\RIFT) (Version: - Trion Worlds, Inc.) RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software) Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios) S4 League_EU (HKLM-x32\...\{4015DB12-140F-4EE2-B0CA-4700C24B08B9}) (Version: 1.00.0000 - ) Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition) Samplitude Pro X Silver (HKLM-x32\...\MAGIX_{08E5C3CC-05DC-4E8F-B1A1-4ED2C3C065A7}) (Version: 12.0.2.115 - MAGIX AG) Samplitude Pro X Silver (x32 Version: 12.0.2.115 - MAGIX AG) Hidden Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.0.1 - Samsung Electronics) Search.us.com (HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\{AD1C44DB-B932-4A62-9072-03DAAEAD61C5}) (Version: - Search.us.com) SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden ShiftWindow 1.02 (HKLM-x32\...\ShiftWindow_is1) (Version: - Grismar) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 0.1.1682.0 - Hi-Rez Studios) Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion) South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment) Space Engineers (HKLM-x32\...\Steam App 244850) (Version: - ) Speccy (HKLM\...\Speccy) (Version: 1.22 - Piriform) Spotify (HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\Spotify) (Version: 0.9.0.133.gd18ed589 - Spotify AB) Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.40 - Bioware/EA) Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.59.30483 - SteelSeries) Supraball (HKLM-x32\...\Supraball) (Version: - Supra Games Gbr) Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version: - Bossa Studios) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer) The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - ) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd) The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe) The Swapper (HKLM-x32\...\Steam App 231160) (Version: - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano) TL-WN721N/TL-WN722N Driver (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.0.0 - TP-LINK) TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo) Tower Wars (HKLM-x32\...\Steam App 214360) (Version: - SuperVillain Studios) Trials Evolution Gold Edition (HKLM-x32\...\InstallShield_{07D857B8-C956-401D-BC8F-EDA8459AF037}) (Version: 1.0.0.3 - Ubisoft) Trials Evolution Gold Edition (x32 Version: 1.0.0.3 - Ubisoft) Hidden Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH) UltraMon (HKLM\...\{9069EE0A-7615-4D86-AD80-CA263E936DA6}) (Version: 3.2.2 - Realtime Soft Ltd) Unity Web Player (HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS) Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft) Vegas Pro 13.0 (64-bit) (HKLM\...\{3814DB30-091D-11E4-BDE0-F04DA23A5C58}) (Version: 13.0.373 - Sony) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN) VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.1 - VMware, Inc) VMware Player (Version: 6.0.1 - VMware, Inc.) Hidden VPNAutoconnect (HKLM-x32\...\{8E557F21-99AE-440D-8058-CD8CB3302E13}) (Version: 1.15 - globalip) Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft) WebDrive (HKLM\...\{F08E87FD-F62B-4BAC-A2D6-A94755653F30}) (Version: 11.00.2789 - South River Technologies) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Utils (HKLM-x32\...\Windows Utils) (Version: - ) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3058922360-1817362732-2215544763-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> D:\Programme\Blender\BlendThumb64.dll No File ==================== Restore Points ========================= 24-02-2015 19:16:57 Windows Update 24-02-2015 19:52:46 Cleaner (Spybot - Search & Destroy 2.4, administrator privileges 01-03-2015 10:01:25 Windows Update 04-03-2015 17:41:59 Windows Update 08-03-2015 12:57:50 Windows Update 11-03-2015 20:46:52 Windows Update 15-03-2015 14:23:45 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2015-02-09 21:16 - 00007466 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {14BE86F3-4B89-4851-B0B8-5A14B069A535} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {55C77216-11FB-4F6B-B43D-96966B1C8751} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-07] (Google Inc.) Task: {80D926C0-F645-4470-93B8-5F8A25E3C6E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated) Task: {E33ADB44-4A0E-473F-8D8B-E8D8A7746ED1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-07] (Google Inc.) Task: {E57AC323-7AE1-4F3A-9C97-26C65BCFFB73} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2013-05-07 18:17 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-10-01 09:32 - 2013-10-01 09:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll 2013-11-07 01:52 - 2013-11-07 01:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-05-07 18:43 - 2007-09-02 12:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe 2012-01-10 13:41 - 2014-05-02 18:53 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe 2013-08-20 21:37 - 2014-11-30 20:41 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2013-05-07 18:43 - 2007-09-02 12:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll 2015-03-13 18:42 - 2015-03-07 07:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll 2015-03-13 18:42 - 2015-03-07 07:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll 2015-03-13 18:42 - 2015-03-07 07:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll 2013-10-01 10:00 - 2013-10-01 10:00 - 00022336 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData:NT AlternateDataStreams: C:\ProgramData:NT2 AlternateDataStreams: C:\Users\All Users:NT AlternateDataStreams: C:\Users\All Users:NT2 AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT2 AlternateDataStreams: C:\ProgramData\Application Data:NT AlternateDataStreams: C:\ProgramData\Application Data:NT2 AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 AlternateDataStreams: C:\Users\Peter\Anwendungsdaten:NT AlternateDataStreams: C:\Users\Peter\Anwendungsdaten:NT2 AlternateDataStreams: C:\Users\Peter\AppData\Roaming:NT AlternateDataStreams: C:\Users\Peter\AppData\Roaming:NT2 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AcrSch2Svc => 2 MSCONFIG\Services: afcdpsrv => 2 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: AVM WLAN Connection Service => 2 MSCONFIG\Services: AxAutoMntSrv => 2 MSCONFIG\Services: BackupStack => 2 MSCONFIG\Services: BEService => 3 MSCONFIG\Services: bonanzadealslive => 2 MSCONFIG\Services: bonanzadealslivem => 3 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: BRSptSvc => 3 MSCONFIG\Services: Desura Install Service => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: Hamachi2Svc => 2 MSCONFIG\Services: HiPatchService => 2 MSCONFIG\Services: hshld => 2 MSCONFIG\Services: HssTrayService => 3 MSCONFIG\Services: HssWd => 2 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: LMIGuardianSvc => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NetBalancerService => 2 MSCONFIG\Services: nlsvc => 2 MSCONFIG\Services: OpenVPNService => 3 MSCONFIG\Services: Origin Client Service => 3 MSCONFIG\Services: OverwolfUpdaterService => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: StarWindServiceAE => 2 MSCONFIG\Services: syncagentsrv => 2 MSCONFIG\Services: TeamViewer9 => 2 MSCONFIG\Services: TunngleService => 3 MSCONFIG\Services: VMAuthdService => 2 MSCONFIG\Services: VMUSBArbService => 2 MSCONFIG\Services: WajamUpdaterV3 => 2 MSCONFIG\Services: WebDriveService => 2 MSCONFIG\Services: Yontoo Desktop Updater => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DeskNotifier.lnk => C:\Windows\pss\DeskNotifier.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk => C:\Windows\pss\LOLRecorder.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UltraMon.lnk => C:\Windows\pss\UltraMon.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup MSCONFIG\startupfolder: C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup MSCONFIG\startupfolder: C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^net.lnk => C:\Windows\pss\net.lnk.Startup MSCONFIG\startupfolder: C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup MSCONFIG\startupfolder: C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup MSCONFIG\startupfolder: C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TeamSpeak 3 Client.lnk => C:\Windows\pss\TeamSpeak 3 Client.lnk.Startup MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount MSCONFIG\startupreg: Amazon Music => "C:\Users\Peter\AppData\Local\Amazon Music\Amazon Music Helper.exe" MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe MSCONFIG\startupreg: AVMWlanClient => C:\Program Files (x86)\avmwlanstick\wlangui.exe MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Peter\AppData\Local\Smartbar\Application\QuickShare.exe startup MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: FastAccess Web Alert => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\FAInstaller\FATRY.exe MSCONFIG\startupreg: icq => C:\Users\Peter\AppData\Roaming\ICQM\icq.exe -CU MSCONFIG\startupreg: iTunesHelper => "D:\iTunesHelper.exe" MSCONFIG\startupreg: Live! Central 3 => "C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2 MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: NetBalancer => C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe MSCONFIG\startupreg: NetLimiter => "D:\Programme\NetLimiter\nlclientapp.exe" /minimized MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent MSCONFIG\startupreg: Spotify => "C:\Users\Peter\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Peter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: Steam => "D:\Programme\steam\steam.exe" -silent MSCONFIG\startupreg: SteelSeries Engine => D:\Programme\SteelSeries Engine\SteelSeriesEngine.exe MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" MSCONFIG\startupreg: V0770Mon.exe => C:\Windows\V0770Mon.exe MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Peter\AppData\Roaming\Yontoo\YontooDesktop.exe" ==================== Accounts: ============================= Administrator (S-1-5-21-3058922360-1817362732-2215544763-500 - Administrator - Disabled) Gast (S-1-5-21-3058922360-1817362732-2215544763-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-3058922360-1817362732-2215544763-1002 - Limited - Enabled) Peter (S-1-5-21-3058922360-1817362732-2215544763-1000 - Administrator - Enabled) => C:\Users\Peter ==================== Faulty Device Manager Devices ============= Name: ARXSK96U IDE Controller Description: ARXSK96U IDE Controller Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard mass storage controllers) Service: aq17ur1s Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Realtek PCIe GBE Family Controller Description: Realtek PCIe GBE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: AGPQBMNR IDE Controller Description: AGPQBMNR IDE Controller Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard mass storage controllers) Service: av7w3y1l Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. Name: Microsoft-Adapter für Miniports virtueller WiFis Description: Microsoft-Adapter für Miniports virtueller WiFis Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: SM-Bus-Controller Description: SM-Bus-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: VMware Virtual Ethernet Adapter for VMnet1 Description: VMware Virtual Ethernet Adapter for VMnet1 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet8 Description: VMware Virtual Ethernet Adapter for VMnet8 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: nldrv Description: nldrv Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: nldrv Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: TAP-Win32 Adapter V9 (Tunngle) Description: TAP-Win32 Adapter V9 (Tunngle) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Win32 Provider V9 (Tunngle) Service: tap0901t Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: TAP-Windows Adapter V9 Description: TAP-Windows Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: tap0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: USB (Universal Serial Bus)-Controller Description: USB (Universal Serial Bus)-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/12/2015 03:12:38 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (03/12/2015 03:09:00 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (03/12/2015 03:08:58 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (03/18/2015 04:35:05 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "NIKLAS-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{5E17941A-8E72-414D-9D96-F5ABF78014DF}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (03/18/2015 04:34:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (03/18/2015 04:34:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (03/18/2015 04:34:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (03/18/2015 04:34:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (03/18/2015 04:34:30 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (03/18/2015 04:34:30 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Error: (03/18/2015 04:34:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (03/18/2015 04:34:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (03/18/2015 04:34:14 PM) (Source: PNRPSvc) (EventID: 102) (User: ) Description: 0x80630801 Microsoft Office Sessions: ========================= Error: (03/12/2015 03:12:38 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\esetsmartinstaller_deu.exe Error: (03/12/2015 03:09:00 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\esetsmartinstaller_deu.exe Error: (03/12/2015 03:08:58 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\esetsmartinstaller_deu.exe CodeIntegrity Errors: =================================== Date: 2013-05-29 17:57:38.781 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Peter\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-29 17:57:38.720 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Peter\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-29 17:57:38.605 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-05-29 17:57:38.549 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz Percentage of memory in use: 23% Total physical RAM: 8055.6 MB Available physical RAM: 6173.29 MB Total Pagefile: 16109.39 MB Available Pagefile: 14014.79 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.79 GB) (Free:126.16 GB) NTFS Drive d: () (Fixed) (Total:465.76 GB) (Free:139.07 GB) NTFS Drive e: (Aufnahmen) (Fixed) (Total:931.51 GB) (Free:931.27 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F522DF3B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 706469D2) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B3129645) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
18.03.2015, 17:05 | #4 | |
/// TB-Ausbilder /// Anleitungs-Guru | Nervige Popupwerbung im Browser, Steam etc. Hi, wenn ich es richtig verstehe, dann besteht das Problem seit dem 14.03. und aktuell auch noch? Kannst Du bitte mal nen screenshot posten von diesen popups? Zitat:
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
18.03.2015, 17:23 | #5 |
| Nervige Popupwerbung im Browser, Steam etc. Sie sind mir zumindest dort zum erstenmal aufgefallen. War die ersten 2 Märzwochen garnicht am PC deswegen kann ich keine 100% genaue Angabe machen. Der PC war wohl in Nutzung nur genau wann kann ich nicht sagen :/ Screenshot von Steam: Mit JavaScript meine ich das, wenn ich z.B. bei amazon etwas suchen möchte und mit der Maus über den "suchen" Button gehe steht ja normalerweise der Link zu dem der Button mich führt unten Links im Browser (Chrome). Bei mir zeigt der Button unten Links aber "JavaScript..." an. Ich kann da momentan leider keinen Screenshot machen da das Popup wohl nur manchmal auftritt :S |
18.03.2015, 17:51 | #6 | |
/// TB-Ausbilder /// Anleitungs-Guru | Nervige Popupwerbung im Browser, Steam etc. Bitte Dein Antivirusprogramm temporär deaktivieren. Schritt 1 Download von ZOEK (by Smeenk)
__________________ --> Nervige Popupwerbung im Browser, Steam etc. |
18.03.2015, 18:21 | #7 |
| Nervige Popupwerbung im Browser, Steam etc. Hier die zoek-results.txt Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 17-March-2015 Tool run by Drasurc on 18.03.2015 at 17:57:26,40. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: E:\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 18.03.2015 17:58:11 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Dungeon Defenders deleted successfully C:\PROGRA~2\G Data deleted successfully C:\Program Files\HitmanPro deleted successfully C:\PROGRA~3\Common Files deleted successfully C:\PROGRA~3\Tunngle deleted successfully C:\Users\Peter\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3058922360-1817362732-2215544763-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HiPatchService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HiPatchService deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nlsvc deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\nlsvc deleted successfully ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Dungeon Defenders not found C:\PROGRA~2\G Data not found C:\Users\Peter\AppData\Roaming\.minecraft deleted C:\Users\Peter\AppData\Roaming\DVDVideoSoft deleted C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted C:\Users\Peter\AppData\Roaming\WB.CFG deleted C:\Users\Peter\AppData\Roaming\Common deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Hotspot Shield deleted C:\Users\Peter\AppData\Local\CrashRpt deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8056 MB CPU Info: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz CPU Speed: 3301,1 MHz Sound Card: Lautsprecher (2- High Definitio | Digitalaudio (HDMI) (2- High De | Display Adapters: NVIDIA GeForce GTX 970 | NVIDIA GeForce GTX 970 | NVIDIA GeForce GTX 970 | NVIDIA GeForce GTX 970 | Intel(R) HD Graphics 3000 | Intel(R) HD Graphics 3000 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 2x; PnP-Monitor (Standard) | PnP-Monitor (Standard) | Screen Resolution: 1920 X 1080 - 32 bit Network: Network Present Network Adapters: Hamachi Network Interface | Atheros AR9271 Wireless Network Adapter CD / DVD Drives: 1x (F: | ) F: DTSOFT BDROM Ports: COM1 LPT1 Mouse: 8 Button Wheel Mouse Present Hard Disks: C: 232,8GB | D: 465,8GB | E: 931,5GB Hard Disks - Free: C: 130,2GB | D: 139,1GB | E: 931,3GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 10/16/12 | ALASKA - 1072009 Time Zone: Mitteleuropäische Zeit Motherboard *: ASUSTeK COMPUTER INC. P8B75-M Country: Deutschland Language: DEU ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Default Browser: Google Chrome 41.0.2272.89 Internet Explorer Version: 10.0.9200.16660 Mozilla Firefox version: 25.0 (x86 en-US) Google Chrome version: 41.0.2272.89 Adobe Reader version: 11.0.10.32 Sun Java version: 1.8.0_40 (32-bit) Sun Java version: 1.8.0_40 (64-bit) Flash Player version: 16.0.0.305 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Peter\AppData\Local\Temp ==== 2015-03-12 13:53:40 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Peter\AppData\Local\Temp\jrt\libiconv2.dll 2015-03-12 13:53:40 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Peter\AppData\Local\Temp\jrt\libintl3.dll 2015-03-12 13:53:40 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Peter\AppData\Local\Temp\jrt\pcre3.dll 2015-03-12 13:53:40 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Peter\AppData\Local\Temp\jrt\regex2.dll 2015-03-07 14:42:49 55FD284EE60759524338C42DD1F3573A 561576 ----a-w- C:\Users\Peter\AppData\Local\Temp\jre-8u40-windows-au.exe 2015-03-07 14:37:07 715C98AA5955E7E07FB99D87F522E73A 200192 ------w- C:\Users\Peter\AppData\Local\Temp\jna\jna7364976806689286452.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-03-07 16:40:24 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\SysWOW64\Access.dat ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2015-03-12 13:57:31 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2015-03-12 13:57:21 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2015-03-12 13:57:21 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2015-03-12 13:57:21 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2015-02-23 19:27:11 C00C33ECF1273D50FA4468A4444DCEA2 43664 ----a-w- C:\Windows\Sysnative\drivers\hitmanpro37.sys ====== C:\Windows\Tasks ====== 2015-02-20 17:39:11 -------- d-----w- C:\Windows\Sysnative\Tasks\Safer-Networking ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2015-03-12 14:09:02 -------- d-----w- C:\PROGRA~2\ESET 2015-03-07 14:44:19 -------- d-----w- C:\PROGRA~2\COMMON~1\Java 2015-02-24 18:06:56 -------- d-----w- C:\PROGRA~2\LogMeIn Hamachi ======= C: ===== 2015-02-23 17:21:01 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat ====== C:\Users\Peter\AppData\Roaming ====== 2015-03-18 16:17:00 -------- d-----w- C:\Users\Peter\AppData\Local\Paint.NET 2015-03-07 18:02:36 -------- d-----w- C:\Users\Peter\AppData\Roaming\Origin 2015-03-07 18:02:34 -------- d-----w- C:\Users\Peter\AppData\Local\Origin 2015-03-07 16:49:09 -------- d-----w- C:\Users\Peter\AppData\Roaming\WinRAR 2015-03-07 14:37:09 -------- d-----w- C:\Users\Peter\AppData\Roaming\NVIDIA 2015-03-07 14:34:32 -------- d-----w- C:\Users\Peter\AppData\Roaming\java 2015-02-24 18:13:23 -------- d-----w- C:\Users\Peter\AppData\Local\CrashDumps 2015-02-24 17:34:57 -------- d-----w- C:\Users\Peter\AppData\Roaming\A Bird Story 2015-02-23 19:16:54 -------- d-----w- C:\Users\Peter\AppData\Local\Adobe 2015-02-23 19:09:16 257D761F8AF552FFF4637400E3908459 114688 ----a-w- C:\Users\Peter\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-23 19:09:16 -------- d-----w- C:\Users\Peter\AppData\Local\Deployment 2015-02-22 15:50:07 -------- d-----w- C:\Users\Peter\AppData\Roaming\LolClient 2015-02-22 15:12:16 -------- d-----w- C:\Users\Peter\AppData\Roaming\SteelSeries 2015-02-21 16:11:48 -------- d-----w- C:\Users\Peter\AppData\Local\Steam 2015-02-21 13:48:32 -------- d-----w- C:\Users\Peter\AppData\Local\Mozilla 2015-02-21 12:18:42 -------- d-----w- C:\Users\Peter\AppData\Local\DisplayFusion 2015-02-21 12:13:58 -------- d-----w- C:\Users\Peter\AppData\Local\LogMeIn 2015-02-20 17:43:00 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs 2015-02-20 17:37:59 -------- d-----w- C:\Users\Peter\AppData\Local\Programs ====== C:\Users\Peter ====== 2015-03-18 15:39:43 F58676DE827DD9A5F3A44A698E8B4663 2095616 ----a-w- C:\Users\Peter\Desktop\FRST64.exe 2015-03-07 16:42:37 -------- d-----w- C:\Users\Public\Documents\Tunngle 2015-03-07 16:42:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle 2015-02-24 18:06:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-02-23 19:22:24 -------- d-----w- C:\ProgramData\HitmanPro 2015-02-23 17:20:18 -------- d-----w- C:\Users\Peter\Start Menu ====== C: exe-files == 2015-03-18 15:39:43 F58676DE827DD9A5F3A44A698E8B4663 2095616 ----a-w- C:\Users\Peter\Desktop\FRST64.exe 2015-03-17 17:29:50 A19E8C12D751614C95B274FBBF4E95B0 484024 ----a-w- C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\00007160\streaming-assets-left_4_dead_2.19410377.exe 2015-03-17 17:29:50 663F16F263033FEECCB817B7188516A9 461096 ----a-w- C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\0000719d\streaming-assets-south_park_the_stick_of_truth.19410377.exe 2015-03-17 17:29:49 A3E46242E9F02F3C8BF491F224FA5FBB 460672 ----a-w- C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\00007183\streaming-assets-orcs_must_die_2.19410377.exe 2015-03-17 17:29:49 78D57B6E110EDA254B8315034EF6D902 412728 ----a-w- C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\0000715f\streaming-assets-league_of_legends.19410377.exe 2015-03-17 17:29:49 568912035B681E5CF712B0838F5B9163 396872 ----a-w- C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\00007176\streaming-assets-mortal_kombat.19410377.exe 2015-03-17 17:29:48 9054420CB4B70EA6AB4B4AC21FF6975E 372872 ----a-w- C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\00007157\streaming-assets-hearthstone_heroes_of_warcraft.19410377.exe 2015-03-17 17:29:48 68DE3E62DDCB85E2120C3EFD22A122F2 360424 ----a-w- C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\000071b5\streaming-assets-warcraft_3_tft.19410377.exe 2015-03-17 17:29:48 5DE4EEBD5224A6645F02867296240722 356736 ----a-w- C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\0000715b\streaming-assets-just_cause_2.19410377.exe 2015-03-17 17:29:47 B5F89E95243701A83D630C3860BBD962 285728 ----a-w- C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\0000715c\streaming-assets-just_cause_2_multiplayer.19410377.exe 2015-03-17 17:29:47 B419B3410CB09BF117D5CD5C58ED51AC 192152 ----a-w- C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\000071a7\streaming-assets-the_stanley_parable.19410377.exe 2015-03-17 17:29:47 337AE100254B95EBAE5256831BB8400B 279048 ----a-w- C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\00007199\streaming-assets-skyrim.19410377.exe 2015-03-17 17:29:47 13910AF75B07D73379CF25C098B47E31 354240 ----a-w- C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\00007185\streaming-assets-payday_2.19410377.exe 2015-03-17 17:29:32 9839DA9F59DDABFDD27E2D981A682EAC 5254568 ----a-w- C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\00007141\DAO.19407091.exe 2015-03-17 14:18:06 7B2A209308EA205FB31FA7944DFF9399 22016 ----a-w- C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\StreamingAssets\skyrim\automated_launch.exe 2015-03-17 14:06:06 435C55D158682C9B2DB61F2D85B2EAD1 35840 ----a-w- C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\StreamingAssets\hearthstone_heroes_of_warcraft\automated_launch.exe 2015-03-16 18:27:16 D24128C047C85A44FCE392E376BFF8D4 18103800 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_game_client\releases\0.0.1.20\deploy\League of Legends.exe 2015-03-16 18:20:50 F435677A723823CD708254645656AEE3 3331064 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\LoLPatcherUx.exe 2015-03-16 18:20:50 0C0BE97725F9CE45D23B0C1DBB733C0B 3796984 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\LoLPatcher.exe 2015-03-16 18:20:50 037DDC1B04092E3A8D42BBFBD5894D28 114168 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\jpatch.exe 2015-03-16 18:20:46 290978BC5B1F2F2EA5A18A08A7050669 2211832 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.239\deploy\LoLLauncher.exe 2015-03-16 18:20:46 037DDC1B04092E3A8D42BBFBD5894D28 114168 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.239\deploy\jpatch.exe 2015-03-16 16:08:32 E610D078F51B94352DFBD0414D9458C3 676144 ----a-w- C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe 2015-03-16 16:08:28 EF7D906D2A2F7BD18477F47E074A3F11 173872 ----a-w- C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe 2015-03-13 17:41:37 7DF547F2E361A6ADC8DFAF9544C6A283 10033232 ----a-w- C:\Program Files (x86)\Google\Update\Install\{D48B430A-2917-4008-A0ED-665249BA9665}\41.0.2272.89_40.0.2214.115_chrome_updater.exe 2015-03-13 17:41:36 7DF547F2E361A6ADC8DFAF9544C6A283 10033232 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\41.0.2272.89\41.0.2272.89_40.0.2214.115_chrome_updater.exe 2015-03-12 14:09:06 E273331224005C5A8A504164373DE1DC 535304 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe 2015-03-12 14:09:06 9E47522861242EE002D7F385C35D1322 2887824 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe 2015-03-12 14:09:06 5B3DE7968D23B476AFB256D8014B25B9 333424 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe 2015-03-12 14:09:06 47B06E473B78A792DF07D226E0537D63 119184 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe 2015-03-12 14:09:06 3C3F35C91F230493B088B334E39D1F7A 358144 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe 2015-03-11 19:37:34 E05AA5F22B9F3124B3D16304F549A1DC 439696 ----a-w- C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\00007107\CoProc update.19389532.exe === C: other files == 2015-03-12 13:57:31 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2015-03-12 13:57:21 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2015-03-12 13:57:21 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2015-03-12 13:57:21 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2015-03-12 13:53:40 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Peter\AppData\Local\Temp\jrt\prelim.bat 2015-03-12 13:53:40 E49F9C309DC32E854A081507B89EBE39 11201 ----a-w- C:\Users\Peter\AppData\Local\Temp\jrt\runvalues.bat 2015-03-12 13:53:40 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Peter\AppData\Local\Temp\jrt\TDL4.bat 2015-03-12 13:53:40 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Peter\AppData\Local\Temp\jrt\medfos.bat 2015-03-12 13:53:40 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Peter\AppData\Local\Temp\jrt\surfvox.bat 2015-03-12 13:53:40 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Peter\AppData\Local\Temp\jrt\searchlnk.bat 2015-03-12 13:53:40 883C768ADFD65F6C4968BD852B8D45E5 14924 ----a-w- C:\Users\Peter\AppData\Local\Temp\jrt\get.bat 2015-03-12 13:53:40 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Peter\AppData\Local\Temp\jrt\firefox.bat 2015-03-12 13:53:40 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Peter\AppData\Local\Temp\jrt\ev_clear.bat 2015-03-12 13:53:40 56CE326F6AAE3CF1709D332C04E8F9F1 191237 ----a-w- C:\Users\Peter\AppData\Local\Temp\jrt\misc.bat 2015-03-12 13:53:40 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Peter\AppData\Local\Temp\jrt\ask.bat 2015-03-12 13:53:40 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Peter\AppData\Local\Temp\jrt\iexplore.bat 2015-03-12 13:53:40 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Peter\AppData\Local\Temp\jrt\delfolders.bat 2015-03-12 13:53:40 080CFDE64F31E7B50EECF4552033E84D 9937 ----a-w- C:\Users\Peter\AppData\Local\Temp\jrt\mws.bat 2015-03-12 13:53:40 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\Peter\AppData\Local\Temp\jrt\chrome.bat ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\78zcl8l0.default user_pref("browser.newtab.url", ""); ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\78zcl8l0.default C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash BB56E2AC04608ED784B1293BB676CE24 - C:\Users\Peter\AppData\Local\Screenleap\npscreenleap1.1.dll - Screenshare Plugin 2BC6A052D9B153F6DC2F0E420FB4F407 - C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player C899B98999270821EDFFA56044DE2377 - C:\Users\Peter\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall plugin E557911A8903410D52FF9B3245954F4F - C:\Users\Peter\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll - Game Face Plugin D0621E248FE23302CB379AA664CA17ED - C:\ProgramData\id Software\QuakeLive\npquakezero.dll - QUAKE LIVE ==== Chromium Look ====================== Google Chrome Version: 41.0.2272.89 (Up to date, latest Stable version: 41.0.2272.89) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aakchaleigkohafkfjfjbblobjifikek - C:\Users\Peter\AppData\LocalLow\proxtube\CHROME\proxtube.crx[14.05.2013 20:35] AdBlock - Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Chrome Hotword Shared Module - Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://google.de/" "Search Page"="hxxp://www.google.com" "Search Bar"="hxxp://www.google.com" "Use Search Asst"="yes" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="hxxp://www.google.com" "SearchAssistant"="hxxp://www.google.com" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="hxxp://google.de/" "Use Search Asst"="no" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="hxxp://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="hxxp://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 65800 deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\2250232B8C4065744B1AE53E4D447027 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Infrastructure Helper deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastAccess Web Alert deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetBalancer deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yontoo Desktop deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\78zcl8l0.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=970 folders=394 241226659 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Peter\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Peter\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 18.03.2015 at 18:19:46,24 ====================== |
Themen zu Nervige Popupwerbung im Browser, Steam etc. |
adwcleaner, antiviren, bearbeitung, browser, confused, durchgeführt, etliche, fenster, forum, gesuch, gesucht, hilft, hoffe, javascript, nervige, popup, popups, popupwerbung, russisch, scan, scanner, schei, script, seite, steam, sämtliche, tagen, umlauf, virus |