Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab

"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab


Log-Analyse und Auswertung: "Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 30.03.2015, 09:37   #1
S.Jansen
 
"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab - Standard

"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab


Hallo!
Hatte mir den Browser 7 der Telekom runter geladen. Danach hatte ich komische E-mails erhalten (zB. DHL).Habe die Anhänge aber nicht geöffnet. Mittlerweile habe ich den Browser 7
wieder entfernt.Avira hat Virenbefall angezeigt.Nach erstellen des GMER Log konnte ich Avira nicht mehr aktivieren. Der Internet aufbau nach Start des Laptops dauert länger als normal. Desweiteren stürzen mir Spiele nach ca. 1 Minute bei Origin ab. Auch das Update des Internet Explorer 11 für Windows 7 for x64 based Systems wird nicht mehr ausgeführt.Avira meldet 2 Fehler.
Geändert von S.Jansen (30.03.2015 um 09:58 Uhr)

Alt 30.03.2015, 09:54   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab - Standard

"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab


Hi und

Zitat:
Hatte mir den Browser 7 der Telekom runter geladen. Danach hatte ich komische E-mails erhalten (zB. DHL)
Ich seh da keinen Zusammenhang. Ich würde den Telekom Browser zwar nicht nutzen wollen, aber das Teil ist doch nur ein angepasster Firefox. Dadurch bekommt man doch nicht auf einmal DHL-Spam.



Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 30.03.2015, 10:12   #3
S.Jansen
 
"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab - Standard

"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by FFF (administrator) on FFF-PC on 28-03-2015 15:56:20
Running from C:\Users\FFF\Downloads
Loaded Profiles: FFF (Available profiles: FFF)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Englisch (USA)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\DlProtectSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
() C:\ProgramData\dlprotect.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Windows\System32\api.ms-win-core-util-l1-1-0.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [282624 2006-09-01] (Apple Computer, Inc.)
HKLM-x32\...\Run: [OM2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [54672 2009-11-25] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe [12800 2014-01-14] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-17] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1248109876-1353936587-661878644-1000\...\Run: [OM2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1248109876-1353936587-661878644-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs:  c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1427059220&from=cor&uid=3219913727_67194_90E6FBFE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1427059220&from=cor&uid=3219913727_67194_90E6FBFE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1427059220&from=cor&uid=3219913727_67194_90E6FBFE&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1427059220&from=cor&uid=3219913727_67194_90E6FBFE&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1427059220&from=cor&uid=3219913727_67194_90E6FBFE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1427059220&from=cor&uid=3219913727_67194_90E6FBFE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1427059220&from=cor&uid=3219913727_67194_90E6FBFE&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1427059220&from=cor&uid=3219913727_67194_90E6FBFE&q={searchTerms}
HKU\S-1-5-21-1248109876-1353936587-661878644-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1427059220&from=cor&uid=3219913727_67194_90E6FBFE
HKU\S-1-5-21-1248109876-1353936587-661878644-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-1248109876-1353936587-661878644-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1427059220&from=cor&uid=3219913727_67194_90E6FBFE
HKU\S-1-5-21-1248109876-1353936587-661878644-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=90E6002421908C4D&affID=125035&tsp=5028
URLSearchHook: HKLM-x32 - RadioTotal4 Toolbar - {61f0d019-b016-4d56-9dae-7b7706cd6755} - C:\Program Files (x86)\RadioTotal4\prxtbRadi.dll No File
URLSearchHook: HKU\S-1-5-21-1248109876-1353936587-661878644-1000 - RadioTotal4 Toolbar - {61f0d019-b016-4d56-9dae-7b7706cd6755} - C:\Program Files (x86)\RadioTotal4\prxtbRadi.dll No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1248109876-1353936587-661878644-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1248109876-1353936587-661878644-1000 -> bProtectorDefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKU\S-1-5-21-1248109876-1353936587-661878644-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=3219913727_67194_90E6FBFE&ts=1427059312&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1248109876-1353936587-661878644-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=3219913727_67194_90E6FBFE&ts=1427059312&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1248109876-1353936587-661878644-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=3219913727_67194_90E6FBFE&ts=1427059312&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1248109876-1353936587-661878644-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1248109876-1353936587-661878644-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=3219913727_67194_90E6FBFE&ts=1427059312&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1248109876-1353936587-661878644-1000 -> {A1A7AD0E-2CC4-4AA4-B28D-7C7083B731CD} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=3219913727_67194_90E6FBFE&ts=1427059312&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1248109876-1353936587-661878644-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=3219913727_67194_90E6FBFE&ts=1427059312&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1248109876-1353936587-661878644-1000 -> {D0126195-F3FA-45A1-8CB4-0D761B1E070A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=3219913727_67194_90E6FBFE&ts=1427059312&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1248109876-1353936587-661878644-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=3219913727_67194_90E6FBFE&ts=1427059312&type=default&q={searchTerms}
BHO: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{90FD7326-69ED-4AF2-8F83-CCF7FE3F82E0}\{D2423BF8-BE99-478F-91AF-BA462B7CFCCB}.bin [2015-03-27] (Download Protect)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files (x86)\{D2EBEB6C-5AC7-47D4-AC8D-74773654C12E}\{D371ECD6-F09C-4F89-ACFF-61390D1387D4}.bin [2015-03-27] (Download Protect)
Toolbar: HKLM-x32 - RadioTotal4 Toolbar - {61f0d019-b016-4d56-9dae-7b7706cd6755} - C:\Program Files (x86)\RadioTotal4\prxtbRadi.dll No File
Toolbar: HKU\S-1-5-21-1248109876-1353936587-661878644-1000 -> No Name - {61F0D019-B016-4D56-9DAE-7B7706CD6755} -  No File
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9-x64 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Winsock: Catalog9-x64 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=FUJITSUXMJA2320BHXG2_K90AT9628U85T9628U85X&ts=1381154663

FireFox:
========
FF ProfilePath: C:\Users\FFF\AppData\Roaming\Mozilla\Firefox\Profiles\tndm3psf.default
FF DefaultSearchEngine: Avira SafeSearch
FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-22] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-22] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 -> C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 -> C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1248109876-1353936587-661878644-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\FFF\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-18] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\FFF\AppData\Roaming\Mozilla\Firefox\Profiles\tndm3psf.default\user.js [2015-03-25]
FF SearchPlugin: C:\Users\FFF\AppData\Roaming\Mozilla\Firefox\Profiles\tndm3psf.default\searchplugins\avira-safesearch.xml [2015-03-25]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml [2014-02-27]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mailru.xml [2013-07-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ozonru.xml [2013-07-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\priceru.xml [2013-07-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yandex-slovari.xml [2013-07-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yandex.xml [2013-07-03]
FF Extension: FoxyDeal - C:\Users\FFF\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2013-03-06]
FF Extension: Avira Browser Safety - C:\Users\FFF\AppData\Roaming\Mozilla\Firefox\Profiles\tndm3psf.default\Extensions\abs@avira.com [2015-03-25]
FF Extension: Avira SafeSearch - C:\Users\FFF\AppData\Roaming\Mozilla\Firefox\Profiles\tndm3psf.default\Extensions\safesearch@avira.com [2015-03-25]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\FFF\AppData\Roaming\Mozilla\Firefox\Profiles\tndm3psf.default\extensions\quick_start@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [{6D93C79F-A73E-4468-B47C-8CE13C383B1D}] - C:\Windows\Installer\{3A878A58-3A5A-4239-ACDE-156B659F3450}\{6D93C79F-A73E-4468-B47C-8CE13C383B1D}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{3A878A58-3A5A-4239-ACDE-156B659F3450}\{6D93C79F-A73E-4468-B47C-8CE13C383B1D}.xpi [2015-03-27]
FF HKU\S-1-5-21-1248109876-1353936587-661878644-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1427059220&from=cor&uid=3219913727_67194_90E6FBFE
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1427059220&from=cor&uid=3219913727_67194_90E6FBFE"
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR DefaultSearchURL: Default -> hxxp://www.mystartsearch.com/web/?type=ds&ts=1427059220&from=cor&uid=3219913727_67194_90E6FBFE&q={searchTerms}
CHR Profile: C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-11]
CHR Extension: (Google Drive) - C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-22]
CHR Extension: (YouTube) - C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-11]
CHR Extension: (McAfee Security Scan+) - C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-04-11]
CHR Extension: (Google Search) - C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-11]
CHR Extension: (Google Wallet) - C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-11]
CHR HKLM\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1248109876-1353936587-661878644-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [Not Found]
CHR HKU\S-1-5-21-1248109876-1353936587-661878644-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jbaaieplnliapedmcbfgfijinolepige] - C:\Users\FFF\AppData\Local\CRE\jbaaieplnliapedmcbfgfijinolepige.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aaokmnpaoippoclepikifeegeknpopea] - C:\Program Files (x86)\ResultsAlpha\aaokmnpaoippoclepikifeegeknpopea.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aipfmkinhleccnodemkoofnnofpbbpac] - C:\Users\FFF\AppData\Roaming\BabSolution\CR\searchgol.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jbaaieplnliapedmcbfgfijinolepige] - C:\Users\FFF\AppData\Local\CRE\jbaaieplnliapedmcbfgfijinolepige.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [125440 2014-01-14] () [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 OptjonalFeatures; C:\Windows\system32\api.ms-win-core-util-l1-1-0.exe [118784 2014-01-14] () [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-03-27] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Update ResultsAlpha; "C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe" [X]
S2 Util ResultsAlpha; "C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-09-01] ()
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 HWiNFO32; \??\C:\Users\FFF\AppData\Local\Temp\HWiNFO64A.SYS [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 15:56 - 2015-03-28 15:57 - 00025605 _____ () C:\Users\FFF\Downloads\FRST.txt
2015-03-28 15:56 - 2015-03-28 15:56 - 00000000 ____D () C:\FRST
2015-03-28 15:55 - 2015-03-28 15:55 - 00001110 _____ () C:\Users\FFF\Desktop\FRST64 - Verknüpfung.lnk
2015-03-28 15:54 - 2015-03-28 15:54 - 02095616 _____ (Farbar) C:\Users\FFF\Downloads\FRST64.exe
2015-03-28 15:52 - 2015-03-28 15:52 - 00000739 _____ () C:\Users\FFF\Desktop\Defogger - Verknüpfung.lnk
2015-03-28 15:48 - 2015-03-28 15:49 - 00000468 _____ () C:\Users\FFF\Downloads\defogger_disable.log
2015-03-28 15:48 - 2015-03-28 15:48 - 00000000 _____ () C:\Users\FFF\defogger_reenable
2015-03-28 15:47 - 2015-03-28 15:47 - 00050477 _____ () C:\Users\FFF\Downloads\Defogger.exe
2015-03-28 15:38 - 2015-03-28 15:38 - 00003432 _____ () C:\Windows\System32\Tasks\Avira Browser Safety Updater Task
2015-03-27 21:47 - 2015-03-27 21:47 - 00000000 ____D () C:\Program Files (x86)\{D2EBEB6C-5AC7-47D4-AC8D-74773654C12E}
2015-03-27 21:46 - 2015-03-27 21:46 - 00000000 ____D () C:\Program Files\{90FD7326-69ED-4AF2-8F83-CCF7FE3F82E0}
2015-03-27 21:41 - 2015-03-27 21:42 - 00986624 _____ () C:\Users\FFF\Downloads\MicrosoftFixit50850.msi
2015-03-27 21:17 - 2015-03-28 15:33 - 00000504 _____ () C:\Windows\setupact.log
2015-03-27 21:17 - 2015-03-27 21:17 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-27 21:16 - 2015-03-27 21:16 - 00295752 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-27 21:16 - 2015-03-27 21:16 - 00001026 _____ () C:\Windows\PFRO.log
2015-03-27 21:14 - 2015-03-27 22:19 - 00006880 _____ () C:\Windows\IE11_main.log
2015-03-27 21:13 - 2015-03-27 21:13 - 00000332 _____ () C:\Start_.cmd
2015-03-27 21:13 - 2015-03-27 21:13 - 00000000 ____D () C:\Qoobox
2015-03-27 21:13 - 2015-03-27 21:13 - 00000000 ____D () C:\ComboFix
2015-03-27 21:12 - 2015-03-27 21:13 - 00000000 ___SD () C:\32788R22FWJFW
2015-03-27 21:12 - 2015-03-27 21:12 - 00000000 ____D () C:\Windows\erdnt
2015-03-27 21:11 - 2015-03-27 21:11 - 00064024 _____ () C:\Users\FFF\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-27 20:31 - 2015-03-27 20:57 - 00000000 ____D () C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2015-03-27 20:09 - 2015-03-27 20:08 - 05762400 _____ (PC Cleaners) C:\ProgramData\pclunst.exe
2015-03-27 20:08 - 2015-03-27 20:26 - 00000000 ____D () C:\ProgramData\PC1Data
2015-03-27 18:44 - 2015-03-27 18:44 - 00000000 ____D () C:\Program Files (x86)\{C32B5067-AB35-480C-B3D6-0A84D130D880}
2015-03-27 18:43 - 2015-03-27 18:43 - 00000000 ____D () C:\Program Files\{629779E2-FF5B-4315-8186-60E600EC5CDC}
2015-03-27 16:06 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-27 16:06 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-27 16:06 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-27 16:06 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-03-27 15:27 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-03-27 15:27 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-03-27 15:17 - 2015-03-27 15:51 - 00000000 ____D () C:\Program Files (x86)\{E8EA4F73-47E4-4D14-B796-5165AB490642}
2015-03-27 14:53 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-03-27 14:53 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-03-27 14:53 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-03-27 14:53 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-03-27 14:53 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-03-27 14:53 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-03-27 14:53 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-03-27 14:53 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-03-27 14:53 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-03-27 14:53 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-03-27 14:53 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-03-27 14:53 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-03-27 14:53 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-03-27 14:53 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-03-27 14:53 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-03-27 14:53 - 2012-08-23 15:12 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys
2015-03-27 14:53 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-27 14:53 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-03-27 14:52 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-03-27 14:52 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-03-25 10:10 - 2015-03-25 10:08 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-25 09:47 - 2015-03-25 09:47 - 00000000 ____D () C:\Users\FFF\AppData\Roaming\Avira
2015-03-25 09:43 - 2015-03-17 13:01 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-25 09:43 - 2015-03-17 13:01 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-25 09:43 - 2015-03-17 13:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-25 09:41 - 2015-03-28 15:38 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-25 09:41 - 2015-03-27 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-25 09:41 - 2015-03-25 09:41 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-03-24 19:02 - 2015-03-11 05:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 19:02 - 2015-03-11 05:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 19:02 - 2015-03-11 05:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 19:02 - 2015-03-11 05:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 19:02 - 2015-03-11 05:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 19:02 - 2015-03-11 05:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 19:02 - 2015-03-11 05:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 19:02 - 2015-03-11 05:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-22 18:36 - 2015-03-22 18:36 - 00000000 ____D () C:\Program Files\{6B3AA844-0F24-4F8C-AB4C-E0B07F1E2C57}
2015-03-22 18:36 - 2015-03-22 18:36 - 00000000 ____D () C:\Program Files (x86)\{6E2BF820-1BD0-495A-ADF8-9BC84BAC968E}
2015-03-20 21:47 - 2010-08-12 10:14 - 00660072 _____ (NVIDIA Corporation) C:\Windows\system32\NVUNINST.EXE
2015-03-18 19:17 - 2015-03-22 18:57 - 00000000 ____D () C:\Users\FFF\AppData\Local\Electronic_Arts_Inc
2015-03-18 19:15 - 2015-03-18 19:15 - 00001270 _____ () C:\Users\Public\Desktop\Need for Speed World.lnk
2015-03-18 19:11 - 2015-03-22 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity™
2015-03-18 19:11 - 2015-03-18 19:11 - 00001272 _____ () C:\Users\Public\Desktop\SimCity™.lnk
2015-03-18 19:11 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-03-18 19:11 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-03-18 19:11 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-03-18 19:11 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-03-18 19:11 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-03-18 19:11 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-03-18 19:11 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-03-18 19:11 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-03-18 19:11 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-03-18 19:11 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-03-18 19:11 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-03-18 19:11 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-03-18 19:11 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-03-18 19:11 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-03-18 19:11 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-03-18 19:11 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-03-18 19:11 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-03-18 19:11 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-03-18 19:11 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-03-18 19:11 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-03-18 19:11 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-03-18 19:10 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-03-18 19:10 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-03-18 19:10 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-03-18 18:49 - 2015-03-18 18:49 - 00051573 _____ () C:\Users\FFF\Desktop\Bewerbungsanschreiben 5.rar
2015-03-18 15:23 - 2015-03-22 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed World
2015-03-17 10:23 - 2015-02-25 09:37 - 00308333 _____ () C:\Users\FFF\Desktop\Bewerbung_RECA_NORM_ - Kopie.odt
2015-03-11 08:52 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 08:52 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 08:52 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 08:52 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 08:52 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 08:52 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 08:52 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 08:52 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 08:52 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 08:52 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 08:52 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 08:52 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 08:52 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 08:52 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 08:52 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 08:52 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 08:52 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 08:52 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 08:52 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 08:52 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 08:52 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 08:52 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 08:52 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 08:52 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 08:52 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 08:52 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 08:52 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 08:52 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 08:52 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 08:52 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 08:52 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 08:52 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 08:52 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 08:52 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 08:52 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 08:52 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 08:52 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 08:52 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 08:52 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 08:52 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 08:52 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 08:52 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 08:52 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 08:52 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 08:52 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 08:52 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 08:52 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 08:52 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 08:52 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 08:52 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 08:52 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 08:52 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 08:52 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 08:52 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 08:52 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 08:52 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 08:52 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 08:52 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 08:52 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 08:52 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 08:52 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 08:52 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 08:52 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 08:52 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 08:52 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 08:52 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 08:52 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 08:52 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 08:52 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 08:52 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 08:52 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 08:52 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 08:52 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 08:52 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 08:52 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 08:52 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 08:52 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 08:51 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 08:51 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 08:51 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 08:51 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 08:51 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 08:51 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 08:51 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 08:51 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 08:51 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 08:51 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 08:51 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 08:51 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 08:51 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 08:51 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 08:51 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 08:51 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 08:51 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 08:51 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 08:51 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 08:51 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 08:51 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 08:51 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 08:51 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 08:51 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 08:51 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 08:51 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 08:51 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 08:51 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 08:51 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 08:51 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 08:51 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 08:51 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 08:51 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 08:51 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 08:51 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 08:51 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 08:51 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 08:51 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 08:51 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 08:51 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 08:51 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-04 13:04 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-04 13:04 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-04 13:04 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-04 13:04 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-03 13:53 - 2015-02-04 04:56 - 31515280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-03 13:53 - 2015-02-04 04:56 - 24198856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-03 13:53 - 2015-02-04 04:56 - 22993224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-03 13:53 - 2015-02-04 04:56 - 17559432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-03 13:53 - 2015-02-04 04:56 - 15294280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-03 13:53 - 2015-02-04 04:56 - 13916280 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-03 13:53 - 2015-02-04 04:56 - 13828032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-03 13:53 - 2015-02-04 04:56 - 12894024 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-03 13:53 - 2015-02-04 04:56 - 11272240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-03 13:53 - 2015-02-04 04:56 - 11209192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-03 13:53 - 2015-02-04 04:56 - 04244680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-03 13:53 - 2015-02-04 04:56 - 03987600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-03 13:53 - 2015-02-04 04:56 - 02823992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-03 13:53 - 2015-02-04 04:56 - 01907400 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434144.dll
2015-03-03 13:53 - 2015-02-04 04:56 - 01555656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434144.dll
2015-03-03 13:53 - 2015-02-04 04:56 - 00944328 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-03 13:53 - 2015-02-04 04:56 - 00907464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-03 13:53 - 2015-02-04 04:56 - 00902344 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-03 13:53 - 2015-02-04 04:56 - 00870032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 15:53 - 2013-10-07 13:53 - 00000282 _____ () C:\Windows\Tasks\Dealply.job
2015-03-28 15:49 - 2014-02-18 20:49 - 00000284 _____ () C:\Windows\Tasks\Update Bonanza.job
2015-03-28 15:49 - 2014-01-01 10:49 - 00000282 _____ () C:\Windows\Tasks\Bonanza.job
2015-03-28 15:48 - 2013-02-22 20:29 - 00000000 ____D () C:\Users\FFF
2015-03-28 15:47 - 2013-03-06 16:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-28 15:41 - 2013-05-12 11:35 - 01211388 _____ () C:\Windows\WindowsUpdate.log
2015-03-28 15:38 - 2009-07-14 05:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-28 15:38 - 2009-07-14 05:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-28 15:33 - 2013-03-06 16:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-28 15:32 - 2014-02-27 21:02 - 00001532 _____ () C:\Windows\Tasks\HQ-Video-Profession-1.3-codedownloader.job
2015-03-28 15:32 - 2014-02-27 21:01 - 00003136 _____ () C:\Windows\Tasks\HQ-Video-Profession-1.3-chromeinstaller.job
2015-03-28 15:32 - 2014-02-27 21:01 - 00002658 _____ () C:\Windows\Tasks\HQ-Video-Profession-1.3-firefoxinstaller.job
2015-03-28 15:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-27 22:04 - 2013-10-07 15:04 - 00000284 _____ () C:\Windows\Tasks\UpdaterEX.job
2015-03-27 21:59 - 2013-02-22 22:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-27 21:24 - 2013-03-06 18:25 - 00697506 _____ () C:\Windows\system32\perfh007.dat
2015-03-27 21:24 - 2013-03-06 18:25 - 00149442 _____ () C:\Windows\system32\perfc007.dat
2015-03-27 21:24 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-27 20:26 - 2013-10-01 18:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-27 20:18 - 2013-03-06 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FoxyDeal
2015-03-27 20:17 - 2014-11-02 22:43 - 00000000 ____D () C:\Windows\Minidump
2015-03-27 20:17 - 2013-02-23 05:23 - 00000000 ____D () C:\Windows\Panther
2015-03-27 16:12 - 2014-12-11 12:31 - 00000000 ____D () C:\ProgramData\Origin
2015-03-27 14:59 - 2013-02-22 21:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-27 14:59 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-27 14:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-27 14:55 - 2013-02-23 00:17 - 01592400 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-27 14:13 - 2014-12-11 12:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-27 09:29 - 2014-08-27 09:57 - 00000492 _____ () C:\Windows\Tasks\DriverUpdate Daily Scan.job
2015-03-25 09:50 - 2013-12-22 14:04 - 00000282 _____ () C:\Users\FFF\AppData\Roaming\WB.CFG
2015-03-25 09:43 - 2013-03-06 16:39 - 00000000 ____D () C:\ProgramData\Avira
2015-03-25 09:41 - 2014-12-11 13:15 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-24 19:04 - 2014-12-10 18:06 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-24 19:04 - 2014-05-06 11:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-22 22:39 - 2013-10-07 11:43 - 00000000 ____D () C:\Users\FFF\AppData\Local\Adobe
2015-03-22 22:39 - 2013-02-22 22:28 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-22 22:39 - 2013-02-22 22:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-22 22:39 - 2013-02-22 22:28 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-22 18:57 - 2015-02-23 18:38 - 00000000 ____D () C:\Program Files (x86)\Deutsche Telekom AG
2015-03-22 18:57 - 2015-01-01 20:17 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-03-22 18:57 - 2013-10-06 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-22 18:57 - 2013-08-17 13:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-22 18:57 - 2013-03-06 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-22 18:57 - 2013-02-22 21:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-22 18:57 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-22 18:57 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-22 18:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-22 18:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-03-22 18:55 - 2014-12-11 12:50 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-03-22 18:55 - 2013-02-22 21:12 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-22 18:54 - 2013-02-22 21:31 - 00000000 ____D () C:\NVIDIA
2015-03-20 15:49 - 2013-03-06 16:21 - 00002385 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-18 19:17 - 2014-12-11 12:31 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-03-18 18:38 - 2011-04-12 09:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-03-12 08:40 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-11 14:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 14:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 12:01 - 2013-08-08 20:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 11:54 - 2013-02-23 00:26 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-04 18:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing

==================== Files in the root of some directories =======

2012-12-18 19:08 - 2012-12-18 19:08 - 0018520 _____ () C:\Program Files (x86)\REPT.nfo
2013-12-22 14:04 - 2015-03-25 09:50 - 0000282 _____ () C:\Users\FFF\AppData\Roaming\WB.CFG
2014-01-14 10:53 - 2014-01-14 10:53 - 0012800 _____ () C:\ProgramData\dlprotect.exe
2015-03-27 20:09 - 2015-03-27 20:08 - 5762400 _____ (PC Cleaners) C:\ProgramData\pclunst.exe

Files to move or delete:
====================
C:\ProgramData\dlprotect.exe
C:\ProgramData\pclunst.exe


Some content of TEMP:
====================
C:\Users\FFF\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-28 10:05

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by FFF at 2015-03-28 15:58:38
Running from C:\Users\FFF\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.5.139.1020 - Electronic Arts Inc.)
Download Protect (HKU\S-1-5-21-1248109876-1353936587-661878644-1000\...\{132401a7-2006-4342-b43c-ccf5f02c2b01}) (Version:  - Download Protect)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:  - )
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Unity Web Player (HKU\S-1-5-21-1248109876-1353936587-661878644-1000\...\UnityWebPlayer) (Version: 4.6.3f1 - Unity Technologies ApS)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

27-03-2015 08:38:36 Windows Update
27-03-2015 14:21:15 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
27-03-2015 14:43:04 Windows Update
27-03-2015 14:51:40 Windows Update
27-03-2015 15:05:34 Installed Microsoft Fix it 50123
27-03-2015 15:11:09 Windows Update
27-03-2015 15:27:50 Windows Update
27-03-2015 16:25:17 Windows Update
27-03-2015 21:13:32 Windows Update
27-03-2015 21:27:47 Windows Update
27-03-2015 21:29:24 Windows Update
27-03-2015 21:31:06 Installed Microsoft Fix it 50123
27-03-2015 21:42:27 Installed Microsoft Fix it 50850
27-03-2015 21:48:03 Windows Update
27-03-2015 22:18:40 Windows Update
28-03-2015 15:36:42 Installed Avira Browser Safety

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00C4A624-EDEF-4BA4-ABA4-A3F5B196A608} - System32\Tasks\{C30FA615-AECB-4ED5-9EBE-DAA28751E105} => C:\Program Files (x86)\City Interactive\Terrorist Takedown Payback\payback.exe
Task: {0550C146-C23F-4EA6-AE1F-8DF8EE285E59} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {11F3F3DA-D7F3-4490-9330-560761A38942} - System32\Tasks\DriverUpdate Daily Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: {18A0920D-76FB-4132-973C-4AD845CA7522} - System32\Tasks\Dealply => C:\Users\FFF\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {23103D02-2AE8-46F2-ADFE-18FCE95A856B} - System32\Tasks\{41D436EE-7B75-4D47-845E-F6357A928CCB} => pcalua.exe -a C:\Users\FFF\Desktop\setup.exe -d C:\Users\FFF\Desktop
Task: {2E0F9D41-2C0C-4F20-9D0B-C2043E645750} - System32\Tasks\{259396A5-7223-4FD7-9437-324632E444AE} => C:\Program Files (x86)\City Interactive\Terrorist Takedown Payback\payback.exe
Task: {2EA7C451-FB96-4DEE-923F-1CB075E5C614} - System32\Tasks\{41B6BC3F-2F7C-4324-94A1-7FFFEFB2EBDB} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.3.0.116.259&amp;LastError=404
Task: {3EEE3F44-B988-4FC9-B286-9C1600409855} - System32\Tasks\{A209CCCD-78E6-4209-9A74-C0237D75B9DA} => C:\Program Files (x86)\City Interactive\Terrorist Takedown Payback\payback.exe
Task: {452687E7-13B3-4412-9F77-57F143714177} - \temp_Feven Pro 1.2-enabler No Task File <==== ATTENTION
Task: {48AD6714-4372-4D8D-A604-33967CEC551D} - System32\Tasks\{DC4D8351-7FDA-474B-98CE-27358A0A01E2} => C:\Program Files (x86)\City Interactive\Terrorist Takedown Payback\payback.exe
Task: {52F1FBED-9DC6-45A7-B31C-92E010776A8A} - System32\Tasks\{101BE23F-4198-4648-BEC9-E8C2415B530D} => C:\Program Files (x86)\City Interactive\Terrorist Takedown Payback\payback.exe
Task: {59BFF056-E3C7-4F94-8661-CE92071456C4} - System32\Tasks\HQ-Video-Profession-1.3-firefoxinstaller => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-firefoxinstaller.exe <==== ATTENTION
Task: {63E7BE04-368D-4D72-8C67-64284A615949} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {69DDC782-C494-49BC-8C5F-664F9E691A5F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-22] (Adobe Systems Incorporated)
Task: {6D84E08E-BBC3-48D0-BB64-63DA04DB1E82} - System32\Tasks\{019D73E5-6976-4EF7-9D3A-61AD4FAAD5B0} => pcalua.exe -a C:\Users\FFF\Desktop\redist\vcredist_x64.exe -d C:\Users\FFF\Desktop\redist
Task: {724EE26C-0218-4C45-8F8C-FBCC236275C2} - System32\Tasks\Bonanza => C:\Users\FFF\AppData\Roaming\Bonanza\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9340841A-A76C-44DE-8DCF-815401C3763C} - System32\Tasks\Update Bonanza => C:\Users\FFF\AppData\Roaming\UPDATE~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9D56BE60-4C19-4AD5-95FC-CE723E5C8785} - System32\Tasks\{88F2190C-D92B-4797-AEAD-546049956CE2} => C:\Program Files (x86)\City Interactive\Terrorist Takedown Payback\payback.exe
Task: {A4F396D9-5926-4C70-A25B-C786FB5F956A} - System32\Tasks\HQ-Video-Profession-1.3-chromeinstaller => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-chromeinstaller.exe <==== ATTENTION
Task: {AEAE18AE-5ECB-44AD-BA0C-38F166576600} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06] (Google Inc.)
Task: {AF100B36-0C32-44D0-BC91-F77DABBFC650} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06] (Google Inc.)
Task: {B2EA0E6F-1F93-4BBA-A487-EAD5A93C84E0} - System32\Tasks\{77D7BFFE-FC89-42E2-9875-3F997CCC9B6D} => C:\Program Files (x86)\City Interactive\Terrorist Takedown Payback\payback.exe
Task: {B5B3588D-3F66-4DBE-B0DF-96D8BFF7224B} - System32\Tasks\{092B5FAF-4A1D-42A1-AF7D-2023A4ED1C9D} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {BB5A39AF-0424-41BD-86CD-2681EF785C99} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {C7A93E29-6180-466C-B18C-70D64D8E7331} - System32\Tasks\HQ-Video-Profession-1.3-codedownloader => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-codedownloader.exe <==== ATTENTION
Task: {C988B702-B8CA-49F1-A005-CA3E17F4A435} - System32\Tasks\{EEFA607D-6A60-420A-B579-B75824B6FE39} => C:\Program Files (x86)\City Interactive\Terrorist Takedown Payback\payback.exe
Task: {D2E76710-EEF9-4A89-B642-EF6B45774C0A} - System32\Tasks\{831A7302-AA31-4620-9750-DDE6C51B222F} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.0.106/ru/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {DB300B7B-19C1-4B1F-947E-CCBF6E2370D3} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {E699BC26-4C8D-4F8E-A7C5-6C5F057E2533} - System32\Tasks\{36BBFE1F-6956-4886-BB93-985FC120CE3B} => pcalua.exe -a "E:\T-Online 6.0\Installation starten_wpf.exe" -d "E:\T-Online 6.0"
Task: {F2DAEA2A-8A6D-45B1-A31A-579221EAB0C8} - System32\Tasks\{58B23C48-C542-484E-8A22-B74E77A98829} => pcalua.exe -a "C:\Users\FFF\Desktop\OpenOffice 4.0.1 (de) Installation Files\setup.exe" -d "C:\Users\FFF\Desktop\OpenOffice 4.0.1 (de) Installation Files"
Task: {FE2C1D2C-DE8E-4642-AECC-68E6704CD856} - System32\Tasks\{C6247F17-AA3F-40EF-816D-4F0A3155FE6A} => pcalua.exe -a "C:\Program Files (x86)\OpenOffice 4\program\swriter.exe" -d C:\Users\FFF\Desktop -c -o "C:\Users\FFF\Desktop\Bewerbung_RECA_NORM_.odt"
Task: {FEF5E526-7314-467C-8469-B20A80DD8297} - System32\Tasks\UpdaterEX => C:\Users\FFF\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Bonanza.job => C:\Users\FFF\AppData\Roaming\Bonanza\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Dealply.job => C:\Users\FFF\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DriverUpdate Daily Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HQ-Video-Profession-1.3-chromeinstaller.job => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\HQ-Video-Profession-1.3-codedownloader.job => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-codedownloader.exeA/reinstallapp /runfrom=task /agentregpath='HQ-Video-Profession-1.3' /appid=51578 /srcid='001074' /subid='0' /zdata='0' /bic=C02649E6E1444B88A5B35BB92BCEC557IE /verifier=b2ef0e85775355844dc4282020faa93e /installerversion=1_34_2_13 /installerfullversion=1.34.2.13 /installationtime=1393531263 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /codedownloaddomain=http:/app-static.crossrider.com /defbro=ch /allusers /autoupdateulr='http:/update.srvstatsdata.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\HQ-Video-Profession-1.3-firefoxinstaller.job => C:\Program Files (x86)\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-firefoxinstaller.exer/installxpi /agentregpath='HQ-Video-Profession-1.3' /extensionfilepath C:\Program Files (x86)\HQ-Video-Profession-1.3\51578.xpi' /appid=51578 /srcid='001074' /subid='0' /zdata='0' /bic=C02649E6E1444B88A5B35BB92BCEC557IE /verifier=b2ef0e85775355844dc4282020faa93e /installerversion=1_34_2_13 /installerfullversion=1.34.2.13 /installationtime=1393531263 /statsdomain=http:/stats.srvstatsdata.com /errorsdomain=http:/errors.srvstatsdata.com /waitforbrowser=300 /extensionid=13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com /extensionversion=0.93 /prefsbranch=a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578 /updateurl=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/51578.rdf /extensionname='HQ-Video-Profession-1.3' /extensiondesc='HQ Videos is an add-on for your Internet browser that enhances your online experience by displaying online videos in their highest quality format available.' /publishername='HQ-Video' /defbro=ch /allusers /allprofiles /checkfflist /autoupdateulr='http:/update.srvstatsdata.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\Update Bonanza.job => C:\Users\FFF\AppData\Roaming\UPDATE~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\FFF\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2013-02-22 21:34 - 2015-02-04 03:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-14 10:52 - 2014-01-14 10:52 - 00125440 _____ () C:\Windows\System32\DlProtectSvc.exe
2009-08-10 16:01 - 2009-08-10 16:01 - 00626208 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-08-10 16:00 - 2009-08-10 16:00 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-08-10 16:01 - 2009-08-10 16:01 - 00578592 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2014-01-14 10:53 - 2014-01-14 10:53 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-01-14 10:52 - 2014-01-14 10:52 - 00118784 _____ () C:\Windows\system32\api.ms-win-core-util-l1-1-0.exe
2009-08-10 16:01 - 2009-08-10 16:01 - 00206880 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-1248109876-1353936587-661878644-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1248109876-1353936587-661878644-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1248109876-1353936587-661878644-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\FFF\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1248109876-1353936587-661878644-500 - Administrator - Disabled)
FFF (S-1-5-21-1248109876-1353936587-661878644-1000 - Administrator - Enabled) => C:\Users\FFF
Guest (S-1-5-21-1248109876-1353936587-661878644-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1248109876-1353936587-661878644-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2015 03:34:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/27/2015 09:46:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/27/2015 09:44:58 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (03/27/2015 09:44:58 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (03/27/2015 09:44:58 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (03/27/2015 09:20:09 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/27/2015 09:20:09 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Context: Windows Application


Details:
	The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/27/2015 09:20:09 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Context: Windows Application, SystemIndex Catalog


Details:
	The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/27/2015 09:20:09 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Context: Windows Application, SystemIndex Catalog


Details:
	Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (03/27/2015 09:20:02 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Context: Windows Application, SystemIndex Catalog


Details:
	The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (03/28/2015 03:34:21 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: NT AUTHORITY)
Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Es wurde versucht, registrierungsbasierte Richtlinieneinstellungen für das Gruppenrichtlinienobjekt "LocalGPO" zu lesen. Die Gruppenrichtlinieneinstellungen dürfen nicht erzwungen werden, bis dieses Ereignis behoben ist. Weitere Informationen über den Dateinamen und -pfad, der den Fehler verursacht hat, können den Ereignisdetails entnommen werden.

Error: (03/28/2015 03:33:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util ResultsAlpha" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/28/2015 03:33:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update ResultsAlpha" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/27/2015 10:19:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 for Windows 7 for x64-based Systems

Error: (03/27/2015 09:49:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 for Windows 7 for x64-based Systems

Error: (03/27/2015 09:45:42 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: NT AUTHORITY)
Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Es wurde versucht, registrierungsbasierte Richtlinieneinstellungen für das Gruppenrichtlinienobjekt "LocalGPO" zu lesen. Die Gruppenrichtlinieneinstellungen dürfen nicht erzwungen werden, bis dieses Ereignis behoben ist. Weitere Informationen über den Dateinamen und -pfad, der den Fehler verursacht hat, können den Ereignisdetails entnommen werden.

Error: (03/27/2015 09:45:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util ResultsAlpha" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/27/2015 09:45:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update ResultsAlpha" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/27/2015 09:30:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 for Windows 7 for x64-based Systems

Error: (03/27/2015 09:29:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 11 for Windows 7 for x64-based Systems


Microsoft Office Sessions:
=========================
Error: (03/28/2015 03:34:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/27/2015 09:46:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/27/2015 09:44:58 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (03/27/2015 09:44:58 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (03/27/2015 09:44:58 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (03/27/2015 09:20:09 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
	The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/27/2015 09:20:09 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
	The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/27/2015 09:20:09 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
	The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/27/2015 09:20:09 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
	Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (03/27/2015 09:20:02 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
	The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 35%
Total physical RAM: 3839.24 MB
Available physical RAM: 2469.82 MB
Total Pagefile: 7676.66 MB
Available Pagefile: 5864.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:40.99 GB) NTFS
Drive d: (Archive) (Fixed) (Total:200.43 GB) (Free:147.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 85876B75)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:49 on 28/03/2015 (FFF)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-30 10:17:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000067 FUJITSU_ rev.0000 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\FFF\AppData\Local\Temp\uwldypow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000076ef1401 2 bytes JMP 7525b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1848] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000076ef1419 2 bytes JMP 7525b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000076ef1431 2 bytes JMP 752d8ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000076ef144a 2 bytes CALL 752348ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                          * 9
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1848] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         0000000076ef14dd 2 bytes JMP 752d87a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000076ef14f5 2 bytes JMP 752d8978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         0000000076ef150d 2 bytes JMP 752d8698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000076ef1525 2 bytes JMP 752d8a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000076ef153d 2 bytes JMP 7524fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1848] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000076ef1555 2 bytes JMP 752568ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000076ef156d 2 bytes JMP 752d8f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000076ef1585 2 bytes JMP 752d8ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           0000000076ef159d 2 bytes JMP 752d865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000076ef15b5 2 bytes JMP 7524fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000076ef15cd 2 bytes JMP 7525b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000076ef16b2 2 bytes JMP 752d8e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000076ef16bd 2 bytes JMP 752d85f1 C:\Windows\syswow64\kernel32.dll

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\taskhost.exe [1896:2004]                                                                                                 000007fef86f2740
Thread   C:\Windows\system32\taskhost.exe [1896:1064]                                                                                                 000007fef82f1f38
Thread   C:\Windows\system32\taskhost.exe [1896:2164]                                                                                                 000007feff3392c0
Thread   C:\Windows\system32\taskhost.exe [1896:2272]                                                                                                 000007fef98c1010
Thread   C:\Windows\system32\taskhost.exe [1896:4904]                                                                                                 000007fef7dc5170
---- Processes - GMER 2.1 ----

Process  C:\ProgramData\dlprotect.exe (*** suspicious ***) @ C:\ProgramData\dlprotect.exe [2336](2014-01-14 09:53:01)                                 0000000000400000

---- EOF - GMER 2.1 ----
__________________
Alt 30.03.2015, 10:30   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab - Standard

"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab


Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.03.2015, 18:36   #5
S.Jansen
 
"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab - Standard

"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab


Code:
ATTFilter
# AdwCleaner v4.200 - Logfile created 30/03/2015 at 19:00:02
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : FFF - FFF-PC
# Running from : C:\Users\FFF\Desktop\AdwCleaner_4.200.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : DlProtectSvc
[#] Service Deleted : OptjonalFeatures

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foxydeal
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
Folder Deleted : C:\Program Files (x86)\Pirrit
Folder Deleted : C:\Program Files (x86)\DriverTuner
Folder Deleted : C:\Program Files (x86)\{216E9AF5-26C5-4B94-89E0-1794F4C75D47}
Folder Deleted : C:\Program Files (x86)\{6E2BF820-1BD0-495A-ADF8-9BC84BAC968E}
Folder Deleted : C:\Program Files (x86)\{739528CE-ACD9-4E15-B49C-5D25598B105A}
Folder Deleted : C:\Program Files (x86)\{80ED1204-6BC9-46AC-9374-FDAA141D4D89}
Folder Deleted : C:\Program Files (x86)\{C32B5067-AB35-480C-B3D6-0A84D130D880}
Folder Deleted : C:\Program Files (x86)\{D2EBEB6C-5AC7-47D4-AC8D-74773654C12E}
Folder Deleted : C:\Program Files (x86)\{D8572A48-5E70-41BC-9EF8-ACCA74F3264F}
Folder Deleted : C:\Program Files (x86)\NewPlayer
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Program Files\{091C3CC1-3B66-48F5-A754-F47F86EC7554}
Folder Deleted : C:\Program Files\{3F7D47BD-F6DC-4687-8CD1-F09D81BCB100}
Folder Deleted : C:\Program Files\{4A7891BE-C824-43A5-AE2C-B0070C1DCDD6}
Folder Deleted : C:\Program Files\{629779E2-FF5B-4315-8186-60E600EC5CDC}
Folder Deleted : C:\Program Files\{6B3AA844-0F24-4F8C-AB4C-E0B07F1E2C57}
Folder Deleted : C:\Program Files\{90FD7326-69ED-4AF2-8F83-CCF7FE3F82E0}
Folder Deleted : C:\Program Files\{B155DADB-3FDA-41AF-8821-735234E567B9}
Folder Deleted : C:\Users\FFF\AppData\Local\apn
Folder Deleted : C:\Users\FFF\AppData\Local\DealPlyLive
Folder Deleted : C:\Users\FFF\AppData\Local\DownloadGuide
Folder Deleted : C:\Users\FFF\AppData\Local\lollipop
Folder Deleted : C:\Users\FFF\AppData\Local\PirritSuggestor
Folder Deleted : C:\Users\FFF\AppData\Local\Tuguu_SL
Folder Deleted : C:\Users\FFF\AppData\Local\WinRST
Folder Deleted : C:\Users\FFF\AppData\Local\DriverTuner
Folder Deleted : C:\Users\FFF\AppData\Roaming\awesomehp
Folder Deleted : C:\Users\FFF\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\FFF\AppData\Roaming\Babylon
Folder Deleted : C:\Users\FFF\AppData\Roaming\DealPly
Folder Deleted : C:\Users\FFF\AppData\Roaming\Pirrit
Folder Deleted : C:\Users\FFF\AppData\Roaming\Systweak
Folder Deleted : C:\Users\FFF\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\FFF\AppData\Roaming\UpdateBonanza
Folder Deleted : C:\Users\FFF\AppData\Roaming\SmartPCFix
Folder Deleted : C:\Users\FFF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\FFF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
File Deleted : C:\ProgramData\dlprotect.exe
File Deleted : C:\Windows\System32\DlProtectSvc.exe
File Deleted : C:\Windows\System32\api.ms-win-core-util-l1-1-0.exe
File Deleted : C:\Users\FFF\AppData\Roaming\Mozilla\Firefox\Profiles\tndm3psf.default\bprotector_prefs.js
File Deleted : C:\Users\FFF\AppData\Roaming\Mozilla\Firefox\Profiles\tndm3psf.default\foxydeal.sqlite
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\awesomehp.xml
File Deleted : C:\Users\FFF\AppData\Roaming\Mozilla\Firefox\Profiles\h1sfn5fv.default-1412708552405\user.js
File Deleted : C:\Users\FFF\AppData\Roaming\Mozilla\Firefox\Profiles\tndm3psf.default\user.js

***** [ Scheduled tasks ] *****

Task Deleted : BitGuard
Task Deleted : Bonanza
Task Deleted : Dealply
Task Deleted : RegClean Pro_DEFAULT
Task Deleted : RegClean Pro_UPDATES
Task Deleted : Update Bonanza
Task Deleted : UpdaterEX
Task Deleted : HQ-Video-Profession-1.3-chromeinstaller
Task Deleted : HQ-Video-Profession-1.3-codedownloader
Task Deleted : HQ-Video-Profession-1.3-firefoxinstaller

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\FFF\Desktop\Internet Explorer.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\FFF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\FFF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\FFF\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aipfmkinhleccnodemkoofnnofpbbpac
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect
Key Deleted : HKLM\SOFTWARE\CLASSES\DPBHO.DownloadProtect.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Download Protect]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKCU\Software\5268bdfe26eba14
Key Deleted : HKLM\SOFTWARE\5268bdfe26eba14
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3317893
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CBAB673A-A480-4050-BD2B-5DE24A7A0282}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F0D019-B016-4D56-9DAE-7B7706CD6755}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F498FE2B-6CB2-4EE5-A384-D93B11091457}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511151178}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522152278}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555155578}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566156678}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E7BF74EE-9106-4113-B216-2F980BA29141}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544154478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBAB673A-A480-4050-BD2B-5DE24A7A0282}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61F0D019-B016-4D56-9DAE-7B7706CD6755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F498FE2B-6CB2-4EE5-A384-D93B11091457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CBAB673A-A480-4050-BD2B-5DE24A7A0282}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{61F0D019-B016-4D56-9DAE-7B7706CD6755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F498FE2B-6CB2-4EE5-A384-D93B11091457}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2714711C-2F38-4569-9BAD-75C70A43528A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9344BF4B-7DC5-401F-8B5A-A988F3BA075D}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{61F0D019-B016-4D56-9DAE-7B7706CD6755}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{61F0D019-B016-4D56-9DAE-7B7706CD6755}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{61F0D019-B016-4D56-9DAE-7B7706CD6755}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{61F0D019-B016-4D56-9DAE-7B7706CD6755}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511151178}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522152278}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F2DB3739-77FB-41EB-9ED3-ABF34DF2DBF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555155578}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566156678}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A1A7AD0E-2CC4-4AA4-B28D-7C7083B731CD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D0126195-F3FA-45A1-8CB4-0D761B1E070A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\BonanzaDealsLive
Key Deleted : HKCU\Software\Conduit
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\DealPlyLive
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\lollipop
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\ResultsAlpha
Key Deleted : HKCU\Software\searchgol LTD
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\foxydeal
Key Deleted : HKCU\Software\DriverTuner_Init
Key Deleted : HKCU\Software\DriverTuner
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\foxydeal
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\RadioTotal4
Key Deleted : HKLM\SOFTWARE\awesomehpSoftware
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\qvo6Software
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Taronja
Key Deleted : HKLM\SOFTWARE\RadioTotal4
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v36.0.4 (x86 de)

[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT2851647.1000234.weatherData", "{\"icon\":\"29.png\",\"temperature\":\"-3°C\",\"temperatureClear\":\"-3°C\",\"highTemperature\":\"-3°C\",\"lowTemperature\":\"-5°C\",\"feelsLike\":\"-8°C\",[...]
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT2851647.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT2851647.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2851647&octid=CT2851647&SearchSource=15&CUI=UN35163003884320357&SSPV=&Lay=1&UM=\"}");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT2851647.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://uTorrentBarDE.OurToolbar.com/\",\"EB_T[...]
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT2851647.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317893&SearchSource=2&CUI=UN11316025201422224&UM=2&q=");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentBarDE.OurToolbar.com//xpi\"}");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentBar_DE \"}");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT2851647.smartbar.CTID", "CT2851647");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT2851647.smartbar.Uninstall", "0");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT2851647.smartbar.homepage", true);
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT2851647.smartbar.isHidden", true);
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT2851647.smartbar.toolbarName", "uTorrentBar_DE ");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT3317893.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT3317893.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317893&SearchSource=2&CUI=UN11316025201422224&UM=2&q=");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT3317893.embeddedsData", "[{\"appId\":\"130269805663268820\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT3317893.installType", "conduitnsisintegration");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT3317893.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3317893&octid=CT3317893&SearchSource=15&CUI=UN11316025201422224&SSPV=&Lay=1&UM=2\"}");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT3317893.originalHomepage", "hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=90E6002421908C4D&affID=125035&tsp=5028");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT3317893.originalSearchEngine", "qvo6");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT3317893.smartbar.CTID", "CT3317893");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT3317893.smartbar.Uninstall", "0");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT3317893.smartbar.homepage", "true");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("CT3317893.smartbar.toolbarName", "RadioTotal4 ");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3317893&octid=CT3317893&SearchSource=61&CUI=UN11316025201422224&UM=2&UP=SP339C7C4A-0986-421B-B9F5-8776A636615B");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Conduit Search");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com&CUI=UN11316025201422224");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3317893");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119828&babsrc=HP_ss&mntrId=90e6fbfe000000000000002421908c4c");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("avg.install.userSPSettings", "Delta Search");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("avira.safe_search.installed", "[\"safesearch\"]");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("avira.safe_search.prev_newtab", "chrome://quick_start/content/index.html");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Avira SafeSearch");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "RadioTotal4 Customized Web Search");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "Yahoo,Amazon.de,awesomehp,Bing,DuckDuckGo,eBay,LEO Eng-Deu,OZON.ru,Price.ru,sweet-page,????????? (ru),?????@Mail.Ru,??????,??????.???????");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.alias", "mystartsearch");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.name", "mystartsearch");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1427059220&from=cor&uid=3219913727_67194_90E6FBFE&q={searchTerms}");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119828&babsrc=NT_ss&mntrId=90e6fbfe000000000000002421908c4c");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.admin", false);
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.aflt", "babsst");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.bbDpng", "6");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.cntry", "DE");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.dfltLng", "en");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.excTlbr", false);
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.hdrMd5", "485258D81782109B7CBC1DCD54986CB9");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.id", "90e6fbfe000000000000002421908c4c");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.instlDay", "15770");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.instlRef", "sst");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.10.016:28:39");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.newTab", false);
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.prdct", "delta");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.rvrt", "false");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.sg", "azb");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.smplGrp", "none");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.tlbrId", "base");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.016:28:39");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.fuchs_v_1_10.data", "{\"shop\":{\"videobuster.de\":[\"10002\",\"Videobuster\",1,\"30 Tage kostenlos  bei Video B...\"],\"quelle.de\":[\"10003\",\"Quelle\",6,\"20\\u20ac Rabatt\"][...]
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.ominent.srchPrvdr", "Search The Web(ominent)");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"14c501c413190-0f28332251dd8e8-45574136-0-14c501c413263\"");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_expires_at", "1427877970");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"9715541d244e4e47b0cde2a7fcace6d0e6fc383e\"");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_userid", "5957425472");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_utoken", "\"e53615ed5889ba0d92591de51d95f1838e72ad37\"");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.install", "1427273171264");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.search_offer_disabled", "true");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.admin", false);
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.aflt", "babsst");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.appId", "{4277F7CF-0000-46CF-BA49-D624465C4BAB}");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.autoRvrt", "false");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.bbDpng", "14");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.cntry", "DE");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.dfltLng", "de");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.excTlbr", false);
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.ffxUnstlRst", false);
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.hdrMd5", "6D2F5DD0BB37C64A555E31514E61D2C9");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.id", "90e6fbfe000000000000002421908c4d");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.instlDay", "15985");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.instlRef", "sst");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.lastVrsnTs", "1.8.16.1916:04:50");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.newTab", false);
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.prdct", "searchgol");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.prtnrId", "searchgol");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.rvrt", "false");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.sg", "azb");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.smplGrp", "none");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.tlbrId", "base");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.tlbrSrchUrl", "");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.vrsn", "1.8.16.19");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.vrsnTs", "1.8.16.1916:04:50");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.searchgol.vrsni", "1.8.16.19");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.affiliate_id", "6447");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.firstrun", "false");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.log_send_info", "false");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21087\",\"update_interval\":1227,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/www.wajam.com\\/addon\\/[...]
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.no_trace", "false");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21087");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.trace_log", "1381154692817 - onFlagInfoReceived - Unique ID saved\n");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.unique_id", "6F23502DE278C54E37D390FC901A4616");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.version", "1.26");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\FFF\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tndm3psf.default\\\\extensions\\\\abs@avira[...]
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("iminent.LayoutId", "28");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("iminent.ShowThankyouPixel", "0");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("iminent.displayFavLinks", "0");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("iminent.registerToolbarEvent102", "1380297744643");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("iminent.registerToolbarEvent109", "1380381806634");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("iminent.registerToolbarEvent110", "1379956143441");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("iminent.registerToolbarEvent111", "1380381806648");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("iminent.registerToolbarEvent112", "1380381806923");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("iminent.registerToolbarEvent122", "1380381806662");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("iminent.registerToolbarEvent140", "1380301860351");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("iminent.version", "7.36.1.1");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.33.3.1\",\"InstallEventCTime\":1376740506855,\"InstallEvent\":\"True\",\"UpdateEventCTime\":1380371776082}");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3317893");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3317893&CUI=UN11316025201422224&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3317893&octid=CT3317893&SearchSource[...]
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317893&SearchSource=2&CUI=UN11316025201422224&UM=2&q=");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT2851647");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT2851647");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "RZZN45/QJNIRX8FXELACGDB5FMK5ZSEPZPJ6TZ+YRQP4F8MLBPP4KZXPF95LQU1MCT/8GK0/G/4ZL+AEGUTEMA");
[tndm3psf.default\prefs.js] - Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3317893&CUI=UN11316025201422224&UM=2&SearchSource=13");

-\\ Google Chrome v41.0.2272.101

[C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
[C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.mystartsearch.com/?type=hp&ts=1427059220&from=cor&uid=3219913727_67194_90E6FBFE
[C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://www.mystartsearch.com/?type=hp&ts=1427059220&from=cor&uid=3219913727_67194_90E6FBFE

*************************

AdwCleaner[R0].txt - [43145 bytes] - [30/03/2015 18:57:55]
AdwCleaner[S0].txt - [41357 bytes] - [30/03/2015 19:00:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [41417  bytes] ##########
zu Schritt 2

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.8 (03.30.2015:1)
OS: Windows 7 Ultimate x64
Ran by FFF on 30.03.2015 at 19:11:56,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] update resultsalpha 
Successfully deleted: [Service] update resultsalpha 
Successfully stopped: [Service] util resultsalpha 
Successfully deleted: [Service] util resultsalpha 



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update resultsalpha
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util resultsalpha



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\DriverUpdate Daily Scan.job
Successfully deleted: [File] C:\Windows\prefetch\DEALPLYLIVE.EXE-B469C63A.pf
Successfully deleted: [File] C:\Windows\prefetch\DEALPLYLIVEHANDLER.EXE-2529B0CB.pf



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\drivergenius"
Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Program Files (x86)\driver-soft"
Successfully deleted: [Folder] "C:\Users\FFF\AppData\Roaming\microsoft\windows\start menu\programs\driver genius"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\FFF\AppData\Roaming\mozilla\firefox\profiles\tndm3psf.default\searchplugins\avira-safesearch.xml
Successfully deleted: [Folder] C:\Users\FFF\AppData\Roaming\mozilla\firefox\profiles\tndm3psf.default\extensions\safesearch@avira.com
Successfully deleted the following from C:\Users\FFF\AppData\Roaming\mozilla\firefox\profiles\tndm3psf.default\prefs.js

user_pref("CT2851647.1000234.TWC_TMP_city", "ZAVENTEM");
user_pref("CT2851647.1000234.TWC_TMP_country", "BE");
user_pref("CT2851647.1000234.TWC_country", "BELGIUM");
user_pref("CT2851647.1000234.TWC_locId", "BEXX0472");
user_pref("CT2851647.1000234.TWC_location", "Zaventem, Belgium");
user_pref("CT2851647.1000234.TWC_region", "OT");
user_pref("CT2851647.1000234.TWC_temp_dis", "c");
user_pref("CT2851647.1000234.TWC_wind_dis", "kmh");
user_pref("CT2851647.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2851647.FF19Solved", "true");
user_pref("CT2851647.FirstTime", "true");
user_pref("CT2851647.FirstTimeFF3", "true");
user_pref("CT2851647.PG_ENABLE.enc", "dHJ1ZQ==");
user_pref("CT2851647.UserID", "UN35163003884320357");
user_pref("CT2851647.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2851647.autoDisableScopes", -1);
user_pref("CT2851647.cbfirsttime.enc", "RnJpIEZlYiAyMiAyMDEzIDIzOjQ3OjU5IEdNVCswMTAw");
user_pref("CT2851647.countryCode", "DE");
user_pref("CT2851647.defaultSearch", "false");
user_pref("CT2851647.enableAlerts", "always");
user_pref("CT2851647.enableFix404ByUser", "FALSE");
user_pref("CT2851647.enableSearchFromAddressBar", "false");
user_pref("CT2851647.firstTimeDialogOpened", "true");
user_pref("CT2851647.fixPageNotFoundError", "true");
user_pref("CT2851647.fixPageNotFoundErrorByUser", "true");
user_pref("CT2851647.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2851647.fixUrls", true);
user_pref("CT2851647.fullUserID", "UN35163003884320357.UP.20130710141917");
user_pref("CT2851647.installDate", "22/2/2013 23:47:44");
user_pref("CT2851647.installType", "xpe");
user_pref("CT2851647.isCheckedStartAsHidden", true);
user_pref("CT2851647.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2851647.isFirstTimeToolbarLoading", "false");
user_pref("CT2851647.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2851647.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2851647.keyword", true);
user_pref("CT2851647.lastVersion", "10.23.0.822");
user_pref("CT2851647.mam_gk_CouponBuddy_appState.enc", "b24=");
user_pref("CT2851647.mam_gk_PriceGong_appState.enc", "b24=");
user_pref("CT2851647.mam_gk_appStateReportTime.enc", "MTM2MTU3MzI3ODk3MQ==");
user_pref("CT2851647.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnN
user_pref("CT2851647.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
user_pref("CT2851647.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6IjQzZmVjMDg1LWNkMzktNGQyZi05MDZhLTAyNTdkZj
user_pref("CT2851647.mam_gk_currentVersion.enc", "MS40LjAuNA==");
user_pref("CT2851647.mam_gk_eventsCache.enc", "eyIxZjRlZjM1Mi1mYTRlLTQzMmEtYWE3My1hNGM4ZDYzMWVkZWIiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjpbIldlbGNvbWUiLCJWaWV3Il0sInVuaXF1ZUlk
user_pref("CT2851647.mam_gk_first_time.enc", "MQ==");
user_pref("CT2851647.mam_gk_gadgetOpen.enc", "MQ==");
user_pref("CT2851647.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
user_pref("CT2851647.mam_gk_lastLoginTime.enc", "MTM2MTU3MzI3ODc0Mg==");
user_pref("CT2851647.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHM
user_pref("CT2851647.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
user_pref("CT2851647.mam_gk_settings1.4.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmll
user_pref("CT2851647.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
user_pref("CT2851647.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
user_pref("CT2851647.mam_gk_userId.enc", "YTAwNWNkY2MtNzdmNS00ZDFjLWE3MWQtNDc0ZTYzYjIwZTA3");
user_pref("CT2851647.mam_gk_user_apps_selection.enc", "");
user_pref("CT2851647.migrateAppsAndComponents", true);
user_pref("CT2851647.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2851647.openThankYouPage", "true");
user_pref("CT2851647.openUninstallPage", "false");
user_pref("CT2851647.originalHomepage", "hxxp://www.google.de?hl=de&gl=de");
user_pref("CT2851647.originalSearchEngine", "Google");
user_pref("CT2851647.originalSearchEngineName", "Google");
user_pref("CT2851647.price-gong.isManagedApp", "true");
user_pref("CT2851647.revertSettingsEnabled", "false");
user_pref("CT2851647.scriptSource.enc", "aHR0cDovLzEyNy4wLjAuMToxMDAwMC9ndWkv");
user_pref("CT2851647.search.searchAppId", "129351532245275780");
user_pref("CT2851647.search.searchCount", "0");
user_pref("CT2851647.searchInNewTabEnabledByUser", "false");
user_pref("CT2851647.searchInNewTabEnabledInHidden", "true");
user_pref("CT2851647.searchSuggestEnabledByUser", "false");
user_pref("CT2851647.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2851647.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2851647.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2851647\"}");
user_pref("CT2851647.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2851647.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT2851647.serviceLayer_services_Configuration_lastUpdate", "1393501825591");
user_pref("CT2851647.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1361573274819");
user_pref("CT2851647.serviceLayer_services_appsMetadata_lastUpdate", "1361573274585");
user_pref("CT2851647.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1361573274472");
user_pref("CT2851647.serviceLayer_services_location_lastUpdate", "1372964828074");
user_pref("CT2851647.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364150164039");
user_pref("CT2851647.serviceLayer_services_login_10.14.65.43_lastUpdate", "1373401286804");
user_pref("CT2851647.serviceLayer_services_login_10.15.0.562_lastUpdate", "1369168785300");
user_pref("CT2851647.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372964826802");
user_pref("CT2851647.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374953719265");
user_pref("CT2851647.serviceLayer_services_login_10.16.70.505_lastUpdate", "1379188779482");
user_pref("CT2851647.serviceLayer_services_login_10.20.0.513_lastUpdate", "1384608404976");
user_pref("CT2851647.serviceLayer_services_login_10.22.5.510_lastUpdate", "1387042949391");
user_pref("CT2851647.serviceLayer_services_login_10.23.0.822_lastUpdate", "1393501824860");
user_pref("CT2851647.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1361573274536");
user_pref("CT2851647.serviceLayer_services_searchAPI_lastUpdate", "1393501825505");
user_pref("CT2851647.serviceLayer_services_serviceMap_lastUpdate", "1393501824333");
user_pref("CT2851647.serviceLayer_services_setupAPI_lastUpdate", "1361573273602");
user_pref("CT2851647.serviceLayer_services_toolbarContextMenu_lastUpdate", "1361573274412");
user_pref("CT2851647.serviceLayer_services_toolbarSettings_lastUpdate", "1393509024537");
user_pref("CT2851647.serviceLayer_services_translation_lastUpdate", "1393501824344");
user_pref("CT2851647.settingsINI", true);
user_pref("CT2851647.shouldFirstTimeDialog", "false");
user_pref("CT2851647.showToolbarPermission", "false");
user_pref("CT2851647.startPage", "false");
user_pref("CT2851647.toolbarBornServerTime", "23-2-2013");
user_pref("CT2851647.toolbarCurrentServerTime", "27-2-2014");
user_pref("CT2851647.toolbarLoginClientTime", "Wed Mar 13 2013 21:48:42 GMT+0100");
user_pref("CT2851647_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1393505427238,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("CT3317893.1000082.isPlayDisplay", "true");
user_pref("CT3317893.1000082.muteState", "off");
user_pref("CT3317893.1000082.shrinkState", "expanded");
user_pref("CT3317893.1000082.state", "{\"state\":\"stopped\",\"text\":\"NDR 2 Ham...\",\"description\":\"germany  ndr 2 hambur...\",\"url\":\"hxxp://www.surfmusik.de/media/ndr
user_pref("CT3317893.1000234.TWC_TMP_city", "NUREMBERG");
user_pref("CT3317893.1000234.TWC_TMP_country", "DE");
user_pref("CT3317893.1000234.TWC_country", "GERMANY");
user_pref("CT3317893.1000234.TWC_locId", "GMBY0250");
user_pref("CT3317893.1000234.TWC_location", "Nuremberg, MT, Germany");
user_pref("CT3317893.1000234.TWC_region", "DE");
user_pref("CT3317893.1000234.TWC_temp_dis", "c");
user_pref("CT3317893.1000234.TWC_wind_dis", "kmh");
user_pref("CT3317893.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3317893.FF19Solved", "true");
user_pref("CT3317893.Facebook_Mode.enc", "Mg==");
user_pref("CT3317893.Facebook_User_Locale.enc", "ZGU=");
user_pref("CT3317893.FirstTime", "true");
user_pref("CT3317893.FirstTimeFF3", "true");
user_pref("CT3317893.UserID", "UN11316025201422224");
user_pref("CT3317893.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3317893.appOptions", "{}");
user_pref("CT3317893.browser.search.defaultthis.engineName", "true");
user_pref("CT3317893.countryCode", "DE");
user_pref("CT3317893.defaultSearch", "true");
user_pref("CT3317893.enableAlerts", "true");
user_pref("CT3317893.enableSearchFromAddressBar", "true");
user_pref("CT3317893.firstTimeDialogOpened", "true");
user_pref("CT3317893.fixPageNotFoundError", "true");
user_pref("CT3317893.fixPageNotFoundErrorByUser", "true");
user_pref("CT3317893.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3317893.fullUserID", "UN11316025201422224.IN.20140114105052");
user_pref("CT3317893.installDate", "14/01/2014 10:50:54");
user_pref("CT3317893.installSessionId", "{DBC9EC54-EE85-4177-9E77-92548A37DB56}");
user_pref("CT3317893.installSp", "TRUE");
user_pref("CT3317893.installUsage", "2014-01-14T12:51:33.387608+03:00");
user_pref("CT3317893.installUsageEarly", "2014-01-14T12:51:30.860408+03:00");
user_pref("CT3317893.installerVersion", "1.8.1.4");
user_pref("CT3317893.isCheckedStartAsHidden", true);
user_pref("CT3317893.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3317893.isFirstTimeToolbarLoading", "false");
user_pref("CT3317893.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3317893.keyword", "true");
user_pref("CT3317893.lastVersion", "10.23.0.822");
user_pref("CT3317893.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
user_pref("CT3317893.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://RadioTotal4.O
user_pref("CT3317893.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3317893.openThankYouPage", "false");
user_pref("CT3317893.openUninstallPage", "true");
user_pref("CT3317893.originalSearchAddressUrl", "");
user_pref("CT3317893.originalSearchEngineName", "");
user_pref("CT3317893.revertSettingsEnabled", "true");
user_pref("CT3317893.search.searchAppId", "130269805663268820");
user_pref("CT3317893.search.searchCount", "0");
user_pref("CT3317893.searchFromAddressBarEnabledByUser", "true");
user_pref("CT3317893.searchInNewTabEnabledByUser", "true");
user_pref("CT3317893.searchInNewTabEnabledInHidden", "true");
user_pref("CT3317893.searchRevert", "true");
user_pref("CT3317893.searchSuggestEnabledByUser", "true");
user_pref("CT3317893.searchUninstallUserMode", "2");
user_pref("CT3317893.searchUserMode", "2");
user_pref("CT3317893.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3317893.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3317893.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT3317893.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3317893\"}");
user_pref("CT3317893.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://RadioTotal4.OurToolbar.com//xpi\"}");
user_pref("CT3317893.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"RadioTotal4 \"}");
user_pref("CT3317893.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3317893.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT3317893.serviceLayer_services_Configuration_lastUpdate", "1391086243064");
user_pref("CT3317893.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1390564619713");
user_pref("CT3317893.serviceLayer_services_appsMetadata_lastUpdate", "1391086241101");
user_pref("CT3317893.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1390982465468");
user_pref("CT3317893.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1389693092396");
user_pref("CT3317893.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1389693094902");
user_pref("CT3317893.serviceLayer_services_login_10.23.0.722_lastUpdate", "1389782214212");
user_pref("CT3317893.serviceLayer_services_login_10.23.0.822_lastUpdate", "1391086240435");
user_pref("CT3317893.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1390982465771");
user_pref("CT3317893.serviceLayer_services_searchAPI_lastUpdate", "1391086242512");
user_pref("CT3317893.serviceLayer_services_serviceMap_lastUpdate", "1391086240033");
user_pref("CT3317893.serviceLayer_services_toolbarContextMenu_lastUpdate", "1391086240172");
user_pref("CT3317893.serviceLayer_services_toolbarSettings_lastUpdate", "1391086241061");
user_pref("CT3317893.serviceLayer_services_translation_lastUpdate", "1391086240953");
user_pref("CT3317893.settingsINI", true);
user_pref("CT3317893.shouldFirstTimeDialog", "false");
user_pref("CT3317893.showToolbarPermission", "false");
user_pref("CT3317893.startPage", "true");
user_pref("CT3317893.toolbarBornServerTime", "14-1-2014");
user_pref("CT3317893.toolbarCurrentServerTime", "30-1-2014");
user_pref("CT3317893.toolbarInstallDate", "14-01-2014 10:50:52");
user_pref("CT3317893.toolbarLoginClientTime", "Tue Jan 14 2014 10:51:35 GMT+0100");
user_pref("CT3317893.versionFromInstaller", "10.23.0.722");
user_pref("CT3317893.xpeMode", "0");
user_pref("CT3317893_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1391086231779,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("avira.safe_search.installed", "[\"safesearch\"]");
user_pref("avira.safe_search.search_was_active", "true");
user_pref("browser.search.defaultenginename", "Avira SafeSearch");
user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "cor");
user_pref("browser.search.searchengine.uid", "3219913727_67194_90E6FBFE");
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-
user_pref("extensions.bootstrappedAddons", "{\"abs@avira.com\":{\"version\":\"1.4.5\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\FFF\\\\AppData\\\\Roaming\\\\Mozil
user_pref("extensions.ominent.newTabUrl", "chrome://tuvaro/content/new browser tab.html?source=9f1d0980&tbp=tab&u=90e6fbfe000000000000002421908c4c");
user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"14c6ba3ad7d2d-01b7f68b120875-45574136-0-14c6ba3ad7ed0\"");
user_pref("extensions.safesearch.SAUTH_expires_at", "1428339833");
user_pref("extensions.safesearch.SAUTH_rndsnr", "\"2677434757336a00a3bc0377409463e08ea858ec\"");
user_pref("extensions.safesearch.SAUTH_userid", "5966549252");
user_pref("extensions.safesearch.SAUTH_utoken", "\"3ce7731125967fd748f2fba2cc595ab1a783d603\"");
user_pref("extensions.safesearch.install", "1427735031175");
user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\FFF\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tndm3psf.default\\
user_pref("valueApps.CT2851647.mam_gk_currentVersion", "312E31332E302E3137");
user_pref("valueApps.CT2851647.mam_gk_currentVersion.storedInFile", false);
user_pref("valueApps.CT2851647.mam_gk_migrated_from_ls", "31");
user_pref("valueApps.CT2851647.mam_gk_migrated_from_ls.storedInFile", false);
user_pref("valueApps.CT2851647.mam_gk_userBornDate", "4E2F41");
user_pref("valueApps.CT2851647.mam_gk_userBornDate.storedInFile", false);
user_pref("valueApps.CT3317893./9B+7E+x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E,x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E-x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E.:2z527.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E.x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E/x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E06CG5EL8:", "6E6D6871736C6F74746F");
user_pref("valueApps.CT3317893./9B+7E06CG5EL8:.storedInFile", false);
user_pref("valueApps.CT3317893./9B+7E06CG5EL;8I:K", "247E2D2F226A74736E777972757A7A75242F4B49474F42357D5D5C3D");
user_pref("valueApps.CT3317893./9B+7E06CG5EL;8I:K.storedInFile", false);
user_pref("valueApps.CT3317893./9B+7E0x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E1x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E2x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E31;CJ7FK;KG#NCEP@MC+VKN.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E31;CJB>~J?B.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E3x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E4x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E5x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E6x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E7x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E8x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E9x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E:x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E;x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E<x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E=x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E>x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E?x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7E@x305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7EAx305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
user_pref("valueApps.CT3317893./9B+7EBE3G=;D9N9=D.storedInFile", false);
user_pref("valueApps.CT3317893./9B+7EBx305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7ECx305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7EDx305.storedInFile", true);
user_pref("valueApps.CT3317893./9B+7Etx305.storedInFile", true);
user_pref("valueApps.CT3317893./9B-0?3G>D", "3E6B6F3C407271727A47794572207D487879257C237B252A7E28295824582D592F5F2E30");
user_pref("valueApps.CT3317893./9B-0?3G>D.storedInFile", false);
user_pref("valueApps.CT3317893./9B-0?3G@6:5;", "");
user_pref("valueApps.CT3317893./9B-0?3G@6:5;.storedInFile", false);
user_pref("valueApps.CT3317893./9B-0?3GFA7EF", "2B2E2C3D");
user_pref("valueApps.CT3317893./9B-0?3GFA7EF.storedInFile", false);
user_pref("valueApps.CT3317893./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697
user_pref("valueApps.CT3317893./9B-3=3ECCJA=F>.storedInFile", false);
user_pref("valueApps.CT3317893./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
user_pref("valueApps.CT3317893./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
user_pref("valueApps.CT3317893./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
user_pref("valueApps.CT3317893./9B3=>@44I48?.storedInFile", false);
user_pref("valueApps.CT3317893./9B5BA==9CJAG", "6F6C407073416E717A434777784B757977217D4C50");
user_pref("valueApps.CT3317893./9B5BA==9CJAG.storedInFile", false);
user_pref("valueApps.CT3317893./9B6B11G4C56B>F;P;ANR@P", "6E6D6871736C6F747275737773");
user_pref("valueApps.CT3317893./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
user_pref("valueApps.CT3317893./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
user_pref("valueApps.CT3317893./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
user_pref("valueApps.CT3317893./9B9643G3/9E", "6A");
user_pref("valueApps.CT3317893./9B9643G3/9E.storedInFile", false);
user_pref("valueApps.CT3317893./9B;45>:BI9I7IE", "2B2E2C3D");
user_pref("valueApps.CT3317893./9B;45>:BI9I7IE.storedInFile", false);
user_pref("valueApps.CT3317893./9B<:222H64<", "393F352F3E");
user_pref("valueApps.CT3317893./9B<:222H64<.storedInFile", false);
user_pref("valueApps.CT3317893./9B<:222H64<L8DAJ", "6D70706E7674747976742A7A7272787D757D7C");
user_pref("valueApps.CT3317893./9B<:222H64<L8DAJ.storedInFile", false);
user_pref("valueApps.CT3317893./9B=+03EH8H8J?:", "4443");
user_pref("valueApps.CT3317893./9B=+03EH8H8J?:.storedInFile", false);
user_pref("valueApps.CT3317893./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
user_pref("valueApps.CT3317893./9B?+E2A52D8.storedInFile", false);
user_pref("valueApps.CT3317893./9B?B0D:8AJ62<H", "6D");
user_pref("valueApps.CT3317893./9B?B0D:8AJ62<H.storedInFile", false);
user_pref("valueApps.CT3317893./9BA@0<0BI6A7GN:6@L?", "6C");
user_pref("valueApps.CT3317893./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
user_pref("valueApps.CT3317893.PG_ENABLE", "74727565");
user_pref("valueApps.CT3317893.PG_ENABLE.storedInFile", false);
user_pref("valueApps.CT3317893.SF_JUST_INSTALLED", "46414C5345");
user_pref("valueApps.CT3317893.SF_JUST_INSTALLED.storedInFile", false);
user_pref("valueApps.CT3317893.SF_STATUS", "454E41424C4544");
user_pref("valueApps.CT3317893.SF_STATUS.storedInFile", false);
user_pref("valueApps.CT3317893.SF_USER_ID", "6369645F31343132303134313035313430363835383832");
user_pref("valueApps.CT3317893.SF_USER_ID.storedInFile", false);
user_pref("valueApps.CT3317893.cb_experience_000", "3235");
user_pref("valueApps.CT3317893.cb_experience_000.storedInFile", false);
user_pref("valueApps.CT3317893.cb_firstuse0100", "31");
user_pref("valueApps.CT3317893.cb_firstuse0100.storedInFile", false);
user_pref("valueApps.CT3317893.cb_user_id_000", "434234353134393232383738325F313338393830303733343030365F46697265666F78");
user_pref("valueApps.CT3317893.cb_user_id_000.storedInFile", false);
user_pref("valueApps.CT3317893.cbfirsttime", "547565204A616E20313420323031342031303A35313A343120474D542B30313030");
user_pref("valueApps.CT3317893.cbfirsttime.storedInFile", false);
user_pref("valueApps.CT3317893.discover-experiments-photopop", "7B226E616D65223A2270686F746F706F7031222C2276657273696F6E223A31307D");
user_pref("valueApps.CT3317893.discover-experiments-photopop.storedInFile", false);
user_pref("valueApps.CT3317893.discover-periodic-reports", "7B2270696E675F30223A5B313339303136303933303038362C31343430303030305D7D");
user_pref("valueApps.CT3317893.discover-periodic-reports.storedInFile", false);
user_pref("valueApps.CT3317893.discover-user-id", "2238363261626162392D373863652D343434632D396233622D61393638316434366437663122");
user_pref("valueApps.CT3317893.discover-user-id.storedInFile", false);
user_pref("valueApps.CT3317893.ground-country-code", "22444522");
user_pref("valueApps.CT3317893.ground-country-code.storedInFile", false);
user_pref("valueApps.CT3317893.impression_session_counter", "32");
user_pref("valueApps.CT3317893.impression_session_counter.storedInFile", false);
user_pref("valueApps.CT3317893.impression_session_id", "2235626364616462382D333738652D346463642D613633392D36623265396232393364363422");
user_pref("valueApps.CT3317893.impression_session_id.storedInFile", false);
user_pref("valueApps.CT3317893.impression_session_last_active", "31333930313633363335343637");
user_pref("valueApps.CT3317893.impression_session_last_active.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_appStateReportTime", "31333931303836323439313830");
user_pref("valueApps.CT3317893.mam_gk_appStateReportTime.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_appState_CouponBuddy", "6F6E");
user_pref("valueApps.CT3317893.mam_gk_appState_CouponBuddy.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_appState_Discover", "6F6E");
user_pref("valueApps.CT3317893.mam_gk_appState_Discover.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_appState_Easytobook", "6F6E");
user_pref("valueApps.CT3317893.mam_gk_appState_Easytobook.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_appState_Easytobook_targeted", "6F6E");
user_pref("valueApps.CT3317893.mam_gk_appState_Easytobook_targeted.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_appState_PriceGong", "6F6E");
user_pref("valueApps.CT3317893.mam_gk_appState_PriceGong.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_appState_WindowShopper", "6F6E");
user_pref("valueApps.CT3317893.mam_gk_appState_WindowShopper.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_appsConfig.storedInFile", true);
user_pref("valueApps.CT3317893.mam_gk_appsDefaultEnabled", "6E756C6C");
user_pref("valueApps.CT3317893.mam_gk_appsDefaultEnabled.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_calledSetupService", "31");
user_pref("valueApps.CT3317893.mam_gk_calledSetupService.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_currentVersion", "312E31322E302E35");
user_pref("valueApps.CT3317893.mam_gk_currentVersion.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_eventsCache", "7B2261326332373666342D393339312D343062332D393734372D376537623735316434313766223A7B22746F706963223A2273656E645573616765222C
user_pref("valueApps.CT3317893.mam_gk_eventsCache.storedInFile", true);
user_pref("valueApps.CT3317893.mam_gk_existingUsersRecoveryDone", "31");
user_pref("valueApps.CT3317893.mam_gk_existingUsersRecoveryDone.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_first_time", "31");
user_pref("valueApps.CT3317893.mam_gk_first_time.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_gadgetOpen", "30");
user_pref("valueApps.CT3317893.mam_gk_gadgetOpen.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_lastLoginTime", "31333931303836323439373538");
user_pref("valueApps.CT3317893.mam_gk_lastLoginTime.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_localization.storedInFile", true);
user_pref("valueApps.CT3317893.mam_gk_mamEnabled", "74727565");
user_pref("valueApps.CT3317893.mam_gk_mamEnabled.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_migrated_from_ls", "31");
user_pref("valueApps.CT3317893.mam_gk_migrated_from_ls.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_new_welcome_experience", "31");
user_pref("valueApps.CT3317893.mam_gk_new_welcome_experience.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_settings1.12.0.5.storedInFile", true);
user_pref("valueApps.CT3317893.mam_gk_showWelcomeGadget", "66616C7365");
user_pref("valueApps.CT3317893.mam_gk_showWelcomeGadget.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_stamp", "313030395F30");
user_pref("valueApps.CT3317893.mam_gk_stamp.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_userId", "65653465646666322D376531352D343765652D393432612D353738356661643962623863");
user_pref("valueApps.CT3317893.mam_gk_userId.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_user_approval_interacted", "31");
user_pref("valueApps.CT3317893.mam_gk_user_approval_interacted.storedInFile", false);
user_pref("valueApps.CT3317893.mam_gk_welcomeDialogMode", "31");
user_pref("valueApps.CT3317893.mam_gk_welcomeDialogMode.storedInFile", false);
user_pref("valueApps.CT3317893.response_cache.storedInFile", true);
user_pref("valueApps.CT3317893.url_history0001", "73746172743A3A3A636C69636B68616E646C65723A3A3A313338393830303733343432392C2C2C687474703A2F2F7777772E686D2E636F6D2F64652F64657
user_pref("valueApps.CT3317893.url_history0001.storedInFile", true);
user_pref("valueApps.storage.mam_gk_userId", "65653465646666322D376531352D343765652D393432612D353738356661643962623863");
Emptied folder: C:\Users\FFF\AppData\Roaming\mozilla\firefox\profiles\tndm3psf.default\minidumps [19 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.03.2015 at 19:18:39,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Alt 30.03.2015, 18:54   #6
S.Jansen
 
"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab - Standard

"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab


zu Schritt 3

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by FFF (administrator) on FFF-PC on 30-03-2015 19:38:56
Running from C:\Users\FFF\Downloads
Loaded Profiles: FFF (Available profiles: FFF)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Englisch (USA)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [282624 2006-09-01] (Apple Computer, Inc.)
HKLM-x32\...\Run: [OM2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [54672 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1248109876-1353936587-661878644-1000\...\Run: [OM2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1248109876-1353936587-661878644-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1248109876-1353936587-661878644-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\FFF\AppData\Roaming\Mozilla\Firefox\Profiles\tndm3psf.default
FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=UTF-8&oe=UTF-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-22] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-22] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-03-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1248109876-1353936587-661878644-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\FFF\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-18] (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mailru.xml [2013-07-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ozonru.xml [2013-07-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\priceru.xml [2013-07-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yandex-slovari.xml [2013-07-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yandex.xml [2013-07-03]
FF Extension: FoxyDeal - C:\Users\FFF\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2013-03-06]
FF Extension: Avira Browser Safety - C:\Users\FFF\AppData\Roaming\Mozilla\Firefox\Profiles\tndm3psf.default\Extensions\abs@avira.com [2015-03-25]
FF HKLM-x32\...\Firefox\Extensions: [{6D93C79F-A73E-4468-B47C-8CE13C383B1D}] - C:\Windows\Installer\{3A878A58-3A5A-4239-ACDE-156B659F3450}\{6D93C79F-A73E-4468-B47C-8CE13C383B1D}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{3A878A58-3A5A-4239-ACDE-156B659F3450}\{6D93C79F-A73E-4468-B47C-8CE13C383B1D}.xpi [2015-03-27]
FF HKU\S-1-5-21-1248109876-1353936587-661878644-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR DefaultSearchURL: Default -> hxxp://www.mystartsearch.com/web/?type=ds&ts=1427059220&from=cor&uid=3219913727_67194_90E6FBFE&q={searchTerms}
CHR Profile: C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-11]
CHR Extension: (Google Drive) - C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-22]
CHR Extension: (YouTube) - C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-11]
CHR Extension: (Google Search) - C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-11]
CHR Extension: (Google Wallet) - C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\FFF\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-11]
CHR HKLM\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1248109876-1353936587-661878644-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [Not Found]
CHR HKU\S-1-5-21-1248109876-1353936587-661878644-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jbaaieplnliapedmcbfgfijinolepige] - C:\Users\FFF\AppData\Local\CRE\jbaaieplnliapedmcbfgfijinolepige.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aaokmnpaoippoclepikifeegeknpopea] - C:\Program Files (x86)\ResultsAlpha\aaokmnpaoippoclepikifeegeknpopea.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jbaaieplnliapedmcbfgfijinolepige] - C:\Users\FFF\AppData\Local\CRE\jbaaieplnliapedmcbfgfijinolepige.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1930608 2015-03-27] (Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-09-01] ()
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 HWiNFO32; \??\C:\Users\FFF\AppData\Local\Temp\HWiNFO64A.SYS [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 19:36 - 2015-03-30 19:37 - 02095616 _____ (Farbar) C:\Users\FFF\Downloads\FRST64(1).exe
2015-03-30 19:18 - 2015-03-30 19:18 - 00031158 _____ () C:\Users\FFF\Desktop\JRT.txt
2015-03-30 19:08 - 2015-03-30 19:07 - 01389097 _____ (Thisisu) C:\Users\FFF\Desktop\JRT.exe
2015-03-30 19:07 - 2015-03-30 19:07 - 01389097 _____ (Thisisu) C:\Users\FFF\Downloads\JRT.exe
2015-03-30 19:03 - 2015-03-30 19:03 - 00041758 _____ () C:\Users\FFF\Desktop\AdwCleaner[S0].txt
2015-03-30 18:57 - 2015-03-30 19:00 - 00000000 ____D () C:\AdwCleaner
2015-03-30 18:51 - 2015-03-30 18:51 - 02208768 _____ () C:\Users\FFF\Desktop\AdwCleaner_4.200.exe
2015-03-30 18:50 - 2015-03-30 18:51 - 02208768 _____ () C:\Users\FFF\Downloads\AdwCleaner_4.200.exe
2015-03-30 10:17 - 2015-03-30 10:17 - 00005338 _____ () C:\Users\FFF\Desktop\Gmer.txt
2015-03-30 09:57 - 2015-03-30 09:47 - 00380416 _____ () C:\Users\FFF\Desktop\Gmer-19357.exe
2015-03-30 09:47 - 2015-03-30 09:47 - 00380416 _____ () C:\Users\FFF\Downloads\Gmer-19357.exe
2015-03-28 19:37 - 2015-03-28 16:59 - 00027662 _____ () C:\Users\FFF\Desktop\Addition.txt
2015-03-28 19:36 - 2015-03-30 11:03 - 00062988 _____ () C:\Users\FFF\Desktop\FRST.txt
2015-03-28 19:36 - 2015-03-28 16:49 - 00000468 _____ () C:\Users\FFF\Desktop\defogger_disable.log
2015-03-28 19:36 - 2015-03-28 16:47 - 00050477 _____ () C:\Users\FFF\Desktop\Defogger.exe
2015-03-28 16:58 - 2015-03-28 16:59 - 00027662 _____ () C:\Users\FFF\Downloads\Addition.txt
2015-03-28 16:56 - 2015-03-30 19:38 - 00013414 _____ () C:\Users\FFF\Downloads\FRST.txt
2015-03-28 16:56 - 2015-03-30 19:38 - 00000000 ____D () C:\FRST
2015-03-28 16:55 - 2015-03-28 16:55 - 00001110 _____ () C:\Users\FFF\Desktop\FRST64 - Verknüpfung.lnk
2015-03-28 16:54 - 2015-03-28 16:54 - 02095616 _____ (Farbar) C:\Users\FFF\Downloads\FRST64.exe
2015-03-28 16:48 - 2015-03-28 16:49 - 00000468 _____ () C:\Users\FFF\Downloads\defogger_disable.log
2015-03-28 16:48 - 2015-03-28 16:48 - 00000000 _____ () C:\Users\FFF\defogger_reenable
2015-03-28 16:47 - 2015-03-28 16:47 - 00050477 _____ () C:\Users\FFF\Downloads\Defogger.exe
2015-03-27 22:41 - 2015-03-27 22:42 - 00986624 _____ () C:\Users\FFF\Downloads\MicrosoftFixit50850.msi
2015-03-27 22:17 - 2015-03-30 19:02 - 00001512 _____ () C:\Windows\setupact.log
2015-03-27 22:17 - 2015-03-27 22:17 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-27 22:16 - 2015-03-30 19:01 - 00001360 _____ () C:\Windows\PFRO.log
2015-03-27 22:16 - 2015-03-27 22:16 - 00295752 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-27 22:14 - 2015-03-30 14:12 - 00012382 _____ () C:\Windows\IE11_main.log
2015-03-27 22:13 - 2015-03-27 22:13 - 00000332 _____ () C:\Start_.cmd
2015-03-27 22:13 - 2015-03-27 22:13 - 00000000 ____D () C:\Qoobox
2015-03-27 22:13 - 2015-03-27 22:13 - 00000000 ____D () C:\ComboFix
2015-03-27 22:12 - 2015-03-27 22:13 - 00000000 ___SD () C:\32788R22FWJFW
2015-03-27 22:12 - 2015-03-27 22:12 - 00000000 ____D () C:\Windows\erdnt
2015-03-27 22:11 - 2015-03-27 22:11 - 00064024 _____ () C:\Users\FFF\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-27 21:31 - 2015-03-27 21:57 - 00000000 ____D () C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2015-03-27 21:09 - 2015-03-27 21:08 - 05762400 _____ (PC Cleaners) C:\ProgramData\pclunst.exe
2015-03-27 17:06 - 2015-01-31 05:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-27 17:06 - 2015-01-31 05:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-27 17:06 - 2015-01-31 01:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-27 17:06 - 2014-12-11 19:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-03-27 16:27 - 2014-09-05 04:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-03-27 16:27 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-03-27 16:17 - 2015-03-27 16:51 - 00000000 ____D () C:\Program Files (x86)\{E8EA4F73-47E4-4D14-B796-5165AB490642}
2015-03-27 15:53 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-03-27 15:53 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-03-27 15:53 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-03-27 15:53 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-03-27 15:53 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-03-27 15:53 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-03-27 15:53 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-03-27 15:53 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-03-27 15:53 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-03-27 15:53 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-03-27 15:53 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-03-27 15:53 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-03-27 15:53 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-03-27 15:53 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-03-27 15:53 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-03-27 15:53 - 2012-08-23 16:12 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys
2015-03-27 15:53 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-27 15:53 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-03-27 15:52 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-03-27 15:52 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-03-24 20:02 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 20:02 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 20:02 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 20:02 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 20:02 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 20:02 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 20:02 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 20:02 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-20 22:47 - 2010-08-12 11:14 - 00660072 _____ (NVIDIA Corporation) C:\Windows\system32\NVUNINST.EXE
2015-03-18 20:17 - 2015-03-22 19:57 - 00000000 ____D () C:\Users\FFF\AppData\Local\Electronic_Arts_Inc
2015-03-18 20:15 - 2015-03-18 20:15 - 00001270 _____ () C:\Users\Public\Desktop\Need for Speed World.lnk
2015-03-18 20:11 - 2015-03-22 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity™
2015-03-18 20:11 - 2015-03-18 20:11 - 00001272 _____ () C:\Users\Public\Desktop\SimCity™.lnk
2015-03-18 20:11 - 2010-05-26 12:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-03-18 20:11 - 2009-09-04 18:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-03-18 20:11 - 2009-09-04 18:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-03-18 20:11 - 2009-03-09 16:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-03-18 20:11 - 2008-10-15 07:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-03-18 20:11 - 2008-07-10 12:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-03-18 20:11 - 2008-05-30 15:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-03-18 20:11 - 2008-03-05 16:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-03-18 20:11 - 2007-10-12 16:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-03-18 20:11 - 2007-07-19 19:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-03-18 20:11 - 2007-05-16 17:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-03-18 20:11 - 2007-04-04 19:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-03-18 20:11 - 2007-03-12 17:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-03-18 20:11 - 2006-11-29 14:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-03-18 20:11 - 2006-09-28 17:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-03-18 20:11 - 2006-07-28 10:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-03-18 20:11 - 2006-03-31 13:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-03-18 20:11 - 2006-03-31 13:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-03-18 20:11 - 2006-02-03 09:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-03-18 20:11 - 2005-12-05 19:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-03-18 20:11 - 2005-07-22 20:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-03-18 20:10 - 2005-05-26 16:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-03-18 20:10 - 2005-03-18 18:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-03-18 20:10 - 2005-02-05 20:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-03-18 19:49 - 2015-03-18 19:49 - 00051573 _____ () C:\Users\FFF\Desktop\Bewerbungsanschreiben 5.rar
2015-03-18 16:23 - 2015-03-22 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed World
2015-03-17 11:23 - 2015-02-25 10:37 - 00308333 _____ () C:\Users\FFF\Desktop\Bewerbung_RECA_NORM_ - Kopie.odt
2015-03-11 09:52 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 09:52 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 09:52 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 09:52 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 09:52 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 09:52 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 09:52 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 09:52 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 09:52 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 09:52 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 09:52 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 09:52 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 09:52 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 09:52 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 09:52 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 09:52 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 09:52 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 09:52 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 09:52 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 09:52 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 09:52 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 09:52 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 09:52 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 09:52 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 09:52 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 09:52 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 09:52 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 09:52 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 09:52 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 09:52 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 09:52 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 09:52 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 09:52 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 09:52 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 09:52 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 09:52 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 09:52 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 09:52 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 09:52 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 09:52 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 09:52 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 09:52 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 09:52 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 09:52 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 09:52 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 09:52 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 09:52 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 09:52 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 09:52 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 09:52 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 09:52 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 09:52 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 09:52 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 09:52 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 09:52 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 09:52 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 09:52 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 09:52 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 09:52 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 09:52 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 09:52 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 09:52 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 09:52 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 09:52 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 09:52 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 09:52 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 09:52 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 09:52 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 09:52 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 09:52 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 09:52 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 09:52 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 09:52 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 09:52 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 09:52 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 09:52 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 09:52 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 09:51 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 09:51 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 09:51 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 09:51 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 09:51 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 09:51 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 09:51 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 09:51 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 09:51 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 09:51 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 09:51 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 09:51 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 09:51 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 09:51 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 09:51 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 09:51 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 09:51 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 09:51 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 09:51 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 09:51 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 09:51 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 09:51 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 09:51 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 09:51 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 09:51 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 09:51 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 09:51 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 09:51 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 09:51 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 09:51 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 09:51 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 09:51 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 09:51 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 09:51 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 09:51 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 09:51 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 09:51 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 09:51 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 09:51 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 09:51 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 09:51 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-04 14:04 - 2015-01-09 05:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-04 14:04 - 2015-01-09 05:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-04 14:04 - 2015-01-09 05:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-04 14:04 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-03 14:53 - 2015-02-04 05:56 - 31515280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-03 14:53 - 2015-02-04 05:56 - 24198856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-03 14:53 - 2015-02-04 05:56 - 22993224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-03 14:53 - 2015-02-04 05:56 - 17559432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-03 14:53 - 2015-02-04 05:56 - 15294280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-03 14:53 - 2015-02-04 05:56 - 13916280 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-03 14:53 - 2015-02-04 05:56 - 13828032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-03 14:53 - 2015-02-04 05:56 - 12894024 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-03 14:53 - 2015-02-04 05:56 - 11272240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-03 14:53 - 2015-02-04 05:56 - 11209192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-03 14:53 - 2015-02-04 05:56 - 04244680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-03 14:53 - 2015-02-04 05:56 - 03987600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-03 14:53 - 2015-02-04 05:56 - 02823992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-03 14:53 - 2015-02-04 05:56 - 01907400 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434144.dll
2015-03-03 14:53 - 2015-02-04 05:56 - 01555656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434144.dll
2015-03-03 14:53 - 2015-02-04 05:56 - 00944328 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-03 14:53 - 2015-02-04 05:56 - 00907464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-03 14:53 - 2015-02-04 05:56 - 00902344 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-03 14:53 - 2015-02-04 05:56 - 00870032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-30 19:08 - 2013-03-06 19:25 - 00697506 _____ () C:\Windows\system32\perfh007.dat
2015-03-30 19:08 - 2013-03-06 19:25 - 00149442 _____ () C:\Windows\system32\perfc007.dat
2015-03-30 19:08 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-30 19:07 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-30 19:07 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-30 19:01 - 2013-03-06 17:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-30 19:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-30 19:00 - 2013-12-11 09:28 - 00000985 _____ () C:\Users\FFF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-30 19:00 - 2013-10-06 14:08 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-30 19:00 - 2013-10-06 14:08 - 00001049 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-30 19:00 - 2013-05-12 12:35 - 01413779 _____ () C:\Windows\WindowsUpdate.log
2015-03-30 19:00 - 2013-03-06 17:21 - 00001278 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-30 19:00 - 2013-03-06 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-30 19:00 - 2013-02-22 21:30 - 00000955 _____ () C:\Users\FFF\Desktop\Internet Explorer.lnk
2015-03-30 18:59 - 2013-02-22 23:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-30 18:47 - 2013-03-06 17:39 - 00000000 ____D () C:\ProgramData\Avira
2015-03-30 18:47 - 2013-03-06 17:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-30 18:45 - 2014-12-11 14:15 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-28 16:48 - 2013-02-22 21:29 - 00000000 ____D () C:\Users\FFF
2015-03-27 21:26 - 2013-10-01 19:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-27 21:17 - 2014-11-02 23:43 - 00000000 ____D () C:\Windows\Minidump
2015-03-27 21:17 - 2013-02-23 06:23 - 00000000 ____D () C:\Windows\Panther
2015-03-27 17:12 - 2014-12-11 13:31 - 00000000 ____D () C:\ProgramData\Origin
2015-03-27 15:59 - 2013-02-22 22:19 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-27 15:59 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-27 15:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-27 15:55 - 2013-02-23 01:17 - 01592400 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-27 15:13 - 2014-12-11 13:31 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-25 10:50 - 2013-12-22 15:04 - 00000282 _____ () C:\Users\FFF\AppData\Roaming\WB.CFG
2015-03-24 20:04 - 2014-12-10 19:06 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-24 20:04 - 2014-05-06 12:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-22 23:39 - 2013-10-07 12:43 - 00000000 ____D () C:\Users\FFF\AppData\Local\Adobe
2015-03-22 23:39 - 2013-02-22 23:28 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-22 23:39 - 2013-02-22 23:28 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-22 23:39 - 2013-02-22 23:28 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-22 19:57 - 2015-02-23 19:38 - 00000000 ____D () C:\Program Files (x86)\Deutsche Telekom AG
2015-03-22 19:57 - 2015-01-01 21:17 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-03-22 19:57 - 2013-10-06 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-22 19:57 - 2013-08-17 14:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-22 19:57 - 2013-02-22 22:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-22 19:57 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-22 19:57 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-22 19:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-22 19:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-03-22 19:55 - 2014-12-11 13:50 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-03-22 19:55 - 2013-02-22 22:12 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-22 19:54 - 2013-02-22 22:31 - 00000000 ____D () C:\NVIDIA
2015-03-18 20:17 - 2014-12-11 13:31 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-03-18 19:38 - 2011-04-12 10:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-03-12 09:40 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-11 15:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 15:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 13:01 - 2013-08-08 21:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 12:54 - 2013-02-23 01:26 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-04 19:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing

==================== Files in the root of some directories =======

2012-12-18 20:08 - 2012-12-18 20:08 - 0018520 _____ () C:\Program Files (x86)\REPT.nfo
2013-12-22 15:04 - 2015-03-25 10:50 - 0000282 _____ () C:\Users\FFF\AppData\Roaming\WB.CFG
2015-03-27 21:09 - 2015-03-27 21:08 - 5762400 _____ (PC Cleaners) C:\ProgramData\pclunst.exe

Files to move or delete:
====================
C:\ProgramData\pclunst.exe


Some content of TEMP:
====================
C:\Users\FFF\AppData\Local\Temp\avgnt.exe
C:\Users\FFF\AppData\Local\Temp\Quarantine.exe
C:\Users\FFF\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-28 11:05

==================== End Of Log ============================
--- --- ---

--- --- ---


zu Schritt 3
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by FFF at 2015-03-30 19:50:53
Running from C:\Users\FFF\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.5.139.1020 - Electronic Arts Inc.)
Download Protect (HKU\S-1-5-21-1248109876-1353936587-661878644-1000\...\{132401a7-2006-4342-b43c-ccf5f02c2b01}) (Version:  - Download Protect)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:  - )
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version:  - )
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Unity Web Player (HKU\S-1-5-21-1248109876-1353936587-661878644-1000\...\UnityWebPlayer) (Version: 4.6.3f1 - Unity Technologies ApS)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

27-03-2015 16:05:34 Installed Microsoft Fix it 50123
27-03-2015 16:11:09 Windows Update
27-03-2015 16:27:50 Windows Update
27-03-2015 17:25:17 Windows Update
27-03-2015 22:13:32 Windows Update
27-03-2015 22:27:47 Windows Update
27-03-2015 22:29:24 Windows Update
27-03-2015 22:31:06 Installed Microsoft Fix it 50123
27-03-2015 22:42:27 Installed Microsoft Fix it 50850
27-03-2015 22:48:03 Windows Update
27-03-2015 23:18:40 Windows Update
28-03-2015 16:36:42 Installed Avira Browser Safety
28-03-2015 17:34:54 Windows Update
28-03-2015 22:43:14 Windows Update
29-03-2015 17:27:57 Windows Update
30-03-2015 18:45:44 Removed Avira Browser Safety

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00C4A624-EDEF-4BA4-ABA4-A3F5B196A608} - System32\Tasks\{C30FA615-AECB-4ED5-9EBE-DAA28751E105} => C:\Program Files (x86)\City Interactive\Terrorist Takedown Payback\payback.exe
Task: {23103D02-2AE8-46F2-ADFE-18FCE95A856B} - System32\Tasks\{41D436EE-7B75-4D47-845E-F6357A928CCB} => pcalua.exe -a C:\Users\FFF\Desktop\setup.exe -d C:\Users\FFF\Desktop
Task: {2E0F9D41-2C0C-4F20-9D0B-C2043E645750} - System32\Tasks\{259396A5-7223-4FD7-9437-324632E444AE} => C:\Program Files (x86)\City Interactive\Terrorist Takedown Payback\payback.exe
Task: {2EA7C451-FB96-4DEE-923F-1CB075E5C614} - System32\Tasks\{41B6BC3F-2F7C-4324-94A1-7FFFEFB2EBDB} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.3.0.116.259&amp;LastError=404
Task: {3EEE3F44-B988-4FC9-B286-9C1600409855} - System32\Tasks\{A209CCCD-78E6-4209-9A74-C0237D75B9DA} => C:\Program Files (x86)\City Interactive\Terrorist Takedown Payback\payback.exe
Task: {452687E7-13B3-4412-9F77-57F143714177} - \temp_Feven Pro 1.2-enabler No Task File <==== ATTENTION
Task: {48AD6714-4372-4D8D-A604-33967CEC551D} - System32\Tasks\{DC4D8351-7FDA-474B-98CE-27358A0A01E2} => C:\Program Files (x86)\City Interactive\Terrorist Takedown Payback\payback.exe
Task: {52F1FBED-9DC6-45A7-B31C-92E010776A8A} - System32\Tasks\{101BE23F-4198-4648-BEC9-E8C2415B530D} => C:\Program Files (x86)\City Interactive\Terrorist Takedown Payback\payback.exe
Task: {63E7BE04-368D-4D72-8C67-64284A615949} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {69DDC782-C494-49BC-8C5F-664F9E691A5F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-22] (Adobe Systems Incorporated)
Task: {6D84E08E-BBC3-48D0-BB64-63DA04DB1E82} - System32\Tasks\{019D73E5-6976-4EF7-9D3A-61AD4FAAD5B0} => pcalua.exe -a C:\Users\FFF\Desktop\redist\vcredist_x64.exe -d C:\Users\FFF\Desktop\redist
Task: {9D56BE60-4C19-4AD5-95FC-CE723E5C8785} - System32\Tasks\{88F2190C-D92B-4797-AEAD-546049956CE2} => C:\Program Files (x86)\City Interactive\Terrorist Takedown Payback\payback.exe
Task: {AEAE18AE-5ECB-44AD-BA0C-38F166576600} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06] (Google Inc.)
Task: {AF100B36-0C32-44D0-BC91-F77DABBFC650} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-06] (Google Inc.)
Task: {B2EA0E6F-1F93-4BBA-A487-EAD5A93C84E0} - System32\Tasks\{77D7BFFE-FC89-42E2-9875-3F997CCC9B6D} => C:\Program Files (x86)\City Interactive\Terrorist Takedown Payback\payback.exe
Task: {B5B3588D-3F66-4DBE-B0DF-96D8BFF7224B} - System32\Tasks\{092B5FAF-4A1D-42A1-AF7D-2023A4ED1C9D} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {C988B702-B8CA-49F1-A005-CA3E17F4A435} - System32\Tasks\{EEFA607D-6A60-420A-B579-B75824B6FE39} => C:\Program Files (x86)\City Interactive\Terrorist Takedown Payback\payback.exe
Task: {D2E76710-EEF9-4A89-B642-EF6B45774C0A} - System32\Tasks\{831A7302-AA31-4620-9750-DDE6C51B222F} => Firefox.exe hxxp://ui.skype.com/ui/0/6.9.0.106/ru/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {E699BC26-4C8D-4F8E-A7C5-6C5F057E2533} - System32\Tasks\{36BBFE1F-6956-4886-BB93-985FC120CE3B} => pcalua.exe -a "E:\T-Online 6.0\Installation starten_wpf.exe" -d "E:\T-Online 6.0"
Task: {F2DAEA2A-8A6D-45B1-A31A-579221EAB0C8} - System32\Tasks\{58B23C48-C542-484E-8A22-B74E77A98829} => pcalua.exe -a "C:\Users\FFF\Desktop\OpenOffice 4.0.1 (de) Installation Files\setup.exe" -d "C:\Users\FFF\Desktop\OpenOffice 4.0.1 (de) Installation Files"
Task: {FE2C1D2C-DE8E-4642-AECC-68E6704CD856} - System32\Tasks\{C6247F17-AA3F-40EF-816D-4F0A3155FE6A} => pcalua.exe -a "C:\Program Files (x86)\OpenOffice 4\program\swriter.exe" -d C:\Users\FFF\Desktop -c -o "C:\Users\FFF\Desktop\Bewerbung_RECA_NORM_.odt"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-02-22 22:34 - 2015-02-04 04:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-08-10 17:01 - 2009-08-10 17:01 - 00626208 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-08-10 17:00 - 2009-08-10 17:00 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-08-10 17:01 - 2009-08-10 17:01 - 00578592 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2009-08-10 17:01 - 2009-08-10 17:01 - 00206880 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-1248109876-1353936587-661878644-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1248109876-1353936587-661878644-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1248109876-1353936587-661878644-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\FFF\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1248109876-1353936587-661878644-500 - Administrator - Disabled)
FFF (S-1-5-21-1248109876-1353936587-661878644-1000 - Administrator - Enabled) => C:\Users\FFF
Guest (S-1-5-21-1248109876-1353936587-661878644-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1248109876-1353936587-661878644-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 33%
Total physical RAM: 3839.24 MB
Available physical RAM: 2556.72 MB
Total Pagefile: 7676.66 MB
Available Pagefile: 6246.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:42.6 GB) NTFS
Drive d: (Archive) (Fixed) (Total:200.43 GB) (Free:147.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 85876B75)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Alt 30.03.2015, 21:54   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab - Standard

"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab


FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Extension: Avira Browser Safety - C:\Users\FFF\AppData\Roaming\Mozilla\Firefox\Profiles\tndm3psf.default\Extensions\abs@avira.com [2015-03-25]
FF Extension: Download Protect - C:\Windows\Installer\{3A878A58-3A5A-4239-ACDE-156B659F3450}\{6D93C79F-A73E-4468-B47C-8CE13C383B1D}.xpi [2015-03-27]
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR DefaultSearchURL: Default -> hxxp://www.mystartsearch.com/web/?type=ds&ts=1427059220&from=cor&uid=3219913727_67194_90E6FBFE&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [Not Found]
CHR HKU\S-1-5-21-1248109876-1353936587-661878644-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [Not Found]
CHR HKU\S-1-5-21-1248109876-1353936587-661878644-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jbaaieplnliapedmcbfgfijinolepige] - C:\Users\FFF\AppData\Local\CRE\jbaaieplnliapedmcbfgfijinolepige.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aaokmnpaoippoclepikifeegeknpopea] - C:\Program Files (x86)\ResultsAlpha\aaokmnpaoippoclepikifeegeknpopea.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jbaaieplnliapedmcbfgfijinolepige] - C:\Users\FFF\AppData\Local\CRE\jbaaieplnliapedmcbfgfijinolepige.crx [Not Found]
HKU\S-1-5-21-1248109876-1353936587-661878644-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1248109876-1353936587-661878644-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
Task: {452687E7-13B3-4412-9F77-57F143714177} - \temp_Feven Pro 1.2-enabler No Task File <==== ATTENTION
C:\ProgramData\pclunst.exe
C:\Program Files (x86)\PallySoftAddon
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 31.03.2015, 19:14   #8
S.Jansen
 
"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab - Standard

"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab


Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by FFF at 2015-03-31 20:05:54 Run:1
Running from C:\Users\FFF\Desktop
Loaded Profiles: FFF (Available profiles: FFF)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Extension: Avira Browser Safety - C:\Users\FFF\AppData\Roaming\Mozilla\Firefox\Profiles\tndm3psf.default\Extensions\abs@avira.com [2015-03-25]
FF Extension: Download Protect - C:\Windows\Installer\{3A878A58-3A5A-4239-ACDE-156B659F3450}\{6D93C79F-A73E-4468-B47C-8CE13C383B1D}.xpi [2015-03-27]
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR DefaultSearchURL: Default -> hxxp://www.mystartsearch.com/web/?type=ds&ts=1427059220&from=cor&uid=3219913727_67194_90E6FBFE&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [Not Found]
CHR HKU\S-1-5-21-1248109876-1353936587-661878644-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [Not Found]
CHR HKU\S-1-5-21-1248109876-1353936587-661878644-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jbaaieplnliapedmcbfgfijinolepige] - C:\Users\FFF\AppData\Local\CRE\jbaaieplnliapedmcbfgfijinolepige.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aaokmnpaoippoclepikifeegeknpopea] - C:\Program Files (x86)\ResultsAlpha\aaokmnpaoippoclepikifeegeknpopea.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [camijhkahcckljhgpgfgglbegedoepda] - C:\Program Files (x86)\PallySoftAddon\PallySoftAddon-crx.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jbaaieplnliapedmcbfgfijinolepige] - C:\Users\FFF\AppData\Local\CRE\jbaaieplnliapedmcbfgfijinolepige.crx [Not Found]
HKU\S-1-5-21-1248109876-1353936587-661878644-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1248109876-1353936587-661878644-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
Task: {452687E7-13B3-4412-9F77-57F143714177} - \temp_Feven Pro 1.2-enabler No Task File <==== ATTENTION
C:\ProgramData\pclunst.exe
C:\Program Files (x86)\PallySoftAddon
EmptyTemp:
         
*****************

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\FFF\AppData\Roaming\Mozilla\Firefox\Profiles\tndm3psf.default\Extensions\abs@avira.com => Moved successfully.
C:\Windows\Installer\{3A878A58-3A5A-4239-ACDE-156B659F3450}\{6D93C79F-A73E-4468-B47C-8CE13C383B1D}.xpi => Moved successfully.
Chrome DefaultSearchKeyword not detected.
Chrome DefaultSearchURL not detected.
"HKLM\SOFTWARE\Google\Chrome\Extensions\camijhkahcckljhgpgfgglbegedoepda" => Key deleted successfully.
"HKU\S-1-5-21-1248109876-1353936587-661878644-1000\SOFTWARE\Google\Chrome\Extensions\camijhkahcckljhgpgfgglbegedoepda" => Key deleted successfully.
"HKU\S-1-5-21-1248109876-1353936587-661878644-1000\SOFTWARE\Google\Chrome\Extensions\jbaaieplnliapedmcbfgfijinolepige" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaokmnpaoippoclepikifeegeknpopea" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\camijhkahcckljhgpgfgglbegedoepda" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbaaieplnliapedmcbfgfijinolepige" => Key deleted successfully.
"HKU\S-1-5-21-1248109876-1353936587-661878644-1000\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-1248109876-1353936587-661878644-1000\Software\Classes\.exe" => Key deleted successfully.
HKU\S-1-5-21-1248109876-1353936587-661878644-1000\Software\Classes\exefile => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{452687E7-13B3-4412-9F77-57F143714177}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{452687E7-13B3-4412-9F77-57F143714177}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\temp_Feven Pro 1.2-enabler" => Key deleted successfully.
C:\ProgramData\pclunst.exe => Moved successfully.
C:\Program Files (x86)\PallySoftAddon => Moved successfully.
EmptyTemp: => Removed 247.3 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 20:06:11 ====

Alt 31.03.2015, 21:29   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab - Standard

"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab


Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.04.2015, 08:53   #10
S.Jansen
 
"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab - Standard

"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 01.04.2015
Suchlauf-Zeit: 09:05:02
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.4.1018
Malware Datenbank: v2015.04.01.05
Rootkit Datenbank: v2015.03.31.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: FFF

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 349362
Verstrichene Zeit: 26 Min, 36 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 10
PUP.Optional.Ominent.A, HKLM\SOFTWARE\CLASSES\APPID\{9A246976-806F-4B2E-B3B9-A9A58F5685AA}, In Quarantäne, [0663085f94f637ff31ddb67e10f31ae6], 
PUP.Optional.Ominent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{9A246976-806F-4B2E-B3B9-A9A58F5685AA}, In Quarantäne, [0663085f94f637ff31ddb67e10f31ae6], 
PUP.Optional.Ominent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{9A246976-806F-4B2E-B3B9-A9A58F5685AA}, In Quarantäne, [0663085f94f637ff31ddb67e10f31ae6], 
PUP.Optional.weDownload.A, HKLM\SOFTWARE\WOW6432NODE\weDownload Ltd, In Quarantäne, [4821c1a6a5e5a591f11e25e5ef159769], 
PUP.Optional.Feven.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Feven Pro 1.2, In Quarantäne, [4326c89f2c5ee84ea1abec03c83b56aa], 
PUP.Optional.HQVideo.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\HQ-Video-Profession-1.3, In Quarantäne, [7aef8ddabbcf270f2c5013324eb7b947], 
PUP.Optional.Ominent.A, HKU\S-1-5-21-1248109876-1353936587-661878644-1000\SOFTWARE\ominent, In Quarantäne, [74f5333429613bfb0ddd32fb44c1f907], 
PUP.Optional.weDownload.A, HKU\S-1-5-21-1248109876-1353936587-661878644-1000\SOFTWARE\weDownload Ltd, In Quarantäne, [06630f58fa902d0935d9a961c44019e7], 
PUP.Optional.Feven.A, HKU\S-1-5-21-1248109876-1353936587-661878644-1000\SOFTWARE\APPDATALOW\SOFTWARE\Feven Pro 1.2, In Quarantäne, [bcad40271773a492ea62628def14659b], 
PUP.Optional.HQVideo.A, HKU\S-1-5-21-1248109876-1353936587-661878644-1000\SOFTWARE\APPDATALOW\SOFTWARE\HQ-Video-Profession-1.3, In Quarantäne, [6009c7a0701af442e9939ca9fb0aea16], 

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 1
PUP.Optional.DownloadProtect.A, C:\Program Files (x86)\{E8EA4F73-47E4-4D14-B796-5165AB490642}\{468C9ACF-8E75-4693-92FD-D6B327ACBB72}.bin, In Quarantäne, [afba80e797f371c5edf28ebf7c848e72], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Alt 01.04.2015, 08:54   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab - Standard

"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab


Ein paar Adwarereste. Fehlt noch ESET.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.04.2015, 12:20   #12
S.Jansen
 
"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab - Standard

"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=481c0b9b8bdede4ca628d625ee6114dc
# engine=23181
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-01 11:12:36
# local_time=2015-04-01 01:12:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 12015 179516606 0 0
# scanned=164032
# found=17
# cleaned=0
# scan_time=11415
sh=47E1AAB49E4BBE6ED704F804A4B402ACA07D74FE ft=1 fh=d4dd8a748ee934d3 vn="MSIL/Tuguu.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\LTV.exe.vir"
sh=7CAB17C5B533FCD0A5582B08E30FD6C6B5C8CDF8 ft=1 fh=14f824016f53b019 vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\NewPlayer.exe.vir"
sh=9151592DCBBBA22DA88A7D1EB5CB8DCD422C11A8 ft=1 fh=7f79c4a3570c96e6 vn="MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe.vir"
sh=5416A12A9D3D9A4BCC4D675EB6013F1881C66616 ft=1 fh=98db3d886a06d0e8 vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NewPlayer\references\NewPlayerChecker.exe.vir"
sh=F31865EF3A19C7F0CB1D36B99664EC27385509AE ft=1 fh=f11adafce7b66cfc vn="Win32/Webprefix.D Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\dlprotect.exe.vir"
sh=1426B95F2619E462F812F6807C88694DF9FBECE7 ft=1 fh=a10496de67a69999 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\FFF\AppData\Local\DownloadGuide\Offers\mconduitinstaller.exe.vir"
sh=D7ABEEB4E72E0013902B6844A883D96568E5C771 ft=1 fh=cf3893c7060dff75 vn="Win32/Packed.Autoit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\FFF\AppData\Local\DownloadGuide\Offers\schnaeppchenfuchs.exe.vir"
sh=A5B14941FCD21F0A0F712847036A39ACCFD01166 ft=1 fh=b5688d2eab67b337 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\FFF\AppData\Local\DownloadGuide\Offers\vis-pro.exe.vir"
sh=D8F10BDFCF1D7203A10EDD44BFA91E63429F7509 ft=1 fh=125879de58b34aa1 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\FFF\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=05087CE1DDEE9CC2507968E9D27177DA78F56B9D ft=1 fh=0b26caec8f224381 vn="Win32/Toolbar.Babylon.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\FFF\AppData\Roaming\BabSolution\Shared\BUSolution.dll.vir"
sh=F20706A9B888448861C383310BD9F47BBE099563 ft=1 fh=8875adce3e5b5647 vn="Variante von Win64/Agent.BR Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\api.ms-win-core-util-l1-1-0.exe.vir"
sh=8CB9677757DBDB34A13C4D9A2FC3930583E1047E ft=1 fh=aba60da5c51504d9 vn="Win64/Agent.BR Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\DlProtectSvc.exe.vir"
sh=9191E9AF35771555FA05D6F0284FBAB952D7CAA8 ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Windows\Installer\{5631885D-A0AC-4164-AB21-87494AE25397}\cldmjpfkbjmblelgifjfgcodaocdkklabrx"
sh=7C2A05C586EB74F4417E52A816219F181C5127EC ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Windows\Installer\{76B3F085-2E14-4C69-9BE8-69FFF55778B0}\chpeigmcohokfbdadjohbinlnjikjkbbprx"
sh=E0BCD477630A00568D8AA1EED4AB4E7B75582E17 ft=0 fh=0000000000000000 vn="JS/GFilter.A Trojaner" ac=I fn="C:\Windows\Installer\{80566DD0-A176-4A89-985E-FC6D5B5D3760}\cceeeokgobmjdcdcfghofgeaojmhfpcmcrx"
sh=811981133E0973238AF8C4B1E74A80FE90AADA20 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="D:\FFF-PC\Backup Set 2015-03-18 143830\Backup Files 2015-03-18 143830\Backup files 1.zip"
sh=5A813DE673149DC9D3FD4259148320082A665F2C ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\FFF-PC\Backup Set 2015-03-18 143830\Backup Files 2015-03-18 143830\Backup files 5.zip"

Alt 01.04.2015, 12:29   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab - Standard

"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab


FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Windows\Installer\{5631885D-A0AC-4164-AB21-87494AE25397}
C:\Windows\Installer\{76B3F085-2E14-4C69-9BE8-69FFF55778B0}
C:\Windows\Installer\{80566DD0-A176-4A89-985E-FC6D5B5D3760}
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.04.2015, 12:45   #14
S.Jansen
 
"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab - Standard

"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab


Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by FFF at 2015-04-01 13:38:16 Run:2
Running from C:\Users\FFF\Desktop
Loaded Profiles: FFF (Available profiles: FFF)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Windows\Installer\{5631885D-A0AC-4164-AB21-87494AE25397}
C:\Windows\Installer\{76B3F085-2E14-4C69-9BE8-69FFF55778B0}
C:\Windows\Installer\{80566DD0-A176-4A89-985E-FC6D5B5D3760}
EmptyTemp:
         
*****************

C:\Windows\Installer\{5631885D-A0AC-4164-AB21-87494AE25397} => Moved successfully.
C:\Windows\Installer\{76B3F085-2E14-4C69-9BE8-69FFF55778B0} => Moved successfully.
C:\Windows\Installer\{80566DD0-A176-4A89-985E-FC6D5B5D3760} => Moved successfully.
EmptyTemp: => Removed 254.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 13:38:30 ====

Alt 01.04.2015, 12:59   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab - Standard

"Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab


Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 1 von 2 1 2

Themen zu "Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab
aufbau, befall, browser, erhalte, erstellen, explorer, fehler, gmer, internet, internet explorer, internet explorer11 kein update möglich, kein update, komische, log, länger, melde, meldet, nicht geöffnet., nicht mehr, runter, spiele, start, stürzen, telekom, update, virenbefall, windows, windows 7


« WINDOWS 7: C:\PROGRA~2\SEARCH~2\SEARCH~1\bin\VC32LO~1.DLL - ungültiges Bild | Virus aber Programm findet nichts »


Ähnliche Themen: "Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab


  1. Windows 7 32 Bit: Kein abgesicherter Modus, Kein Avast möglich, WIN-Update streikt USW.
    Plagegeister aller Art und deren Bekämpfung - 30.06.2015 (16)
  2. Windows 7: Mail Verbindungsprobleme, Internet-Vernindingsprobleme, Update/Reperatur nich möglich
    Log-Analyse und Auswertung - 02.02.2015 (5)
  3. Internet Explorer öffnet Pup ups von "lpcloudbox" nach Installation von FreeYoutubeDownloader "update"
    Log-Analyse und Auswertung - 07.09.2014 (5)
  4. Windows 8: Nach 'Java-Update', Explorer mit "Websearcher.com"-Virus befallen
    Log-Analyse und Auswertung - 04.08.2014 (16)
  5. Browser langsam, Internet stark beeinträchtigt, Spiele/streams nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 27.05.2014 (1)
  6. Nach Virenbefall kein Internet und teilweise kein Netzwerk mehr
    Plagegeister aller Art und deren Bekämpfung - 08.01.2014 (3)
  7. Kein installieren der Sicherheitsupdates Bei Windows Update möglich
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (19)
  8. Nach Virenbefall kein Starten von IE sowie Firefox mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 03.05.2012 (2)
  9. Bei Windows7 start - 2 mal Internet Explorer und 1 mal Windows Explorer "Desktop Weg"
    Plagegeister aller Art und deren Bekämpfung - 30.03.2012 (11)
  10. Avast- kein Avast Internet Security-Programm Update möglich 29.02.2012
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (3)
  11. Keine Anmeldung bei Windows mehr möglich. Passwort feld fehlt. Kein Internet mehr. Kein Admin mehr.
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (5)
  12. Kein update für Antivir und Windows, kein Virusscan möglich
    Plagegeister aller Art und deren Bekämpfung - 22.12.2010 (0)
  13. Windows 7 - 80072EFE - kein Windows Update mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 02.09.2010 (15)
  14. Internet Explorer: Kein Serverzugriff wg. "Malicious Acitivity"
    Plagegeister aller Art und deren Bekämpfung - 02.09.2010 (22)
  15. Antivir oder avast kein update mehr möglich (programme stürzen oft ab)
    Antiviren-, Firewall- und andere Schutzprogramme - 11.04.2009 (1)
  16. kein windows & antivir update mehr möglich - antivir findet nichts "böses"
    Plagegeister aller Art und deren Bekämpfung - 02.12.2008 (1)
  17. windows-update geht nicht und kein downloads auf microsoft-site möglich
    Plagegeister aller Art und deren Bekämpfung - 28.11.2008 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema "Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab - Hallo! Hatte mir den Browser 7 der Telekom runter geladen. Danach hatte ich komische E-mails erhalten (zB. DHL).Habe die Anhänge aber nicht geöffnet. Mittlerweile habe ich den Browser 7 wieder - "Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab...
Archiv
Du betrachtest: "Windows 7, Virenbefall, Internet Explorer 11 kein Update möglich,Spiele bei Origin stürzen ab auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19