Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7, Google Chrome, neue Tabs (Werbung) öffnet sich dauernd beim Surfen (https://www.trojaner-board.de/156088-windows-7-google-chrome-neue-tabs-werbung-oeffnet-dauernd-beim-surfen.html)

Andreaas 04.07.2014 12:34
Windows 7, Google Chrome, neue Tabs (Werbung) öffnet sich dauernd beim Surfen
 
hey Leute, ich habe das Problem, dass sich dauernd neue Tabs mit Werbung öffnen.
Sie öffnen sich hauptsächlich beim Öffnen von andren Seiten. D.h. der angeklickte Link + irgendeine Werbung öffnen sich. Auch wenn ich gerade neu auf www.google.de gehe, etwas eingeben möchte, öffnet sich Werbung bei nicht mal zu ende geschriebenen Suchtext.

Ich habe hier auf dieser Seite mich etwas informiert und schon einen Scan durchgeführt.

FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014
Ran by Admin (administrator) on ADMIN-PC on 04-07-2014 13:23:02
Running from C:\Users\Admin\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\RrFilter\RrFilterService64.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\Admin\AppData\Local\pgcchelper\pgcchelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Samurize.com) C:\Program Files (x86)\Samurize\Client.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\cscript.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Sandboxie <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKU\S-1-5-21-864206691-1170183234-3533522826-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-864206691-1170183234-3533522826-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-864206691-1170183234-3533522826-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-864206691-1170183234-3533522826-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-864206691-1170183234-3533522826-1000\...\Run: [SpeedUpMyComputer] => C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as
HKU\S-1-5-21-864206691-1170183234-3533522826-1000\...\Run: [LiveSupport] => "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
HKU\S-1-5-21-864206691-1170183234-3533522826-1000\...\Run: [FixMyRegistry] => C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss
HKU\S-1-5-21-864206691-1170183234-3533522826-1000\...\Run: [pgcchelper] => C:\Users\Admin\AppData\Local\pgcchelper\pgcchelper.exe [465920 2013-08-21] ()
HKU\S-1-5-21-864206691-1170183234-3533522826-1000\...\MountPoints2: K - K:\Setup.exe
HKU\S-1-5-21-864206691-1170183234-3533522826-1000\...\MountPoints2: {9aa10367-d36e-11e1-8b2b-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-864206691-1170183234-3533522826-1000\...\MountPoints2: {fa2e8a21-d7e2-11e1-815d-c860006274bb} - K:\setup.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [220992 2014-06-26] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [182080 2014-06-26] (Client Connect LTD)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Client - Verknüpfung.lnk
ShortcutTarget: Client - Verknüpfung.lnk -> C:\Program Files (x86)\Samurize\Client.exe (Samurize.com)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.exe.lnk
ShortcutTarget: Rainmeter.exe.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avsinit.vbs ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\bcb2init.vbs ()

==================== Internet (Whitelisted) ====================

ProxyServer: 127.0.0.1:8082
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.b1.org/?bsrc=hmior&chid=c162341
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3318522&octid=EB_ORIGINAL_CTID&ISID=M84AEE799-3C92-4BB4-B3D4-1507D300FCB6&SearchSource=55&CUI=&UM=5&UP=SP0362F3D6-664B-4F53-B9E4-8B009C920A6A&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1389876884&from=amt&uid=ST3320820AS_5QF1SBP5XXXX5QF1SBP5
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://www1.delta-search.com/?affID=121631&tt=gc_&babsrc=HP_ss&mntrId=7EF000FFB18F0BCF
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page Before = hxxp://search.b1.org/?bsrc=hmior&chid=c162341
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389876884&from=amt&uid=ST3320820AS_5QF1SBP5XXXX5QF1SBP5&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1389876884&from=amt&uid=ST3320820AS_5QF1SBP5XXXX5QF1SBP5
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1389876884&from=amt&uid=ST3320820AS_5QF1SBP5XXXX5QF1SBP5
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1389876884&from=amt&uid=ST3320820AS_5QF1SBP5XXXX5QF1SBP5&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389876884&from=amt&uid=ST3320820AS_5QF1SBP5XXXX5QF1SBP5&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1389876884&from=amt&uid=ST3320820AS_5QF1SBP5XXXX5QF1SBP5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1389876884&from=amt&uid=ST3320820AS_5QF1SBP5XXXX5QF1SBP5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1389876884&from=amt&uid=ST3320820AS_5QF1SBP5XXXX5QF1SBP5&q={searchTerms}
URLSearchHook: HKLM-x32 - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1389876884&from=amt&uid=ST3320820AS_5QF1SBP5XXXX5QF1SBP5
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389876884&from=amt&uid=ST3320820AS_5QF1SBP5XXXX5QF1SBP5&q={searchTerms}
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389876884&from=amt&uid=ST3320820AS_5QF1SBP5XXXX5QF1SBP5&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389876884&from=amt&uid=ST3320820AS_5QF1SBP5XXXX5QF1SBP5&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389876884&from=amt&uid=ST3320820AS_5QF1SBP5XXXX5QF1SBP5&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3318522&octid=EB_ORIGINAL_CTID&ISID=M84AEE799-3C92-4BB4-B3D4-1507D300FCB6&SearchSource=58&CUI=&UM=5&UP=SP0362F3D6-664B-4F53-B9E4-8B009C920A6A&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3318522&octid=EB_ORIGINAL_CTID&ISID=M84AEE799-3C92-4BB4-B3D4-1507D300FCB6&SearchSource=58&CUI=&UM=5&UP=SP0362F3D6-664B-4F53-B9E4-8B009C920A6A&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://mixidj.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=7EF000FFB18F0BCF&affID=123187&tsp=4957
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389876884&from=amt&uid=ST3320820AS_5QF1SBP5XXXX5QF1SBP5&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3318522&octid=EB_ORIGINAL_CTID&ISID=M84AEE799-3C92-4BB4-B3D4-1507D300FCB6&SearchSource=58&CUI=&UM=5&UP=SP0362F3D6-664B-4F53-B9E4-8B009C920A6A&q={searchTerms}&SSPV=
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6OyO7YrUP2&i=26
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll (SIEN)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: RrSavings - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\Rr Savings\RrSavings.dll ()
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {8984B388-A5BB-4DF7-B274-77B879E179DB} -  No File
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll (SIEN)
BHO-x32: Kozaka - {a45e3fa8-5048-4372-94ad-c6661671f7fc} - C:\Program Files (x86)\Kozaka\Kozakabho.dll (Kozaka)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - loadtbs - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Admin\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default
FF NewTab: hxxp://search.conduit.com/?gd=&ctid=CT3318522&octid=EB_ORIGINAL_CTID&ISID=M84AEE799-3C92-4BB4-B3D4-1507D300FCB6&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP0362F3D6-664B-4F53-B9E4-8B009C920A6A
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://search.conduit.com/?gd=&ctid=CT3318522&octid=EB_ORIGINAL_CTID&ISID=M84AEE799-3C92-4BB4-B3D4-1507D300FCB6&SearchSource=55&CUI=&UM=5&UP=SP0362F3D6-664B-4F53-B9E4-8B009C920A6A&SSPV=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll (InfiniAd GmbH)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\searchplugins\mailru.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\searchplugins\mixidj.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Fast Start - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\Extensions\faststartff@gmail.com [2014-06-14]
FF Extension: RrSavings - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\Extensions\RrSavings@jetpack [2014-05-08]
FF Extension: Live HTTP Headers - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2013-09-17]
FF Extension: Kozaka - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\Extensions\firefox@kozaka.net.xpi [2014-01-16]
FF Extension: ep - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\Extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi [2014-02-20]
FF Extension: Iminent - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\Extensions\webbooster@iminent.com.xpi [2013-07-28]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-03]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\extensions\lightningnewtab@gmail.com.xpi
FF HKCU\...\Firefox\Extensions: [{b5ad6039-a173-4149-9dcf-d04371526253}] - C:\Program Files (x86)\Lyrics_Monkey\131.xpi
FF Extension: Lyrics-Monkey - C:\Program Files (x86)\Lyrics_Monkey\131.xpi [2013-08-29]

Chrome:
=======
CHR HomePage: https://www.google.com/?hl=de
CHR StartupUrls: "https://www.google.com/?hl=de"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (LoadTubes Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (InfiniAd GmbH)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Battlelog Game Launcher) - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (globalUpdate Update) - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
CHR Plugin: (Unity Player) - C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-10]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-10]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-10]
CHR Extension: (Extended Protection) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2014-01-16]
CHR Extension: (Google-Suche) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-10]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-22]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-10]
CHR Extension: (Extutil) - C:\Users\Admin\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-04-22]
CHR Extension: (Extended Protection) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.4_0\ [2014-04-22]
CHR Extension: (Managera) - C:\Users\Admin\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-04-22]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2014-04-22]
CHR HKLM-x32\...\Chrome\Extension: [bodddioamolcibagionmmobehnbhiakf] - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx [2014-04-22]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2014-04-22]
CHR HKLM-x32\...\Chrome\Extension: [hahpjplbmicfkmoccokbjejahjjpnena] - C:\Users\Admin\AppData\Local\B1E\B1Tool.crx [2013-02-04]
CHR HKLM-x32\...\Chrome\Extension: [khialnikbocfgkohdegnebhmmaifoglp] - C:\Program Files (x86)\Lyrics_Monkey\125.crx [2013-02-04]
CHR HKLM-x32\...\Chrome\Extension: [mciekghplkkgcmofonmkmlomhkamochd] - C:\Program Files (x86)\Kozaka\mciekghplkkgcmofonmkmlomhkamochd.crx [2014-01-16]
CHR HKLM-x32\...\Chrome\Extension: [ofnnlhbgdcabppjmlijllkhekcglbjlg] - C:\Program Files (x86)\Lyrics_Monkey\131.crx [2013-08-29]
CHR HKLM-x32\...\Chrome\Extension: [pkndmigholgfjlniaohblojbhgjbkakn] - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-01-16]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2832704 2014-06-26] (Client Connect LTD)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-08] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-29] ()
R2 RrFilterService64; c:\Program Files\RrFilter\RrFilterService64.exe [171008 2014-03-06] () [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [3088192 2014-05-28] (Iminent)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2013-06-24] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-13] (DT Soft Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61736 2014-02-28] (NetFilterSDK.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 ScreamBAudioSvc; system32\drivers\ScreamingBAudio64.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-04 13:23 - 2014-07-04 13:24 - 00029259 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-07-04 13:22 - 2014-07-04 13:23 - 00000000 ____D () C:\FRST
2014-07-04 13:22 - 2014-07-04 13:22 - 02083840 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2014-07-04 12:52 - 2014-07-04 12:52 - 00052361 _____ () C:\Users\Admin\Desktop\mytodolist.gadget
2014-07-04 12:50 - 2014-07-04 12:50 - 00000035 _____ () C:\Users\Admin\Desktop\k.txt
2014-07-03 23:24 - 2014-07-03 23:24 - 00011080 _____ () C:\Users\Admin\Downloads\ninteriors.rar
2014-07-03 22:14 - 2014-07-03 22:14 - 00000000 ____D () C:\ProgramData\Fast And Safe
2014-07-02 22:19 - 2014-07-02 22:19 - 00000000 ____D () C:\ProgramData\Dybuster
2014-07-02 13:18 - 2014-07-02 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dybuster
2014-07-02 13:16 - 2014-07-02 13:16 - 00000000 ____D () C:\Program Files (x86)\Dybuster
2014-06-27 21:07 - 2014-06-27 21:07 - 00000000 ____D () C:\Users\Admin\AppData\Local\pgcchelper
2014-06-27 21:04 - 2014-06-27 21:04 - 00000326 _____ () C:\Windows\Tasks\VStart{A37B472A-8335-449F-9568-43ECC2907F06}.job
2014-06-26 14:39 - 2014-06-26 14:39 - 03510714 _____ () C:\Users\Admin\Desktop\j.psd
2014-06-24 17:08 - 2014-06-24 17:08 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2014-06-21 02:45 - 2014-06-28 00:33 - 00000132 _____ () C:\Users\Admin\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-06-21 01:19 - 2014-06-21 01:19 - 00284054 _____ () C:\Users\Admin\Desktop\Ich heiße Marvin..mp4
2014-06-20 14:31 - 2014-06-20 14:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8c83955d43ea.job
2014-06-19 23:26 - 2014-06-19 23:26 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-19 23:26 - 2014-06-19 23:26 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-06-19 17:52 - 2014-06-19 17:53 - 105870950 _____ () C:\Users\Admin\Desktop\gta_sa 2014-06-19 17-52-51-744.avi
2014-06-16 16:35 - 2014-07-02 15:42 - 00000000 ____D () C:\Users\Admin\Desktop\Finale
2014-06-13 23:41 - 2014-06-13 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-13 18:13 - 2014-06-13 18:13 - 01199079 _____ () C:\Windows\unins000.exe
2014-06-10 23:52 - 2014-07-03 22:14 - 00000000 ____D () C:\ProgramData\374311380
2014-06-10 23:50 - 2014-06-27 21:09 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-06-10 23:50 - 2014-06-27 21:08 - 00002086 _____ () C:\Users\UpdatusUser\Desktop\AppsHat.lnk
2014-06-10 23:50 - 2014-06-27 21:08 - 00002086 _____ () C:\Users\Gast\Desktop\AppsHat.lnk
2014-06-10 23:50 - 2014-06-27 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppsHat
2014-06-10 23:50 - 2014-06-10 23:55 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
2014-06-10 23:50 - 2014-06-10 23:50 - 00001428 _____ () C:\Windows\Tasks\1e4b86f6-2752-4a22-afa3-8ff12b092ef1-5.job
2014-06-10 23:50 - 2014-06-10 23:50 - 00000000 ____D () C:\Users\Admin\AppData\Local\globalUpdate
2014-06-09 03:30 - 2014-06-09 03:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WorldOfSanAndreas

==================== One Month Modified Files and Folders =======

2014-07-04 13:24 - 2014-07-04 13:23 - 00029259 _____ () C:\Users\Admin\Downloads\FRST.txt
2014-07-04 13:23 - 2014-07-04 13:22 - 00000000 ____D () C:\FRST
2014-07-04 13:23 - 2012-07-22 18:19 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-07-04 13:22 - 2014-07-04 13:22 - 02083840 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2014-07-04 13:22 - 2014-05-08 21:45 - 00000000 ____D () C:\Program Files\RrFilter
2014-07-04 13:06 - 2009-07-14 06:51 - 00135524 _____ () C:\Windows\setupact.log
2014-07-04 12:59 - 2014-04-07 17:33 - 00000196 _____ () C:\Windows\Tasks\SidebarExecute.job
2014-07-04 12:52 - 2014-07-04 12:52 - 00052361 _____ () C:\Users\Admin\Desktop\mytodolist.gadget
2014-07-04 12:51 - 2009-07-14 06:45 - 00023680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-04 12:51 - 2009-07-14 06:45 - 00023680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-04 12:50 - 2014-07-04 12:50 - 00000035 _____ () C:\Users\Admin\Desktop\k.txt
2014-07-04 12:47 - 2012-07-21 22:02 - 01471113 _____ () C:\Windows\WindowsUpdate.log
2014-07-04 12:39 - 2012-07-22 20:48 - 00000000 ____D () C:\Users\Admin\AppData\Local\LogMeIn Hamachi
2014-07-04 12:38 - 2012-07-21 22:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-03 23:32 - 2012-07-27 17:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TS3Client
2014-07-03 23:24 - 2014-07-03 23:24 - 00011080 _____ () C:\Users\Admin\Downloads\ninteriors.rar
2014-07-03 22:47 - 2012-08-31 00:02 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2014-07-03 22:14 - 2014-07-03 22:14 - 00000000 ____D () C:\ProgramData\Fast And Safe
2014-07-03 22:14 - 2014-06-10 23:52 - 00000000 ____D () C:\ProgramData\374311380
2014-07-03 16:09 - 2014-04-29 18:15 - 00000000 ____D () C:\Users\Admin\Documents\Bandicam
2014-07-02 22:19 - 2014-07-02 22:19 - 00000000 ____D () C:\ProgramData\Dybuster
2014-07-02 15:42 - 2014-06-16 16:35 - 00000000 ____D () C:\Users\Admin\Desktop\Finale
2014-07-02 13:18 - 2014-07-02 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dybuster
2014-07-02 13:16 - 2014-07-02 13:16 - 00000000 ____D () C:\Program Files (x86)\Dybuster
2014-06-30 15:56 - 2014-04-22 20:32 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-06-28 23:36 - 2014-06-01 12:54 - 00001552 _____ () C:\Windows\Sandboxie.ini
2014-06-28 12:20 - 2010-11-21 05:47 - 00823450 _____ () C:\Windows\PFRO.log
2014-06-28 00:33 - 2014-06-21 02:45 - 00000132 _____ () C:\Users\Admin\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-06-27 21:09 - 2014-06-10 23:50 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-06-27 21:08 - 2014-06-10 23:50 - 00002086 _____ () C:\Users\UpdatusUser\Desktop\AppsHat.lnk
2014-06-27 21:08 - 2014-06-10 23:50 - 00002086 _____ () C:\Users\Gast\Desktop\AppsHat.lnk
2014-06-27 21:08 - 2014-06-10 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppsHat
2014-06-27 21:07 - 2014-06-27 21:07 - 00000000 ____D () C:\Users\Admin\AppData\Local\pgcchelper
2014-06-27 21:04 - 2014-06-27 21:04 - 00000326 _____ () C:\Windows\Tasks\VStart{A37B472A-8335-449F-9568-43ECC2907F06}.job
2014-06-26 14:39 - 2014-06-26 14:39 - 03510714 _____ () C:\Users\Admin\Desktop\j.psd
2014-06-26 14:08 - 2013-07-16 14:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-25 20:18 - 2012-08-12 22:36 - 00000000 ____D () C:\ProgramData\MTA San Andreas All
2014-06-24 17:08 - 2014-06-24 17:08 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2014-06-24 17:08 - 2012-07-21 23:16 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-06-24 17:08 - 2012-07-21 23:14 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-06-24 13:23 - 2013-08-06 13:48 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-21 18:45 - 2012-07-22 23:32 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-06-21 18:45 - 2012-07-22 23:16 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-06-21 18:37 - 2012-07-22 23:16 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-06-21 18:35 - 2013-08-25 00:01 - 00000000 ____D () C:\ProgramData\Origin
2014-06-21 18:35 - 2013-08-25 00:01 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-21 01:19 - 2014-06-21 01:19 - 00284054 _____ () C:\Users\Admin\Desktop\Ich heiße Marvin..mp4
2014-06-20 14:31 - 2014-06-20 14:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8c83955d43ea.job
2014-06-20 14:27 - 2009-07-14 06:45 - 05307544 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-20 00:01 - 2012-08-17 19:14 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TeamViewer
2014-06-19 23:48 - 2012-07-22 11:14 - 00230472 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-19 23:26 - 2014-06-19 23:26 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-19 23:26 - 2014-06-19 23:26 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-06-19 17:53 - 2014-06-19 17:52 - 105870950 _____ () C:\Users\Admin\Desktop\gta_sa 2014-06-19 17-52-51-744.avi
2014-06-18 23:41 - 2012-09-05 19:15 - 00000000 ___RD () C:\Games
2014-06-14 18:53 - 2012-09-03 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-13 23:41 - 2014-06-13 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-13 22:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-06-13 18:13 - 2014-06-13 18:13 - 01199079 _____ () C:\Windows\unins000.exe
2014-06-13 18:13 - 2014-04-21 14:33 - 00047177 _____ () C:\Windows\unins000.dat
2014-06-12 21:47 - 2013-08-03 12:24 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.minecraft
2014-06-10 23:55 - 2014-06-10 23:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
2014-06-10 23:50 - 2014-06-10 23:50 - 00001428 _____ () C:\Windows\Tasks\1e4b86f6-2752-4a22-afa3-8ff12b092ef1-5.job
2014-06-10 23:50 - 2014-06-10 23:50 - 00000000 ____D () C:\Users\Admin\AppData\Local\globalUpdate
2014-06-10 21:49 - 2014-05-08 21:44 - 00000000 ____D () C:\Program Files\002
2014-06-09 03:30 - 2014-06-09 03:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WorldOfSanAndreas
2014-06-09 01:57 - 2014-05-01 01:01 - 00001456 _____ () C:\Users\Admin\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-06-07 15:43 - 2012-07-24 20:12 - 00000000 ____D () C:\Program Files\Fraps

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\557c13c533bfdd1761c174b40f524a4b.dll
C:\Users\Admin\AppData\Local\Temp\appshat_generic.exe
C:\Users\Admin\AppData\Local\Temp\audiowpm.dll
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Admin\AppData\Local\Temp\BackupSetup.exe
C:\Users\Admin\AppData\Local\Temp\bdfilters.dll
C:\Users\Admin\AppData\Local\Temp\Caramava_bs.exe
C:\Users\Admin\AppData\Local\Temp\dbcclient.exe
C:\Users\Admin\AppData\Local\Temp\e6507bb91ec0093513dc172b1d5b9640.dll
C:\Users\Admin\AppData\Local\Temp\f.exe
C:\Users\Admin\AppData\Local\Temp\Falcon_1151.exe
C:\Users\Admin\AppData\Local\Temp\FixMyRegistry.exe
C:\Users\Admin\AppData\Local\Temp\htmlayout.dll
C:\Users\Admin\AppData\Local\Temp\instloffer.exe
C:\Users\Admin\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.4-R2.0-2-g7e1ac0a-b2923jnks.dll
C:\Users\Admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\Launcher_i268223180.exe
C:\Users\Admin\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Admin\AppData\Local\Temp\maBr.dll
C:\Users\Admin\AppData\Local\Temp\mltmp.exe
C:\Users\Admin\AppData\Local\Temp\NGE_Uninstall.exe
C:\Users\Admin\AppData\Local\Temp\nsd5C63.exe
C:\Users\Admin\AppData\Local\Temp\nse8E76.exe
C:\Users\Admin\AppData\Local\Temp\nse9FDB.exe
C:\Users\Admin\AppData\Local\Temp\nseDEFD.exe
C:\Users\Admin\AppData\Local\Temp\nsf568.exe
C:\Users\Admin\AppData\Local\Temp\nsj53AB.exe
C:\Users\Admin\AppData\Local\Temp\nsj57F0.exe
C:\Users\Admin\AppData\Local\Temp\nsj69A1.exe
C:\Users\Admin\AppData\Local\Temp\nsj6D4A.exe
C:\Users\Admin\AppData\Local\Temp\nsoA2D8.exe
C:\Users\Admin\AppData\Local\Temp\nsp865.exe
C:\Users\Admin\AppData\Local\Temp\nspDC2F.exe
C:\Users\Admin\AppData\Local\Temp\nspE1AD.exe
C:\Users\Admin\AppData\Local\Temp\nst717F.exe
C:\Users\Admin\AppData\Local\Temp\nst9192.exe
C:\Users\Admin\AppData\Local\Temp\nst9CDD.exe
C:\Users\Admin\AppData\Local\Temp\nsy950C.exe
C:\Users\Admin\AppData\Local\Temp\nsz1ED.exe
C:\Users\Admin\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Admin\AppData\Local\Temp\PreExe_ID_13667.exe
C:\Users\Admin\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Admin\AppData\Local\Temp\sonarinst.exe
C:\Users\Admin\AppData\Local\Temp\sp-downloader.exe
C:\Users\Admin\AppData\Local\Temp\SpeedUpMyComputer.exe
C:\Users\Admin\AppData\Local\Temp\SPSetup.exe
C:\Users\Admin\AppData\Local\Temp\toolbar.exe
C:\Users\Admin\AppData\Local\Temp\toolbar4772273.exe
C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
C:\Users\Admin\AppData\Local\Temp\Uninstaller-3016.exe
C:\Users\Admin\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Admin\AppData\Local\Temp\utt634B.tmp.exe
C:\Users\Admin\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Admin\AppData\Local\Temp\vstub.exe
C:\Users\Admin\AppData\Local\Temp\VuuPC.exe
C:\Users\Test\AppData\Local\Temp\AskSLib.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-12-25 13:49

==================== End Of Log ============================
--- --- ---


ADDITION

FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2014
Ran by Admin at 2014-07-04 13:24:49
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

«Sleeping Dogs - Limited Edition» v.2.0.434913 (HKLM-x32\...\«Sleeping Dogs - Limited Edition»_is1) (Version:  - SQUARE ENIX)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)
3DMark06 (HKLM-x32\...\{1AE27FE6-05DB-40CB-A29E-2945980ACE27}) (Version: 1.0.2 - Futuremark)
4Story DE 4.2.191 (HKLM-x32\...\4Story_DE_is1) (Version:  - )
Ad4You (HKCU\...\Ad4You) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alliance of Valiant Arms DE (HKLM-x32\...\Alliance of Valiant Arms DE) (Version:  - )
APB Reloaded (HKLM-x32\...\APB Reloaded) (Version: 1.6.1.603578 - )
Ashampoo Burning Studio 6 FREE v.6.80 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.0 - ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{62140B07-129A-2BD0-81D2-2A1A7408ADC8}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Auto Install version 0.5 (HKLM-x32\...\{F9DDB483-E350-4782-9527-59D7ABA4B994}_is1) (Version: 0.5 - Mad Penguin Productions)
AutoHotkey 1.1.13.00 (HKLM\...\AutoHotkey) (Version: 1.1.13.00 - Lexikos)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.0.397 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Brother MFL-Pro Suite DCP-7010 (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Camtasia Studio 8 (HKLM-x32\...\{8F6F7194-0734-4CDA-8C04-6B766F2241A6}) (Version: 8.0.4.1060 - TechSmith Corporation)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
CLEO v3.0.950 (HKLM-x32\...\{8FB91814-FE42-4B62-9B54-4B677A420715}_is1) (Version:  - Seemann (www.sannybuilder.com))
CPUID CPU-Z 1.61.3 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Crytek Studios)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0314 - DT Soft Ltd)
Dybuster OrthographSLde (HKLM-x32\...\{59F17596-7D86-46B2-9824-9E4284E24B91}) (Version: 1.6.1.5 - Dybuster AG)
Eden4SDE version 33852 (HKLM-x32\...\{6C918475-3898-4192-81D4-E083A3DAA871}_is1) (Version: 33852 - Eden4S, Inc.)
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
FilesFrog Update Checker (HKLM-x32\...\FilesFrog Update Checker) (Version:  - ) <==== ATTENTION
FixMyRegistry (HKLM-x32\...\FixMyRegistry) (Version: 38.1 - SmartTweak Software) <==== ATTENTION
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Ghost Recon Phantoms - EU (HKCU\...\d8be6c3f847d7d92) (Version: 1.35.7490.1 - Ubisoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
GTA San Andreas SA-MP Addon, âåðñèÿ 1.31 (HKLM-x32\...\{47E4F6A3-F01C-4538-9925-CAE42C1CF7216}_is1) (Version: 1.31 - SAMP)
IePluginService12.27.0.3326 (HKLM-x32\...\IePlugins) (Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION
Iminent (HKLM-x32\...\IMBoosterARP) (Version: 6.27.21.0 - Iminent) <==== ATTENTION
Iminent (x32 Version: 6.27.21.0 - Iminent) Hidden <==== ATTENTION
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 7.1.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
Kozaka (HKLM\...\Kozaka) (Version: 2014.01.16.002256 - Kozaka) <==== ATTENTION
LibreOffice 4.2 Help Pack (German) (HKLM-x32\...\{DA6AF414-24FA-4815-A4FB-5EFD6173E6F5}) (Version: 4.2.4.2 - The Document Foundation)
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
loadtbs-3.0 (HKLM-x32\...\loadtbs-3.0) (Version:  - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.173 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.173 - LogMeIn, Inc.) Hidden
Lyrics-Monkey (HKLM-x32\...\{a93e33e3-501d-4852-936c-9793e885a889}) (Version:  - LyricsMonkey WebSoft) <==== ATTENTION
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{26055432-339E-4776-803B-F22240B91864}) (Version: 11.1.2 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.1.2 - Red Giant Software) Hidden
MATonline2.1.6.357 (HKLM-x32\...\Mission Against Terror Online_is1) (Version: 2.1.6.357 - Dalian Kingsoft Interactive Entertainment Co., Ltd.)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.318.3 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2010 (HKLM-x32\...\{FA8E7AF5-C70E-3274-9740-9E697FBD5BB7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{DCB46B42-723F-350E-B18A-449BC6C21636}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MinecraftAlpha (HKLM-x32\...\MinecraftAlpha) (Version:  - )
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MTA:SA v1.3.5 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.5 - Multi Theft Auto)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
New Great Effects 1.6 Uninstall (HKLM-x32\...\New Great Effects 1.6 Uninstall) (Version:  - )
Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.5 - )
NVIDIA 3D Vision Controller-Treiber 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.70 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 310.70 - NVIDIA Corporation)
NVIDIA DDS Utilities (HKLM-x32\...\{64963F0E-03F2-4B59-8D1B-1806545E7092}) (Version: 1.0 - )
NVIDIA Grafiktreiber 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.70 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1070 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 310.70 (Version: 310.70 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Pamela RME 2.0 (HKLM-x32\...\MoodEditor) (Version: 2.0 - Scendix Software-Vertriebsges. mbH)
PaperPort (HKLM-x32\...\{A17EABB6-D0C6-44E5-820C-72DC7F495064}) (Version: 9.02.0814 - ScanSoft, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
pgcchelper (HKCU\...\pgcchelper) (Version:  - )
Preset Manager 2.0 (HKLM-x32\...\{FCFE3F81-C977-4D31-877B-2778BB2A02DE}) (Version: 2.0.114 - Sony)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
PvP4story Version 1.5 (HKLM-x32\...\{E1EF3D7C-BED0-4536-9FFA-35F5ED034A34}_is1) (Version: 1.5 - all rights on PvP4story)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 beta r2282 - )
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
RrFilter (Version: 1.0.0.0 - RrFilter) Hidden
rrsavings (HKLM\...\rrsavings) (Version: 2.0.1 - rrsavings) <==== ATTENTION
RrSavings (x32 Version: 1.0.0.0 - RrSavings) Hidden <==== ATTENTION
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
SciTE4AutoHotkey v3.0.05.01 (HKLM-x32\...\SciTE4AutoHotkey) (Version: v3.0.05.01 - fincs)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.15.11.3 - Client Connect LTD) <==== ATTENTION
Serious Samurize (HKLM-x32\...\Serious Samurize) (Version:  - )
Skype Audio Player (remove only) (HKLM-x32\...\SkypePlayer) (Version:  - )
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SupTab (HKLM-x32\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.12 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29480 - TeamViewer)
Technitium MAC Address Changer v6.0.3 (HKLM-x32\...\TMACv6.0) (Version: 6.0.3 - Technitium)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
TS Notifier (HKLM-x32\...\{18B27ADA-8B84-46B4-8310-586C4FDDCF0A}) (Version: 1.5.5001 - Andreas Gebert)
TS3 Overlay (HKLM\...\TS3 Overlay) (Version: v3.2.0 - Rohrbacher Development)
Typograf 5.1e (HKLM-x32\...\Typograf) (Version: 5.1e - Neuber Software)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Vegas Pro 12.0 (64-bit) (HKLM\...\{EEB9EFDE-ED91-11E2-91A8-F04DA23A5C58}) (Version: 12.0.670 - Sony)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Winload Toolbar (HKLM-x32\...\Winload Toolbar) (Version: 6.8.9.0 - Winload)
WinRAR 4.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Xfire (HKLM-x32\...\Xfire) (Version:  - )

==================== Restore Points  =========================

02-07-2014 11:12:16 Dybuster OrthographSLde wird installiert

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {08C860D2-6EA9-45FB-BA34-A1C705A315B5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-22] (Adobe Systems Incorporated)
Task: {4090CB00-49E0-4769-A133-A7C5287C02C1} - System32\Tasks\Lyrics-Monkey Update => C:\Program Files (x86)\Lyrics_Monkey\LyrMonkeyUpd.exe [2013-08-29] () <==== ATTENTION
Task: {7371E096-9287-4D0C-91D6-BE70715AABB5} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2013-06-08] () <==== ATTENTION
Task: {912CAD8F-42CB-4E00-9F3A-2B736636E2EC} - System32\Tasks\AdobeAAMUpdater-1.0-Admin-PC-Admin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {9538EC0B-255E-4868-9B75-CA6BD06AD207} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {C425DB65-B329-4204-9C4B-6389A5DC0FA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-21] (Google Inc.)
Task: {CF5FC69D-F475-4803-BEE7-E67F6D7B23F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-21] (Google Inc.)
Task: C:\Windows\Tasks\1e4b86f6-2752-4a22-afa3-8ff12b092ef1-5.job => C:\Program Files (x86)\Apps Hat\1e4b86f6-2752-4a22-afa3-8ff12b092ef1-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Admin\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8c83955d43ea.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Lyrics-Monkey Update.job => C:\Program Files (x86)\Lyrics_Monkey\LyrMonkeyUpd.exe <==== ATTENTION
Task: C:\Windows\Tasks\RDReminder.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\RunOW.job => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
Task: C:\Windows\Tasks\SidebarExecute.job => C:\Program Files\Windows Sidebar\sidebar.exe
Task: C:\Windows\Tasks\SomotoUpdateCheckerAutoStart.job => C:\Users\Admin\AppData\Local\FilesFrog Update Checker\update_checker.exe
Task: C:\Windows\Tasks\VStart{A37B472A-8335-449F-9568-43ECC2907F06}.job => C:\Users\Admin\AppData\Local\Temp\vstub.exe

==================== Loaded Modules (whitelisted) =============

2012-07-21 22:31 - 2012-12-01 07:49 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-07-25 11:16 - 2012-02-17 21:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2012-07-22 23:16 - 2014-05-29 22:43 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-06 15:52 - 2014-03-06 15:52 - 00171008 _____ () c:\Program Files\RrFilter\RrFilterService64.exe
2014-03-04 13:25 - 2014-03-04 13:25 - 00110080 _____ () c:\Program Files\RrFilter\nfapi.dll
2014-03-04 13:25 - 2014-03-04 13:25 - 00317952 _____ () c:\Program Files\RrFilter\ProtocolFilters.dll
2013-01-23 23:04 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2013-08-21 08:37 - 2013-08-21 08:37 - 00465920 _____ () C:\Users\Admin\AppData\Local\pgcchelper\pgcchelper.exe
2014-02-23 20:14 - 2014-02-23 20:14 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2014-02-23 20:14 - 2014-02-23 20:14 - 00747192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2014-02-23 20:14 - 2014-02-23 20:14 - 00055808 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.DLL
2014-02-23 20:14 - 2014-02-23 20:14 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.DLL
2014-02-23 20:14 - 2014-02-23 20:14 - 00022528 _____ () C:\Program Files\Rainmeter\Plugins\WifiStatus.DLL
2014-02-23 20:14 - 2014-02-23 20:14 - 00023040 _____ () C:\Program Files\Rainmeter\Plugins\Win7AudioPlugin.DLL
2014-02-23 20:14 - 2014-02-23 20:14 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\RecycleManager.DLL
2014-02-23 20:14 - 2014-02-23 20:14 - 00024064 _____ () C:\Program Files\Rainmeter\Plugins\QuotePlugin.DLL
2014-02-23 20:13 - 2014-02-23 20:13 - 00016896 _____ () C:\Program Files\Rainmeter\Plugins\AdvancedCPU.DLL
2014-02-23 20:14 - 2014-02-23 20:14 - 00010752 _____ () C:\Program Files\Rainmeter\Plugins\Process.DLL
2014-02-23 20:14 - 2014-02-23 20:14 - 00022528 _____ () C:\Program Files\Rainmeter\Plugins\InputText.DLL
2014-02-23 20:14 - 2014-02-23 20:14 - 00010240 _____ () C:\Program Files\Rainmeter\Plugins\WindowMessagePlugin.dll
2013-01-23 23:04 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2006-05-14 15:49 - 2006-05-14 15:49 - 00176128 _____ () C:\Program Files (x86)\Samurize\plugins\SpectrumVis.dll
2014-06-12 14:04 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-12 14:04 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-12 14:04 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 14:04 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 14:04 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-12 14:04 - 2014-06-05 15:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
2014-07-04 13:08 - 2014-07-04 13:08 - 00014336 _____ () C:\Users\Admin\AppData\Local\Temp\WDE1CB4.tmp\ml_online.lng
2014-07-04 13:08 - 2014-07-04 13:08 - 00036352 _____ () C:\Users\Admin\AppData\Local\Temp\WDE1CB4.tmp\ombrowser.lng
2013-12-13 04:47 - 2013-12-13 04:47 - 00333824 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Admin\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Admin\AppData\Roaming:NT

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Refresh.lnk => C:\Windows\pss\Refresh.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk => C:\Windows\pss\RocketDock.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^tClock.lnk => C:\Windows\pss\tClock.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UberIcon.lnk => C:\Windows\pss\UberIcon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Winroll.lnk => C:\Windows\pss\Winroll.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^YzShadow.lnk => C:\Windows\pss\YzShadow.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tbhcn.lnk => C:\Windows\pss\tbhcn.lnk.Startup
MSCONFIG\startupreg: 4StoryPrePatch => C:\Games\4Story_DE\PrePatch.exe
MSCONFIG\startupreg: ad4you => C:\Users\Admin\AppData\Roaming\ds.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: BANDICAM => C:\Program Files (x86)\Bandicam\bdcam.exe
MSCONFIG\startupreg: BitTorrent => "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Iminent => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
MSCONFIG\startupreg: IndexSearch => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe
MSCONFIG\startupreg: KPeerNexonEU => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
MSCONFIG\startupreg: LifeOfGerman => C:\Games\GTA San Andreas\Updater\logstartup.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MoodEditor.exe => "C:\Program Files (x86)\Pamela RichMood Editor\MoodEditor.exe"
MSCONFIG\startupreg: NTRedirect => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: PaperPort PTD => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: xwidget => C:\Windows\Lion Skin Pack\xwidget\xwidget.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2014 00:41:31 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (07/04/2014 00:40:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 10:47:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: gta_sa.exe, Version: 0.0.0.0, Zeitstempel: 0x427101ca
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003bc26
ID des fehlerhaften Prozesses: 0x10a4
Startzeit der fehlerhaften Anwendung: 0xgta_sa.exe0
Pfad der fehlerhaften Anwendung: gta_sa.exe1
Pfad des fehlerhaften Moduls: gta_sa.exe2
Berichtskennung: gta_sa.exe3

Error: (07/03/2014 10:45:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: gta_sa.exe, Version: 0.0.0.0, Zeitstempel: 0x427101ca
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003bc26
ID des fehlerhaften Prozesses: 0x109c
Startzeit der fehlerhaften Anwendung: 0xgta_sa.exe0
Pfad der fehlerhaften Anwendung: gta_sa.exe1
Pfad des fehlerhaften Moduls: gta_sa.exe2
Berichtskennung: gta_sa.exe3

Error: (07/03/2014 10:14:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 03:52:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: gta_sa.exe, Version: 0.0.0.0, Zeitstempel: 0x427101ca
Name des fehlerhaften Moduls: d3d9.dll, Version: 4.3.1.4, Zeitstempel: 0x5310ea19
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00031b74
ID des fehlerhaften Prozesses: 0x11ac
Startzeit der fehlerhaften Anwendung: 0xgta_sa.exe0
Pfad der fehlerhaften Anwendung: gta_sa.exe1
Pfad des fehlerhaften Moduls: gta_sa.exe2
Berichtskennung: gta_sa.exe3

Error: (07/03/2014 02:13:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: gta_sa.exe, Version: 0.0.0.0, Zeitstempel: 0x427101ca
Name des fehlerhaften Moduls: WH03Z.asi, Version: 0.0.0.0, Zeitstempel: 0x52fcc25d
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00001cb5
ID des fehlerhaften Prozesses: 0x1658
Startzeit der fehlerhaften Anwendung: 0xgta_sa.exe0
Pfad der fehlerhaften Anwendung: gta_sa.exe1
Pfad des fehlerhaften Moduls: gta_sa.exe2
Berichtskennung: gta_sa.exe3

Error: (07/03/2014 02:01:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: gta_sa.exe, Version: 0.0.0.0, Zeitstempel: 0x427101ca
Name des fehlerhaften Moduls: d3d9.dll, Version: 4.3.1.4, Zeitstempel: 0x5310ea19
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00031b74
ID des fehlerhaften Prozesses: 0x1690
Startzeit der fehlerhaften Anwendung: 0xgta_sa.exe0
Pfad der fehlerhaften Anwendung: gta_sa.exe1
Pfad des fehlerhaften Moduls: gta_sa.exe2
Berichtskennung: gta_sa.exe3

Error: (07/03/2014 01:10:38 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (07/03/2014 01:09:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/04/2014 00:43:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (07/04/2014 00:43:03 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/04/2014 00:40:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}

Error: (07/03/2014 10:15:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (07/03/2014 10:15:35 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/03/2014 10:13:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/03/2014 10:13:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (07/03/2014 01:11:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (07/03/2014 01:11:21 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/02/2014 03:42:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069


Microsoft Office Sessions:
=========================
Error: (07/04/2014 00:41:31 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/04/2014 00:40:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 10:47:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gta_sa.exe0.0.0.0427101cantdll.dll6.1.7601.177254ec49b8fc00000050003bc2610a401cf96ffb02f6fa1C:\Games\GTA San Andreas\gta_sa.exeC:\Windows\SysWOW64\ntdll.dll33cb490f-02f3-11e4-b792-001f85bf896c

Error: (07/03/2014 10:45:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gta_sa.exe0.0.0.0427101cantdll.dll6.1.7601.177254ec49b8fc00000050003bc26109c01cf96ff05c0dbb6C:\Games\GTA San Andreas\gta_sa.exeC:\Windows\SysWOW64\ntdll.dlle783cd22-02f2-11e4-b792-001f85bf896c

Error: (07/03/2014 10:14:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 03:52:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gta_sa.exe0.0.0.0427101cad3d9.dll4.3.1.45310ea19c000000500031b7411ac01cf96c51d15bd0bC:\Games\GTA San Andreas\gta_sa.exeC:\Games\GTA San Andreas\d3d9.dll3c7cd9b6-02b9-11e4-b323-001f85bf896c

Error: (07/03/2014 02:13:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gta_sa.exe0.0.0.0427101caWH03Z.asi0.0.0.052fcc25dc000040900001cb5165801cf96b76723c6d5C:\Games\GTA San Andreas\gta_sa.exeC:\Games\GTA San Andreas\WH03Z.asi6f1ee8e4-02ab-11e4-b323-001f85bf896c

Error: (07/03/2014 02:01:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gta_sa.exe0.0.0.0427101cad3d9.dll4.3.1.45310ea19c000000500031b74169001cf96b4bf6d16e6C:\Games\GTA San Andreas\gta_sa.exeC:\Games\GTA San Andreas\d3d9.dllbfb2aa5a-02a9-11e4-b323-001f85bf896c

Error: (07/03/2014 01:10:38 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/03/2014 01:09:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2012-10-21 19:43:32.808
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-21 19:43:32.789
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 64%
Total physical RAM: 4094.12 MB
Available physical RAM: 1444.65 MB
Total Pagefile: 8186.42 MB
Available Pagefile: 4525.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:268.56 GB) (Free:47.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:29.52 GB) (Free:24.86 GB) NTFS
Drive k: (32G) (Removable) (Total:29.69 GB) (Free:9.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 2E30FFC3)
Partition 1: (Active) - (Size=269 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=30 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

deeprybka 04.07.2014 12:41
:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab.
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.



Los geht's:
Schritt 1
Lade Dir bitte Revo Uninstallerhttp://deeprybka.trojaner-board.de/b...ninstaller.pnghier herunter.
Entpacke die zip-Datei auf den Desktop.Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter.
Auch wenn am Ende noch Programme übrig geblieben sind, die den ATTENTION-Zusatz haben, führe den nächsten Schritt aus:


Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3
Bitte lade Dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans den Virenscanner, da dieser Zoek stören könnte.
  • Starte die zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und sollte nicht 1:1 auf andere Computer übernommen werden.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    FFdefaults;
    CHRdefaults;
    iedefaults;
    emptyclsid;
    autoclean;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Schritt 4

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Andreaas 04.07.2014 12:57
1. Schritt, 3 Punkt: Soll ich da worklich alle Uninstallieren ? Das sind über 100 Stück ?

Edit: Ah sry, jez hab ichs. Der Pfeil Attention ist da wichtig :)

deeprybka 04.07.2014 13:05
:daumenhoc

Genau, nur die Programme die unter dieser Rubrik:

http://deeprybka.trojaner-board.de/b.../revo/add1.png

den Zusatz ATTENTION haben...

Andreaas 04.07.2014 21:42
Danke für deine Hilfe ! :) Mein PC/Browser/.. ist eigentlich(?) so gut wie sauber! :D
Lob an dich, deeprybka, Respekt und danke an solch gut gemachte Programme! ;)

Hier sind noch mal die ganzen Zeilen :

Soll ich noch FRST als neuen Beitrag schreiben? Da der Beitrag zu lang wäre kann ich das hier nicht mehr reinpacken.

AdwCleaner[S0]
AdwCleaner Logfile:
Code:
# AdwCleaner v3.214 - Bericht erstellt am 04/07/2014 um 17:00:44
# Aktualisiert 29/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Admin - ADMIN-PC
# Gestartet von : C:\Users\Admin\Desktop\adwcleaner_3.214.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : IePluginService
Dienst Gelöscht : RrFilterService64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\374311380
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\fast and safe
Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\Program Files (x86)\Caramava
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\Kozaka
Ordner Gelöscht : C:\Program Files (x86)\Mail.Ru
Ordner Gelöscht : C:\Program Files (x86)\Rr Savings
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files (x86)\Winload
Ordner Gelöscht : C:\Windows\Installer\{813BA625-B0FA-48D8-9B75-59759C88C219}
Ordner Gelöscht : C:\Program Files\002
Ordner Gelöscht : C:\Program Files\RrFilter
Ordner Gelöscht : C:\Program Files\RrSavings
Ordner Gelöscht : C:\Users\Admin\AppData\Local\b1e
Ordner Gelöscht : C:\Users\Admin\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Mail.Ru
Ordner Gelöscht : C:\Users\Admin\AppData\Local\pgcchelper
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Temp\mt_ffx
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\Winload
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\loadtbs
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\Extensions\faststartff@gmail.com
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\Extensions\RrSavings@jetpack
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\Extensions\firefox@kozaka.net.xpi
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\Extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\.autoreg
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\invalidprefs.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\searchplugins\BrowserProtect.xml
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\searchplugins\mixidj.xml
Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\user.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\user.js
Datei Gelöscht : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx
Datei Gelöscht : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gelöscht : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
Datei Gelöscht : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.iminent.com_0.localstorage
Datei Gelöscht : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.iminent.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Windows\System32\Tasks\Lyrics-Monkey Update
Datei Gelöscht : C:\Windows\Tasks\1e4b86f6-2752-4a22-afa3-8ff12b092ef1-5.job

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppsHat\Uninstall.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [lightningnewtab@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\hahpjplbmicfkmoccokbjejahjjpnena
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\khialnikbocfgkohdegnebhmmaifoglp
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pkndmigholgfjlniaohblojbhgjbkakn
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [FixMyRegistry]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [livesupport]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [pgcchelper]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SpeedUpMyComputer]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskToolbarNRO_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskToolbarNRO_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LiveSupport_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\livesupport_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\5c5388d9b635ed44
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_amcap_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_amcap_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_autodesk-3ds-max_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_autodesk-3ds-max_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_gta-iv-san-andreas_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_gta-iv-san-andreas_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_far-cry-3-minecraft-pack_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_far-cry-3-minecraft-pack_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_funny-voice (1)_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_funny-voice (1)_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A2773ED4-83BD-488A-A186-73590706C916}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A45E3FA8-5048-4372-94AD-C6661671F7FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A45E3FA8-5048-4372-94AD-C6661671F7FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A45E3FA8-5048-4372-94AD-C6661671F7FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A45E3FA8-5048-4372-94AD-C6661671F7FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E738F46A-F361-42E9-BB06-8F7DB122041E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39E544FB-965F-43C4-B134-4A2C2BC82CDD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\BrowserCompanion
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\RrSavings
Schlüssel Gelöscht : HKCU\Software\SearchProtectINT
Schlüssel Gelöscht : HKCU\Software\smarttweak
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Lyrics_Monkey
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Rr Savings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\RrSavings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\winload
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\IePlugin
Schlüssel Gelöscht : HKLM\Software\nationzoomSoftware
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Vittalia
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\Software\winload
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3566FB70-E722-4182-8266-815EAE862998}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FixMyRegistry
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-3.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Rr Savings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\RrSavings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{813BA625-B0FA-48D8-9B75-59759C88C219}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RrSavings
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\07BF6653227E2814286618E5EA689289
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\526AB318AF0B8D84B9579557C9882C91
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\07BF6653227E2814286618E5EA689289
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\526AB318AF0B8D84B9579557C9882C91

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16464

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page Before]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page Before]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\prefs.js ]

Zeile gelöscht : user_pref("accessibility.lightning.homepage", "hxxp://www.nationzoom.com/?type=hp&ts=1389876884&from=amt&uid=ST3320820AS_5QF1SBP5XXXX5QF1SBP5");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Trovi search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Trovi search");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.nationzoom.com/?type=hp&ts=1389876884&from=amt&uid=ST3320820AS_5QF1SBP5XXXX5QF1SBP5");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.bbDpng", "20");
Zeile gelöscht : user_pref("extensions.delta.cntry", "DE");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.hdrMd5", "");
Zeile gelöscht : user_pref("extensions.delta.id", "7ef0291500000000000000ffb18f0bcf");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15843");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.21.016:31:25");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.sg", "azb");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.016:31:25");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=121631&tt=gc_");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.enabledAddons", "%7B8f8fe09b-0bd3-4470-bc1b-8cad42b8203a%7D:0.17,%7Bb5ad6039-a173-4149-9dcf-d04371526253%7D:1.131,firefox%40kozaka.net:1.0.0,webbooster%40iminent.com:8.14.1.1,fas[...]
Zeile gelöscht : user_pref("iminent.LayoutId", "1");
Zeile gelöscht : user_pref("iminent.ShowThankyouPixel", "0");
Zeile gelöscht : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0.42500658289839827,\"s\":0,\"es\":3}");
Zeile gelöscht : user_pref("iminent.adapters", "{\"337\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":2,\"expireTime\":\"13928257207071814400\"},\"google\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"[...]
Zeile gelöscht : user_pref("iminent.displayFavLinks", "1");
Zeile gelöscht : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//i.iminentjs.info/imitin/javascript.js\",\"queryS[...]
Zeile gelöscht : user_pref("iminent.externalScripts.iRobinHood.IROBPKG", "{\"pkgid\":\"wrDCtcK5wrfCuMK2wrXCscK3\",\"raw_pkgid\":\"148697406\"}");
Zeile gelöscht : user_pref("iminent.externalScripts.iRobinHood.irobsettings", "[{\"TM\":\"57362\",\"IA\":\"1\",\"HU\":\"hxxp://iminent.donation-tools.org/home.aspx\",\"CC\":\"Fight Cancer\",\"CI\":\"5719\",\"AU\":\"ir[...]
Zeile gelöscht : user_pref("iminent.externalScripts.iRobinHood.irobsettings2", "\"[{\\\"ID\\\": 80, \\\"PROGRAM_NAME\\\": \\\"Iminent JSinject\\\", \\\"Domain\\\": \\\"iminent                                          [...]
Zeile gelöscht : user_pref("iminent.externalScripts.iRobinHood.menuURL", "hxxp://iminent.donation-tools.org/home.aspx?pkgId=wrDCtcK5wrfCuMK2wrXCscK3");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent100", "1390944410706");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent101", "1397773549436");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent102", "1400768101988");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent105", "1395532555948");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent109", "1394245465254");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent111", "1394245465260");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent112", "1394245471300");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent122", "1394245465268");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent136", "1395533855115");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent140", "1400768114813");
Zeile gelöscht : user_pref("iminent.trackExternalScripts1", "1393964657904");
Zeile gelöscht : user_pref("iminent.trackExternalScripts2", "1393964657912");
Zeile gelöscht : user_pref("iminent.trackExternalScripts3", "1394152393774");
Zeile gelöscht : user_pref("iminent.trackExternalScripts4", "1402689411254");
Zeile gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
Zeile gelöscht : user_pref("iminent.version", "8.14.1.1");
Zeile gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.14.1.1\",\"InstallEventCTime\":1403785432306,\"InstallEvent\":\"True\"}");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.LayoutId", "1");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.SOFTONICREFRESHRATE", "140000");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.Services.BHPCode", "01");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.Services.DefaultEvent", "000");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.Services.DefaultWebSite", "000");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.Services.SmartFavCode", "02");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.minibar.displayFavLinks", "1");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.LayoutId", "1");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.SOFTONICREFRESHRATE", "140000");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.Services.BHPCode", "01");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultEvent", "000");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultWebSite", "000");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.Services.IminentClientCode", "11");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.Services.SmartFavCode", "02");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.ShowThankyouPixel", "0");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.displayFavLinks", "1");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1376780757189");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent109", "1375397988604");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent111", "1375397988616");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent112", "1375397991818");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent122", "1375397988627");
Zeile gelöscht : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent134", "1375913391115");
Zeile gelöscht : user_pref("mail.ru.toolbar.url-rank.xml", "<brick id=\"url-rank\" status=\"\" newtab=\"1\" href=\"hxxp://connect.mail.ru/share?share_url=hxxp%3A%2F%2Fwww1.delta-search.com%2F%3FaffID%3D121631%26tt%3Dg[...]

[ Datei : C:\Users\Test\AppData\Roaming\Mozilla\Firefox\Profiles\vgkodgwy.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=111434&tt=3412_1&babsrc=SP_ss&mntrId=7ef02915000000000000c860006274bb
Gelöscht [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&affID=121631&tt=gc_&babsrc=SP_ss&mntrId=7EF000FFB18F0BCF
Gelöscht [Search Provider] : hxxp://mixidj.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=7EF000FFB18F0BCF&affID=123187&tsp=4957
Gelöscht [Search Provider] : hxxp://www.nationzoom.com/web/?type=ds&ts=1389876884&from=amt&uid=ST3320820AS_5QF1SBP5XXXX5QF1SBP5&q={searchTerms}
Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3323900&octid=EB_ORIGINAL_CTID&ISID=MD25CD0B2-09FE-4EBA-9F9B-231B35637C00&SearchSource=58&CUI=&UM=5&UP=SP0362F3D6-664B-4F53-B9E4-8B009C920A6A&q={searchTerms}&SSPV=
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : cekcjpgehmohobmdiikfnopibipmgnml
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
Gelöscht [Extension] : hahpjplbmicfkmoccokbjejahjjpnena
Gelöscht [Extension] : ofnnlhbgdcabppjmlijllkhekcglbjlg
Gelöscht [Extension] : pkndmigholgfjlniaohblojbhgjbkakn

*************************

AdwCleaner[R0].txt - [41061 octets] - [04/07/2014 14:57:43]
AdwCleaner[R1].txt - [41866 octets] - [04/07/2014 16:49:51]
AdwCleaner[S0].txt - [36636 octets] - [04/07/2014 17:00:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [36697 octets] ##########
--- --- ---

[/CODE]

zoek-results
Code:

Zoek.exe v5.0.0.0 Updated 30-06-2014
Tool run by Admin on 04.07.2014 at 21:53:20,18.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Admin\Desktop\zoek.exe    [Scan all users] [Script inserted]

==== System Restore Info ======================

04.07.2014 21:55:31 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\prefs.js:
user_pref("browser.newtab.url", "about:newtab");
user_pref("browser.search.useDBForOrder", "false");

Added to C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\Test\AppData\Roaming\Mozilla\Firefox\Profiles\vgkodgwy.default\prefs.js:

Added to C:\Users\Test\AppData\Roaming\Mozilla\Firefox\Profiles\vgkodgwy.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default

user.js not found
---- Lines mixidj removed from prefs.js ----
user_pref("extensions.mixidj.admin", false);
user_pref("extensions.mixidj.aflt", "babsst");
user_pref("extensions.mixidj.appId", "{A2773ED4-83BD-488A-A186-73590706C916}");
user_pref("extensions.mixidj.autoRvrt", "false");
user_pref("extensions.mixidj.dfltLng", "en");
user_pref("extensions.mixidj.excTlbr", false);
user_pref("extensions.mixidj.ffxUnstlRst", false);
user_pref("extensions.mixidj.id", "7ef0291500000000000000ffb18f0bcf");
user_pref("extensions.mixidj.instlDay", "15914");
user_pref("extensions.mixidj.instlRef", "sst");
user_pref("extensions.mixidj.newTab", false);
user_pref("extensions.mixidj.prdct", "mixidj");
user_pref("extensions.mixidj.prtnrId", "mixidj");
user_pref("extensions.mixidj.rvrt", "false");
user_pref("extensions.mixidj.smplGrp", "none");
user_pref("extensions.mixidj.tlbrId", "baseyh");
user_pref("extensions.mixidj.tlbrSrchUrl", "");
user_pref("extensions.mixidj.vrsn", "1.8.18.8");
user_pref("extensions.mixidj.vrsni", "1.8.18.8");
user_pref("extensions.mixidj.vrsnTs", "1.8.18.82:25:11");
---- FireFox user.js and prefs.js backups ----

prefs__2205_.backup

ProfilePath: C:\Users\Test\AppData\Roaming\Mozilla\Firefox\Profiles\vgkodgwy.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs__2205_.backup

==== Deleting Files \ Folders ======================

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\extensions\webbooster@iminent.com.xpi not found
C:\Program Files (x86)\Lyrics_Monkey\131.xpi not found
C:\Users\Admin\8F6F719407344CDA8C046B766F2241A6.TMP deleted
C:\PROGRA~3\APN deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avsinit.vbs deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\bcb2init.vbs deleted
C:\Users\Admin\Searches deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
C:\Windows\Syswow64\tmp1B45.tmp deleted
C:\Windows\Syswow64\tmp1B65.tmp deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
"C:\Users\Admin\AppData\Roaming\convert\convert.exe" deleted
"C:\Users\Admin\AppData\Roaming\Pamela" deleted
"C:\Users\Admin\AppData\Roaming\convert" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default
- HTTP - %ProfilePath%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default
A58DE0A570148AF5FF3512B2A340D09F        - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll -        Shockwave Flash
853A6F93105790D4DC4D30CC92B19E11        - C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -        Unity Player
99E2145307150EB8AB78F4F888F97DBE        - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll -        Nexon Game Controller


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mciekghplkkgcmofonmkmlomhkamochd - C:\Program Files (x86)\Kozaka\mciekghplkkgcmofonmkmlomhkamochd.crx[]

AdBlock - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Docs - Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Improved Search - Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\hahpjplbmicfkmoccokbjejahjjpnena
Kozaka - Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciekghplkkgcmofonmkmlomhkamochd
Docs - Default User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Improved Search - Default User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hahpjplbmicfkmoccokbjejahjjpnena
Kozaka - Default User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciekghplkkgcmofonmkmlomhkamochd

==== Chrome Fix ======================

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_valuedealshopper.com_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_valuedealshopper.com_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_amcap.softonic.de_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_amcap.softonic.de_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_angry-birds-skin-pack.en.softonic.com_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_angry-birds-skin-pack.en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_games.en.softonic.com_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_games.en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_grand-theft-auto-san-andreas-for-windows-8.en.softonic.com_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_grand-theft-auto-san-andreas-for-windows-8.en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mac-os-x-lion-skin-pack-xp.softonic.de_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mac-os-x-lion-skin-pack-xp.softonic.de_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mac-os-x-lion-skin-pack.softonic.de_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mac-os-x-lion-skin-pack.softonic.de_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mac-os-x-snow-leopard-theme.softonic.de_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mac-os-x-snow-leopard-theme.softonic.de_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_openal.softonic.de_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_openal.softonic.de_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_escortphonesearch.com_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_escortphonesearch.com_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_letssearch.com_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_letssearch.com_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mixidj.delta-search.com_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mixidj.delta-search.com_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_sr.photos3.fotosearch.com_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_sr.photos3.fotosearch.com_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bodddioamolcibagionmmobehnbhiakf_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bodddioamolcibagionmmobehnbhiakf_0.localstorage-journal deleted successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciekghplkkgcmofonmkmlomhkamochd deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Start Page Before"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Search Page Before"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page Before"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.com"
"Start Page Before"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Admin\AppData\Local\Xpom\User Data\Default\Web Data was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mciekghplkkgcmofonmkmlomhkamochd deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ad4you deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iminent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IminentMessenger deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeOfGerman deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoodEditor.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Overwolf deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xwidget deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Test\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JC2T7JSA will be deleted at reboot
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3obi24th.default\Cache emptied successfully
C:\Users\Test\AppData\Local\Mozilla\Firefox\Profiles\vgkodgwy.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=66 folders=27 22442386 bytes)

==== Empty Temp Folders ======================

C:\Users\Admin\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Gast\AppData\Local\Temp emptied successfully
C:\Users\Test\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Admin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JC2T7JSA" not found

==== EOF on 04.07.2014 at 22:15:29,75 ======================
Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2014
Ran by Admin at 2014-07-04 22:30:29
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

«Sleeping Dogs - Limited Edition» v.2.0.434913 (HKLM-x32\...\«Sleeping Dogs - Limited Edition»_is1) (Version:  - SQUARE ENIX)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)
3DMark06 (HKLM-x32\...\{1AE27FE6-05DB-40CB-A29E-2945980ACE27}) (Version: 1.0.2 - Futuremark)
4Story DE 4.2.191 (HKLM-x32\...\4Story_DE_is1) (Version:  - )
Ad4You (HKCU\...\Ad4You) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alliance of Valiant Arms DE (HKLM-x32\...\Alliance of Valiant Arms DE) (Version:  - )
APB Reloaded (HKLM-x32\...\APB Reloaded) (Version: 1.6.1.603578 - )
Ashampoo Burning Studio 6 FREE v.6.80 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.0 - ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{62140B07-129A-2BD0-81D2-2A1A7408ADC8}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
Auto Install version 0.5 (HKLM-x32\...\{F9DDB483-E350-4782-9527-59D7ABA4B994}_is1) (Version: 0.5 - Mad Penguin Productions)
AutoHotkey 1.1.13.00 (HKLM\...\AutoHotkey) (Version: 1.1.13.00 - Lexikos)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.0.397 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Brother MFL-Pro Suite DCP-7010 (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Camtasia Studio 8 (HKLM-x32\...\{8F6F7194-0734-4CDA-8C04-6B766F2241A6}) (Version: 8.0.4.1060 - TechSmith Corporation)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
CLEO v3.0.950 (HKLM-x32\...\{8FB91814-FE42-4B62-9B54-4B677A420715}_is1) (Version:  - Seemann (www.sannybuilder.com))
CPUID CPU-Z 1.61.3 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Crytek Studios)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0314 - DT Soft Ltd)
Dybuster OrthographSLde (HKLM-x32\...\{59F17596-7D86-46B2-9824-9E4284E24B91}) (Version: 1.6.1.5 - Dybuster AG)
Eden4SDE version 33852 (HKLM-x32\...\{6C918475-3898-4192-81D4-E083A3DAA871}_is1) (Version: 33852 - Eden4S, Inc.)
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Ghost Recon Phantoms - EU (HKCU\...\d8be6c3f847d7d92) (Version: 1.35.7490.1 - Ubisoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
GTA San Andreas SA-MP Addon, âåðñèÿ 1.31 (HKLM-x32\...\{47E4F6A3-F01C-4538-9925-CAE42C1CF7216}_is1) (Version: 1.31 - SAMP)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 7.1.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
Kozaka (HKLM\...\Kozaka) (Version: 2014.01.16.002256 - Kozaka) <==== ATTENTION
LibreOffice 4.2 Help Pack (German) (HKLM-x32\...\{DA6AF414-24FA-4815-A4FB-5EFD6173E6F5}) (Version: 4.2.4.2 - The Document Foundation)
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.173 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.173 - LogMeIn, Inc.) Hidden
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{26055432-339E-4776-803B-F22240B91864}) (Version: 11.1.2 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.1.2 - Red Giant Software) Hidden
MATonline2.1.6.357 (HKLM-x32\...\Mission Against Terror Online_is1) (Version: 2.1.6.357 - Dalian Kingsoft Interactive Entertainment Co., Ltd.)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.318.3 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{A1C962E2-2426-49C6-A38B-9A07E40D607C}) (Version: 3.2.217.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2010 (HKLM-x32\...\{FA8E7AF5-C70E-3274-9740-9E697FBD5BB7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{DCB46B42-723F-350E-B18A-449BC6C21636}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MinecraftAlpha (HKLM-x32\...\MinecraftAlpha) (Version:  - )
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MTA:SA v1.3.5 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.5 - Multi Theft Auto)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
New Great Effects 1.6 Uninstall (HKLM-x32\...\New Great Effects 1.6 Uninstall) (Version:  - )
Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.5 - )
NVIDIA 3D Vision Controller-Treiber 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.70 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 310.70 - NVIDIA Corporation)
NVIDIA DDS Utilities (HKLM-x32\...\{64963F0E-03F2-4B59-8D1B-1806545E7092}) (Version: 1.0 - )
NVIDIA Grafiktreiber 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.70 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1070 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 310.70 (Version: 310.70 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Pamela RME 2.0 (HKLM-x32\...\MoodEditor) (Version: 2.0 - Scendix Software-Vertriebsges. mbH)
PaperPort (HKLM-x32\...\{A17EABB6-D0C6-44E5-820C-72DC7F495064}) (Version: 9.02.0814 - ScanSoft, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
pgcchelper (HKCU\...\pgcchelper) (Version:  - )
Preset Manager 2.0 (HKLM-x32\...\{FCFE3F81-C977-4D31-877B-2778BB2A02DE}) (Version: 2.0.114 - Sony)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
PvP4story Version 1.5 (HKLM-x32\...\{E1EF3D7C-BED0-4536-9FFA-35F5ED034A34}_is1) (Version: 1.5 - all rights on PvP4story)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 beta r2282 - )
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
SciTE4AutoHotkey v3.0.05.01 (HKLM-x32\...\SciTE4AutoHotkey) (Version: v3.0.05.01 - fincs)
Serious Samurize (HKLM-x32\...\Serious Samurize) (Version:  - )
Skype Audio Player (remove only) (HKLM-x32\...\SkypePlayer) (Version:  - )
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.12 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29480 - TeamViewer)
Technitium MAC Address Changer v6.0.3 (HKLM-x32\...\TMACv6.0) (Version: 6.0.3 - Technitium)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
TS Notifier (HKLM-x32\...\{18B27ADA-8B84-46B4-8310-586C4FDDCF0A}) (Version: 1.5.5001 - Andreas Gebert)
TS3 Overlay (HKLM\...\TS3 Overlay) (Version: v3.2.0 - Rohrbacher Development)
Typograf 5.1e (HKLM-x32\...\Typograf) (Version: 5.1e - Neuber Software)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Vegas Pro 12.0 (64-bit) (HKLM\...\{EEB9EFDE-ED91-11E2-91A8-F04DA23A5C58}) (Version: 12.0.670 - Sony)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Xfire (HKLM-x32\...\Xfire) (Version:  - )

==================== Restore Points  =========================

02-07-2014 11:12:16 Dybuster OrthographSLde wird installiert
04-07-2014 12:01:28 Revo Uninstaller's restore point - FilesFrog Update Checker
04-07-2014 12:08:44 Revo Uninstaller's restore point - FixMyRegistry
04-07-2014 12:10:06 Revo Uninstaller's restore point - FixMyRegistry
04-07-2014 12:11:13 Revo Uninstaller's restore point - Iminent
04-07-2014 12:17:39 Revo Uninstaller's restore point - Lyrics-Monkey
04-07-2014 12:20:35 Revo Uninstaller's restore point - Search Protect
04-07-2014 12:22:34 Revo Uninstaller's restore point - Software Version Updater
04-07-2014 12:47:01 Revo Uninstaller's restore point - Software Version Updater
04-07-2014 12:47:14 Revo Uninstaller's restore point - Software Version Updater
04-07-2014 12:49:25 Revo Uninstaller's restore point - SupTab
04-07-2014 12:52:06 Revo Uninstaller's restore point - Game Booster 3
04-07-2014 19:55:21 zoek.exe restore point

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {08C860D2-6EA9-45FB-BA34-A1C705A315B5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-22] (Adobe Systems Incorporated)
Task: {4090CB00-49E0-4769-A133-A7C5287C02C1} - \Lyrics-Monkey Update No Task File <==== ATTENTION
Task: {7371E096-9287-4D0C-91D6-BE70715AABB5} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe <==== ATTENTION
Task: {912CAD8F-42CB-4E00-9F3A-2B736636E2EC} - System32\Tasks\AdobeAAMUpdater-1.0-Admin-PC-Admin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {9538EC0B-255E-4868-9B75-CA6BD06AD207} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {C425DB65-B329-4204-9C4B-6389A5DC0FA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-21] (Google Inc.)
Task: {CF5FC69D-F475-4803-BEE7-E67F6D7B23F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-21] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8c83955d43ea.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RDReminder.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\RunOW.job => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
Task: C:\Windows\Tasks\SidebarExecute.job => C:\Program Files\Windows Sidebar\sidebar.exe
Task: C:\Windows\Tasks\VStart{A37B472A-8335-449F-9568-43ECC2907F06}.job => C:\Users\Admin\AppData\Local\Temp\vstub.exe

==================== Loaded Modules (whitelisted) =============

2012-07-21 22:31 - 2012-12-01 07:49 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-07-22 23:16 - 2014-05-29 22:43 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-01-23 23:04 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2014-02-23 20:14 - 2014-02-23 20:14 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2014-02-23 20:14 - 2014-02-23 20:14 - 00747192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2014-02-23 20:14 - 2014-02-23 20:14 - 00055808 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.DLL
2014-02-23 20:14 - 2014-02-23 20:14 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.DLL
2014-02-23 20:14 - 2014-02-23 20:14 - 00022528 _____ () C:\Program Files\Rainmeter\Plugins\WifiStatus.DLL
2014-02-23 20:14 - 2014-02-23 20:14 - 00023040 _____ () C:\Program Files\Rainmeter\Plugins\Win7AudioPlugin.DLL
2014-02-23 20:14 - 2014-02-23 20:14 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\RecycleManager.DLL
2014-02-23 20:14 - 2014-02-23 20:14 - 00024064 _____ () C:\Program Files\Rainmeter\Plugins\QuotePlugin.DLL
2014-02-23 20:13 - 2014-02-23 20:13 - 00016896 _____ () C:\Program Files\Rainmeter\Plugins\AdvancedCPU.DLL
2014-02-23 20:14 - 2014-02-23 20:14 - 00010752 _____ () C:\Program Files\Rainmeter\Plugins\Process.DLL
2014-02-23 20:14 - 2014-02-23 20:14 - 00022528 _____ () C:\Program Files\Rainmeter\Plugins\InputText.DLL
2014-02-23 20:14 - 2014-02-23 20:14 - 00010240 _____ () C:\Program Files\Rainmeter\Plugins\WindowMessagePlugin.dll
2013-01-23 23:04 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2006-05-14 15:49 - 2006-05-14 15:49 - 00176128 _____ () C:\Program Files (x86)\Samurize\plugins\SpectrumVis.dll
2012-07-16 09:20 - 2013-09-17 16:17 - 00230376 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
2012-07-16 09:20 - 2013-09-17 16:17 - 00237032 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll
2012-07-16 09:20 - 2013-09-17 16:17 - 00159208 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\appscanner_plugin.dll
2012-07-16 09:20 - 2013-09-17 16:17 - 00431080 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-06-12 14:04 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-12 14:04 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-12 14:04 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 14:04 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 14:04 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-29 14:35 - 2014-05-16 01:16 - 00238080 _____ () D:\SA-MP Server 0.3z\SA-MP Server 0.3z von Andreas\plugins\streamer.DLL
2014-06-29 14:35 - 2014-06-10 01:18 - 00029184 _____ () D:\SA-MP Server 0.3z\SA-MP Server 0.3z von Andreas\plugins\sscanf.DLL
2014-06-12 14:04 - 2014-06-05 15:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Admin\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Admin\AppData\Roaming:NT

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Refresh.lnk => C:\Windows\pss\Refresh.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk => C:\Windows\pss\RocketDock.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^tClock.lnk => C:\Windows\pss\tClock.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UberIcon.lnk => C:\Windows\pss\UberIcon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Winroll.lnk => C:\Windows\pss\Winroll.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^YzShadow.lnk => C:\Windows\pss\YzShadow.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tbhcn.lnk => C:\Windows\pss\tbhcn.lnk.Startup
MSCONFIG\startupreg: 4StoryPrePatch => C:\Games\4Story_DE\PrePatch.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: BANDICAM => C:\Program Files (x86)\Bandicam\bdcam.exe
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: IndexSearch => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe
MSCONFIG\startupreg: KPeerNexonEU => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: NTRedirect => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run
MSCONFIG\startupreg: PaperPort PTD => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2014 10:14:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 09:45:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 05:06:43 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (07/04/2014 05:05:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 04:49:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: gta_sa.exe, Version: 0.0.0.0, Zeitstempel: 0x427101ca
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e3be
ID des fehlerhaften Prozesses: 0x11c0
Startzeit der fehlerhaften Anwendung: 0xgta_sa.exe0
Pfad der fehlerhaften Anwendung: gta_sa.exe1
Pfad des fehlerhaften Moduls: gta_sa.exe2
Berichtskennung: gta_sa.exe3

Error: (07/04/2014 04:00:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: gta_sa.exe, Version: 0.0.0.0, Zeitstempel: 0x427101ca
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005e6c0
ID des fehlerhaften Prozesses: 0xd9c
Startzeit der fehlerhaften Anwendung: 0xgta_sa.exe0
Pfad der fehlerhaften Anwendung: gta_sa.exe1
Pfad des fehlerhaften Moduls: gta_sa.exe2
Berichtskennung: gta_sa.exe3

Error: (07/04/2014 02:39:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: gta_sa.exe, Version: 0.0.0.0, Zeitstempel: 0x427101ca
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00038dc9
ID des fehlerhaften Prozesses: 0x6a0
Startzeit der fehlerhaften Anwendung: 0xgta_sa.exe0
Pfad der fehlerhaften Anwendung: gta_sa.exe1
Pfad des fehlerhaften Moduls: gta_sa.exe2
Berichtskennung: gta_sa.exe3

Error: (07/04/2014 00:41:31 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (07/04/2014 00:40:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 10:47:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: gta_sa.exe, Version: 0.0.0.0, Zeitstempel: 0x427101ca
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003bc26
ID des fehlerhaften Prozesses: 0x10a4
Startzeit der fehlerhaften Anwendung: 0xgta_sa.exe0
Pfad der fehlerhaften Anwendung: gta_sa.exe1
Pfad des fehlerhaften Moduls: gta_sa.exe2
Berichtskennung: gta_sa.exe3


System errors:
=============
Error: (07/04/2014 10:17:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (07/04/2014 10:17:38 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (07/04/2014 10:14:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/04/2014 10:14:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.

Error: (07/04/2014 10:05:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/04/2014 10:05:55 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/04/2014 10:05:55 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/04/2014 10:05:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/04/2014 10:05:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/04/2014 09:47:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069


Microsoft Office Sessions:
=========================
Error: (07/04/2014 10:14:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 09:45:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 05:06:43 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/04/2014 05:05:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 04:49:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gta_sa.exe0.0.0.0427101cantdll.dll6.1.7601.177254ec49b8fc00000050002e3be11c001cf97907dd134feC:\Games\GTA San Andreas\gta_sa.exeC:\Windows\SysWOW64\ntdll.dll56399b46-038a-11e4-ac65-001f85bf896c

Error: (07/04/2014 04:00:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gta_sa.exe0.0.0.0427101cantdll.dll6.1.7601.177254ec49b8fc00000050005e6c0d9c01cf97852281f80aC:\Games\GTA San Andreas\gta_sa.exeC:\Windows\SysWOW64\ntdll.dll85089565-0383-11e4-ac65-001f85bf896c

Error: (07/04/2014 02:39:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gta_sa.exe0.0.0.0427101cantdll.dll6.1.7601.177254ec49b8fc000000500038dc96a001cf978064387f6aC:\Games\GTA San Andreas\gta_sa.exeC:\Windows\SysWOW64\ntdll.dll4d5306a4-0378-11e4-ac65-001f85bf896c

Error: (07/04/2014 00:41:31 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT-AUTORITÄT)
Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/04/2014 00:40:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 10:47:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gta_sa.exe0.0.0.0427101cantdll.dll6.1.7601.177254ec49b8fc00000050003bc2610a401cf96ffb02f6fa1C:\Games\GTA San Andreas\gta_sa.exeC:\Windows\SysWOW64\ntdll.dll33cb490f-02f3-11e4-b792-001f85bf896c


CodeIntegrity Errors:
===================================
  Date: 2012-10-21 19:43:32.808
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-21 19:43:32.789
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 4094.12 MB
Available physical RAM: 2403.41 MB
Total Pagefile: 8186.42 MB
Available Pagefile: 6124.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:268.56 GB) (Free:51.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:29.52 GB) (Free:24.86 GB) NTFS
Drive k: (32G) (Removable) (Total:29.69 GB) (Free:9.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 2E30FFC3)
Partition 1: (Active) - (Size=269 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=30 GB) - (Type=OF Extended)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30 GB) - (Type=07 NTFS)

==================== End Of Log ============================
MfG :party:

deeprybka 04.07.2014 21:44
Hi,
wir sind noch nicht fertig! ;)

Daher splitte das FRST-Log auf zwei Postings... :)

Andreaas 04.07.2014 22:09
Alles Klar. :D

Hier FRST

Manche mit Attention konnte ich entweder gar nicht finden oder nicht "deinstallieren/uninstallieren"



FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014
Ran by Admin (administrator) on ADMIN-PC on 04-07-2014 22:29:34
Running from C:\Users\Admin\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Samurize.com) C:\Program Files (x86)\Samurize\Client.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SA-MP Team) D:\SA-MP Server 0.3z\SA-MP Server 0.3z von Andreas\samp-server.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Sandboxie <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKU\S-1-5-21-864206691-1170183234-3533522826-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-864206691-1170183234-3533522826-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-864206691-1170183234-3533522826-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-864206691-1170183234-3533522826-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-864206691-1170183234-3533522826-1000\...\MountPoints2: K - K:\Setup.exe
HKU\S-1-5-21-864206691-1170183234-3533522826-1000\...\MountPoints2: {9aa10367-d36e-11e1-8b2b-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-864206691-1170183234-3533522826-1000\...\MountPoints2: {fa2e8a21-d7e2-11e1-815d-c860006274bb} - K:\setup.exe
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Client - Verknüpfung.lnk
ShortcutTarget: Client - Verknüpfung.lnk -> C:\Program Files (x86)\Samurize\Client.exe (Samurize.com)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.exe.lnk
ShortcutTarget: Rainmeter.exe.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

ProxyServer: 127.0.0.1:8082
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\searchplugins\mailru.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Live HTTP Headers - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2013-09-17]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-03]
FF Extension: No Name - C:\Program Files (x86)\Lyrics_Monkey\131.xpi []
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\extensions\firefox@kozaka.net.xpi []
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3obi24th.default\extensions\webbooster@iminent.com.xpi []

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-10]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-10]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-10]
CHR Extension: (Google-Suche) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-10]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-10]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-08] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-29] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2013-06-24] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-13] (DT Soft Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61736 2014-02-28] (NetFilterSDK.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 ScreamBAudioSvc; system32\drivers\ScreamingBAudio64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-04 22:29 - 2014-07-04 22:30 - 00013697 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-07-04 22:12 - 2014-07-04 21:52 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-04 21:55 - 2014-07-04 22:15 - 00020914 _____ () C:\zoek-results.log
2014-07-04 17:10 - 2014-07-04 22:08 - 00000000 ____D () C:\zoek_backup
2014-07-04 17:09 - 2014-07-04 17:10 - 01285120 _____ () C:\Users\Admin\Desktop\zoek.exe
2014-07-04 14:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-04 14:56 - 2014-07-04 17:01 - 00000000 ____D () C:\AdwCleaner
2014-07-04 14:56 - 2014-07-04 14:56 - 01346519 _____ () C:\Users\Admin\Desktop\adwcleaner_3.214.exe
2014-07-04 14:12 - 2014-07-04 14:12 - 00002247 _____ () C:\Users\Default\Desktop\Google Chrome.lnk
2014-07-04 14:12 - 2014-07-04 14:12 - 00002247 _____ () C:\Users\Default User\Desktop\Google Chrome.lnk
2014-07-04 14:11 - 2014-07-04 14:11 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-07-04 14:11 - 2014-07-04 14:11 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-07-04 13:50 - 2014-07-04 13:52 - 00000000 ____D () C:\Users\Admin\Desktop\revouninstaller-portable
2014-07-04 13:22 - 2014-07-04 22:29 - 00000000 ____D () C:\FRST
2014-07-04 13:22 - 2014-07-04 13:22 - 02083840 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-07-04 12:52 - 2014-07-04 12:52 - 00052361 _____ () C:\Users\Admin\Desktop\mytodolist.gadget
2014-07-04 12:50 - 2014-07-04 12:50 - 00000035 _____ () C:\Users\Admin\Desktop\k.txt
2014-07-03 23:24 - 2014-07-03 23:24 - 00011080 _____ () C:\Users\Admin\Downloads\ninteriors.rar
2014-07-02 22:19 - 2014-07-02 22:19 - 00000000 ____D () C:\ProgramData\Dybuster
2014-07-02 13:18 - 2014-07-02 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dybuster
2014-07-02 13:16 - 2014-07-02 13:16 - 00000000 ____D () C:\Program Files (x86)\Dybuster
2014-06-27 21:04 - 2014-06-27 21:04 - 00000326 _____ () C:\Windows\Tasks\VStart{A37B472A-8335-449F-9568-43ECC2907F06}.job
2014-06-26 14:39 - 2014-06-26 14:39 - 03510714 _____ () C:\Users\Admin\Desktop\j.psd
2014-06-24 17:08 - 2014-06-24 17:08 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2014-06-21 02:45 - 2014-06-28 00:33 - 00000132 _____ () C:\Users\Admin\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-06-21 01:19 - 2014-06-21 01:19 - 00284054 _____ () C:\Users\Admin\Desktop\Ich heiße Marvin..mp4
2014-06-20 14:31 - 2014-06-20 14:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8c83955d43ea.job
2014-06-19 23:26 - 2014-06-19 23:26 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-19 23:26 - 2014-06-19 23:26 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-06-19 17:52 - 2014-06-19 17:53 - 105870950 _____ () C:\Users\Admin\Desktop\gta_sa 2014-06-19 17-52-51-744.avi
2014-06-16 16:35 - 2014-07-02 15:42 - 00000000 ____D () C:\Users\Admin\Desktop\Finale
2014-06-13 23:41 - 2014-07-04 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-13 18:13 - 2014-06-13 18:13 - 01199079 _____ () C:\Windows\unins000.exe
2014-06-10 23:50 - 2014-07-04 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppsHat
2014-06-10 23:50 - 2014-06-27 21:08 - 00002086 _____ () C:\Users\UpdatusUser\Desktop\AppsHat.lnk
2014-06-10 23:50 - 2014-06-27 21:08 - 00002086 _____ () C:\Users\Gast\Desktop\AppsHat.lnk
2014-06-09 03:30 - 2014-06-09 03:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WorldOfSanAndreas

==================== One Month Modified Files and Folders =======

2014-07-04 22:30 - 2014-07-04 22:29 - 00013697 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-07-04 22:29 - 2014-07-04 13:22 - 00000000 ____D () C:\FRST
2014-07-04 22:22 - 2009-07-14 06:45 - 00023680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-04 22:22 - 2009-07-14 06:45 - 00023680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-04 22:19 - 2012-07-21 22:08 - 00000000 ____D () C:\Users\Admin
2014-07-04 22:18 - 2012-07-21 22:02 - 01481676 _____ () C:\Windows\WindowsUpdate.log
2014-07-04 22:17 - 2012-07-27 17:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TS3Client
2014-07-04 22:17 - 2012-07-22 18:19 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-07-04 22:15 - 2014-07-04 21:55 - 00020914 _____ () C:\zoek-results.log
2014-07-04 22:13 - 2012-07-21 22:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-04 22:13 - 2009-07-14 06:51 - 00135748 _____ () C:\Windows\setupact.log
2014-07-04 22:12 - 2010-11-21 05:47 - 00829620 _____ () C:\Windows\PFRO.log
2014-07-04 22:09 - 2012-07-22 20:48 - 00000000 ____D () C:\Users\Admin\AppData\Local\LogMeIn Hamachi
2014-07-04 22:08 - 2014-07-04 17:10 - 00000000 ____D () C:\zoek_backup
2014-07-04 21:52 - 2014-07-04 22:12 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-04 17:10 - 2014-07-04 17:09 - 01285120 _____ () C:\Users\Admin\Desktop\zoek.exe
2014-07-04 17:01 - 2014-07-04 14:56 - 00000000 ____D () C:\AdwCleaner
2014-07-04 17:01 - 2014-06-13 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-04 17:01 - 2014-06-10 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppsHat
2014-07-04 17:01 - 2013-08-10 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-04 17:01 - 2012-11-24 22:51 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-04 17:01 - 2012-07-21 22:09 - 00001166 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-04 17:01 - 2012-07-21 22:09 - 00000983 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-07-04 16:49 - 2012-08-31 00:02 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2014-07-04 14:56 - 2014-07-04 14:56 - 01346519 _____ () C:\Users\Admin\Desktop\adwcleaner_3.214.exe
2014-07-04 14:12 - 2014-07-04 14:12 - 00002247 _____ () C:\Users\Default\Desktop\Google Chrome.lnk
2014-07-04 14:12 - 2014-07-04 14:12 - 00002247 _____ () C:\Users\Default User\Desktop\Google Chrome.lnk
2014-07-04 14:11 - 2014-07-04 14:11 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-07-04 14:11 - 2014-07-04 14:11 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-07-04 13:52 - 2014-07-04 13:50 - 00000000 ____D () C:\Users\Admin\Desktop\revouninstaller-portable
2014-07-04 13:38 - 2014-04-07 17:33 - 00000196 _____ () C:\Windows\Tasks\SidebarExecute.job
2014-07-04 13:22 - 2014-07-04 13:22 - 02083840 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2014-07-04 12:52 - 2014-07-04 12:52 - 00052361 _____ () C:\Users\Admin\Desktop\mytodolist.gadget
2014-07-04 12:50 - 2014-07-04 12:50 - 00000035 _____ () C:\Users\Admin\Desktop\k.txt
2014-07-03 23:24 - 2014-07-03 23:24 - 00011080 _____ () C:\Users\Admin\Downloads\ninteriors.rar
2014-07-03 16:09 - 2014-04-29 18:15 - 00000000 ____D () C:\Users\Admin\Documents\Bandicam
2014-07-02 22:19 - 2014-07-02 22:19 - 00000000 ____D () C:\ProgramData\Dybuster
2014-07-02 15:42 - 2014-06-16 16:35 - 00000000 ____D () C:\Users\Admin\Desktop\Finale
2014-07-02 13:18 - 2014-07-02 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dybuster
2014-07-02 13:16 - 2014-07-02 13:16 - 00000000 ____D () C:\Program Files (x86)\Dybuster
2014-06-28 23:36 - 2014-06-01 12:54 - 00001552 _____ () C:\Windows\Sandboxie.ini
2014-06-28 00:33 - 2014-06-21 02:45 - 00000132 _____ () C:\Users\Admin\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-06-27 21:08 - 2014-06-10 23:50 - 00002086 _____ () C:\Users\UpdatusUser\Desktop\AppsHat.lnk
2014-06-27 21:08 - 2014-06-10 23:50 - 00002086 _____ () C:\Users\Gast\Desktop\AppsHat.lnk
2014-06-27 21:04 - 2014-06-27 21:04 - 00000326 _____ () C:\Windows\Tasks\VStart{A37B472A-8335-449F-9568-43ECC2907F06}.job
2014-06-26 14:39 - 2014-06-26 14:39 - 03510714 _____ () C:\Users\Admin\Desktop\j.psd
2014-06-26 14:08 - 2013-07-16 14:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-25 20:18 - 2012-08-12 22:36 - 00000000 ____D () C:\ProgramData\MTA San Andreas All
2014-06-24 17:08 - 2014-06-24 17:08 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2014-06-24 17:08 - 2012-07-21 23:16 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-06-24 17:08 - 2012-07-21 23:14 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-06-24 13:23 - 2013-08-06 13:48 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-21 18:45 - 2012-07-22 23:32 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-06-21 18:45 - 2012-07-22 23:16 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-06-21 18:37 - 2012-07-22 23:16 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-06-21 18:35 - 2013-08-25 00:01 - 00000000 ____D () C:\ProgramData\Origin
2014-06-21 18:35 - 2013-08-25 00:01 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-21 01:19 - 2014-06-21 01:19 - 00284054 _____ () C:\Users\Admin\Desktop\Ich heiße Marvin..mp4
2014-06-20 14:31 - 2014-06-20 14:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8c83955d43ea.job
2014-06-20 14:27 - 2009-07-14 06:45 - 05307544 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-20 00:01 - 2012-08-17 19:14 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TeamViewer
2014-06-19 23:48 - 2012-07-22 11:14 - 00230472 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-19 23:26 - 2014-06-19 23:26 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-19 23:26 - 2014-06-19 23:26 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-06-19 17:53 - 2014-06-19 17:52 - 105870950 _____ () C:\Users\Admin\Desktop\gta_sa 2014-06-19 17-52-51-744.avi
2014-06-18 23:41 - 2012-09-05 19:15 - 00000000 ___RD () C:\Games
2014-06-14 18:53 - 2012-09-03 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-13 22:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-06-13 18:13 - 2014-06-13 18:13 - 01199079 _____ () C:\Windows\unins000.exe
2014-06-13 18:13 - 2014-04-21 14:33 - 00047177 _____ () C:\Windows\unins000.dat
2014-06-12 21:47 - 2013-08-03 12:24 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.minecraft
2014-06-09 03:30 - 2014-06-09 03:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WorldOfSanAndreas
2014-06-09 01:57 - 2014-05-01 01:01 - 00001456 _____ () C:\Users\Admin\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-06-07 15:43 - 2012-07-24 20:12 - 00000000 ____D () C:\Program Files\Fraps

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-12-25 13:49

==================== End Of Log ============================
--- --- ---


MfG :daumenhoc

deeprybka 04.07.2014 22:18
Schon OK, sind ja schon mal weiter... ;)

Schritt 2 dauert sehr lange, den vielleicht über Nacht laufen lassen oder morgen damit anfangen...

Schritt 1

http://filepony.de/icon/malwarebytes_anti_malware.png Malwarebytes Antimalware
  • Download-Link
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
  • Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 3

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

http://www.trojaner-board.de/extra/lesestoff.pngGibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:45 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131