Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner verursacht popups und blaue Schrift im Browser (https://www.trojaner-board.de/156621-trojaner-verursacht-popups-blaue-schrift-browser.html)

B.r. 19.07.2014 13:24

Trojaner verursacht popups und blaue Schrift im Browser
 
Hallo,
ich habe dieses Problem seit dem Einbau einer gebrauchten Festplatte: Popups öffnen sich in allen probierten Browsern, Wörter sind blau hinterlegt.
Ich habe Win7, 32bit und GIGABYTE 78LMT-S2P Mainboard, eset Smart Security.
Ich wäre für Hilfe dankbar.

ESET:

Code:

28.06.2014 16:39:54        HTTP-Prüfung        Datei        hxxp://www13.file-upload.net/download.php?id=8487282&name=06.01.14/1olrcdkh6yk.dll&origname=PerfectHacks-Public.dll&valid=77218150625        Variante von Win32/Packed.Themida.AAE Trojaner        Verbindung getrennt - in Quarantäne kopiert        bendix_pc\*****        Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files\Google\Chrome\Application\chrome.exe.
28.06.2014 16:39:53        HTTP-Prüfung        Datei        hxxp://www13.file-upload.net/download.php?id=8487282&name=06.01.14/1olrcdkh6yk.dll&origname=PerfectHacks-Public.dll&valid=77218150625        Variante von Win32/Packed.Themida.AAE Trojaner        Verbindung getrennt - in Quarantäne kopiert        NT-AUTORITÄT\SYSTEM        Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe.
20.06.2014 17:41:59        Prüfung der Systemstartdateien        Datei        c:\users\bendix_roehl\appdata\local\genesis_06181154\genesis_06181154.exe        Variante von Win32/AdWare.NaviPromo.AY Anwendung        Gesäubert durch Löschen - in Quarantäne kopiert               
20.06.2014 10:34:13        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = chrome.exe(3188)        Variante von Win32/AdWare.NaviPromo.AR Anwendung        Gesäubert durch Löschen               
20.06.2014 10:34:12        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = chrome.exe(3188)        Variante von Win32/AdWare.NaviPromo.AR Anwendung        Gesäubert durch Löschen               
20.06.2014 10:34:10        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2852)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
20.06.2014 10:34:09        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2852)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
20.06.2014 10:34:09        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2852)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
20.06.2014 10:34:09        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2852)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
20.06.2014 05:33:51        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2852)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
20.06.2014 05:33:51        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2852)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
20.06.2014 05:33:51        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2852)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
20.06.2014 05:33:51        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2852)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
20.06.2014 00:33:46        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2852)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
20.06.2014 00:33:46        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2852)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
20.06.2014 00:33:45        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2852)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
20.06.2014 00:33:45        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2852)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
19.06.2014 20:37:24        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2852)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
19.06.2014 20:37:22        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2852)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
19.06.2014 20:37:20        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2852)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
19.06.2014 20:37:17        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2852)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
19.06.2014 17:25:45        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2852)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen        bendix_pc\bendix_roehl       
19.06.2014 17:25:45        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2852)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen        bendix_pc\bendix_roehl       
19.06.2014 17:25:44        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2852)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen        bendix_pc\bendix_roehl       
19.06.2014 17:25:44        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2852)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen        bendix_pc\bendix_roehl       
19.06.2014 15:27:57        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = chrome.exe(4944)        Variante von Win32/AdWare.NaviPromo.AR Anwendung        Gesäubert durch Löschen               
19.06.2014 15:27:56        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = chrome.exe(4944)        Variante von Win32/AdWare.NaviPromo.AR Anwendung        Gesäubert durch Löschen               
19.06.2014 15:27:56        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(4688)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
19.06.2014 15:27:55        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(4688)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
19.06.2014 15:27:55        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(4688)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
19.06.2014 15:27:54        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(4688)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
19.06.2014 15:27:34        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = chrome.exe(4944)        Variante von Win32/AdWare.NaviPromo.AR Anwendung        Gesäubert durch Löschen        bendix_pc\bendix_roehl       
19.06.2014 15:27:34        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = chrome.exe(4944)        Variante von Win32/AdWare.NaviPromo.AR Anwendung        Gesäubert durch Löschen        bendix_pc\bendix_roehl       
19.06.2014 15:27:33        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(4688)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen        bendix_pc\bendix_roehl       
19.06.2014 15:27:32        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(4688)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen        bendix_pc\bendix_roehl       
19.06.2014 15:27:32        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(4688)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen        bendix_pc\bendix_roehl       
19.06.2014 15:27:32        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(4688)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen        bendix_pc\bendix_roehl       
18.06.2014 16:43:22        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(3744)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
18.06.2014 16:43:22        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(3744)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
18.06.2014 16:43:22        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(3744)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
18.06.2014 16:43:21        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(3744)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
18.06.2014 15:45:57        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(3744)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
18.06.2014 15:45:56        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(3744)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
18.06.2014 15:45:56        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(3744)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
18.06.2014 15:45:56        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(3744)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen               
18.06.2014 15:00:32        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(3744)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen        bendix_pc\****
18.06.2014 15:00:32        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(3744)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen        bendix_pc\****       
18.06.2014 15:00:32        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(3744)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen        bendix_pc\****       
18.06.2014 15:00:32        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(3744)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen        bendix_pc\****       
18.06.2014 14:42:39        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2908)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen        bendix_pc\****       
18.06.2014 14:42:39        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2908)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen        bendix_pc\****       
18.06.2014 14:42:38        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2908)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen        bendix_pc\****
18.06.2014 14:42:38        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2908)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen        bendix_pc\****
18.06.2014 14:06:38        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2084)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen        bendix_pc\****
18.06.2014 14:06:38        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2084)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen        bendix_pc\****       
18.06.2014 14:06:38        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2084)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen        bendix_pc\****
18.06.2014 14:06:36        Prüfung der Systemstartdateien        Datei        Arbeitsspeicher = Genesis_06181154.exe(2084)        möglicherweise Variante von Win32/Adware.NaviPromo.AG Anwendung        Gesäubert durch Löschen        bendix_pc\****
18.06.2014 14:05:27        Echtzeit-Dateischutz        Datei                C:\Users\BENDIX~1\AppData\Local\Temp\awh89EB.tmp        Mehrere Bedrohungen        Gesäubert durch Löschen - in Quarantäne kopiert        bendix_pc\****        Ereignis beim Bearbeiten einer Datei durch die Anwendung: C:\Users\****\AppData\Local\Temp\Windows 7 Loader v2.2.2__7821_il4918.exe.
18.06.2014 14:05:02        HTTP-Prüfung        Datei        hxxp://dl.dtxpc.com/download/deliver/amonetize/de/setup_fst_de.exe        Mehrere Bedrohungen        Verbindung getrennt - in Quarantäne kopiert        bendix_pc\****        Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Users\****\AppData\Local\Temp\Windows 7 Loader v2.2.2__7821_il4918.exe.
18.06.2014 14:04:58        HTTP-Prüfung        Datei        hxxp://dl.dtxpc.com/download/deliver/amonetize/de/setup_fst_de.exe        Mehrere Bedrohungen        Verbindung getrennt - in Quarantäne kopiert        NT-AUTORITÄT\SYSTEM        Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe.
18.06.2014 14:04:57        HTTP-Prüfung        Datei        hxxp://cdn.searchbook.me/dp1815.exe        Blocked Object        Verbindung getrennt - in Quarantäne kopiert        bendix_pc\****        Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Users\****\AppData\Local\Temp\Windows 7 Loader v2.2.2__7821_il4918.exe.
18.06.2014 14:04:56        HTTP-Prüfung        Datei        hxxp://cdn.searchbook.me/dp1815.exe        Blocked Object        Verbindung getrennt - in Quarantäne kopiert        NT-AUTORITÄT\SYSTEM        Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe.
18.06.2014 13:55:41        Echtzeit-Dateischutz        Datei        C:\Users\BENDIX~1\AppData\Local\Temp\nsb170C.tmp        Win32/AdWare.Adpeak.F Anwendung        Gesäubert durch Löschen - in Quarantäne kopiert        bendix_pc\**** Ereignis beim Bearbeiten einer Datei durch die Anwendung: C:\Users\****\AppData\Local\Temp\amonetize_rrsavings.exe.
18.06.2014 13:53:24        HTTP-Prüfung        Datei        hxxp://dl.dtxpc.com/download/deliver/amonetize/de/setup_fst_de.exe        Mehrere Bedrohungen        Verbindung getrennt - in Quarantäne kopiert        bendix_pc\****        Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Users\****\Downloads\Windows 7 Loader v2.2.2__7821_il4918.exe.
18.06.2014 13:47:21        HTTP-Prüfung        Datei        hxxp://www.freecardsmaker.com/default/ga/sa?dl=1&ts=0&tschnl=FL_7&adnm=42975383606&i=s&grid=&lg=EN&cc=DE&clg=en&c=1&d=0&cid=_627412451&kw=windows 7&mt=&mn=www.dapkstore.com&ct=&nt=D&expr=&ap=none&dv=c&color=green&agid=_6066576989&free=        Variante von Win32/Injected.F Trojaner        Verbindung getrennt - in Quarantäne kopiert        bendix_pc\****        Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Program Files\Google\Chrome\Application\chrome.exe.
03.06.2014 20:36:36        HTTP-Prüfung        Datei        hxxp://dl.distromatic.com/installers/latest/distro-amzn-installmonetizer-rs-2.exe?bdate=20130815T091346&bversion=1.0.8        Blocked Object        Verbindung getrennt - in Quarantäne kopiert        bendix_pc\bendix_roehl        Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Users\****\AppData\Roaming\amazon\amazon.exe.
03.06.2014 20:36:21        HTTP-Prüfung        Datei        hxxp://dl.distromatic.com/installers/latest/distro-amzn-installmonetizer-rs-2.exe?bdate=20130815T091346&bversion=1.0.8        Blocked Object        Verbindung getrennt - in Quarantäne kopiert        bendix_pc\****        Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Users\****\AppData\Roaming\amazon\amazon.exe.
03.06.2014 20:35:17        HTTP-Prüfung        Datei        hxxp://dl.distromatic.com/installers/latest/distro-amzn-installmonetizer-rs-2.exe?bdate=20130815T091346&bversion=1.0.8        Blocked Object        Verbindung getrennt - in Quarantäne kopiert        bendix_pc\**** Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Users\****\AppData\Roaming\amazon\amazon.exe.
03.06.2014 20:35:05        HTTP-Prüfung        Datei        hxxp://dl.distromatic.com/installers/latest/distro-amzn-installmonetizer-rs-2.exe?bdate=20130815T091346&bversion=1.0.8        Blocked Object        Verbindung getrennt - in Quarantäne kopiert        bendix_pc\bendix_roehl        Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Users\bendix_roehl\AppData\Roaming\amazon\amazon.exe.
03.06.2014 20:34:47        HTTP-Prüfung        Datei        hxxp://dl.distromatic.com/installers/latest/distro-amzn-installmonetizer-rs-2.exe?bdate=20130815T091346&bversion=1.0.8        Blocked Object        Verbindung getrennt - in Quarantäne kopiert        bendix_pc\****        Bedrohung erkannt beim Zugriff auf das Web durch die Anwendung: C:\Users\****\AppData\Roaming\amazon\amazon.exe.
03.06.2014 20:27:25        Echtzeit-Dateischutz        Datei        C:\Users\BENDIX~1\AppData\Local\Temp\nsl5EB6.tmp        Win32/AdWare.Adpeak.F Anwendung        Gesäubert durch Löschen - in Quarantäne kopiert        bendix_pc\****Ereignis beim Bearbeiten einer Datei durch die Anwendung: C:\Users\****\AppData\Local\Temp\n1781\suprasavings_2703-e3e04064.exe.
02.06.2014 16:25:12        Echtzeit-Dateischutz        Datei        C:\Users\BENDIX~1\AppData\Local\Temp\IS1135~1\4680256_stp\OptimizerPro_601.exe        Win32/SpeedingUpMyPC.I Anwendung        Gesäubert durch Löschen - in Quarantäne kopiert        bendix_pc\****        Ereignis beim Erstellen einer neuen Datei durch die Anwendung: C:\Users\****\Downloads\chrome_setup.exe.
20.05.2014 18:45:43        Echtzeit-Dateischutz        Datei        C:\Users\BENDIX~1\AppData\Local\Temp\IS1293~1\7365701_stp\OptimizerPro_601.exe        Win32/SpeedingUpMyPC.I Anwendung        Gesäubert durch Löschen - in Quarantäne kopiert        bendix_pc\****        Ereignis beim Erstellen einer neuen Datei durch die Anwendung: C:\Users\****\Downloads\WinRAR.exe.


defogger:

Code:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:23 on 19/07/2014 (****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


FRST:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by **** (administrator) on BENDIX_PC on 19-07-2014 13:26:56
Running from C:\Users\****\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Fuyu LIMITED) C:\ProgramData\WindowsProtectManger\wprotectmanager.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Razer Inc.) C:\Program Files\Razer\Synapse\RzSynapse.exe
() C:\Program Files\RocketDock\RocketDock.exe
(Razer, Inc.) C:\Program Files\Razer\Core\RzOvlMon.exe
(Digital-Tronic) C:\Program Files\MD5 File Hasher\MD5FileHasher.exe
() C:\Program Files\webget\updatewebget.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\webget\bin\utilwebget.exe
(Wajam Internet Technologies Inc.) C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe
(Wajam Internet Technologies Inc.) C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\webget\bin\webget.PurBrowse.exe
() C:\Program Files\webget\bin\webget.BrowserAdapter.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5078504 2013-03-21] (ESET)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Razer Synapse] => C:\Program Files\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [1122312 2014-05-30] (NVIDIA Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2014-05-22] (Microsoft Corporation)
HKU\S-1-5-21-2350961968-569790009-790667219-1000\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2350961968-569790009-790667219-1000\...\Run: [MD5 File Hasher] => C:\Program Files\MD5 File Hasher\MD5FileHasher -s
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\Program Files\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.)
IFEO\taskmgr.exe: [Debugger] "C:\USERS\****\DESKTOP\ALLES WAS MAN BRAUCH\PROCEXP.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:51210;https=127.0.0.1:51210
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1403092417&from=amt&uid=ST3250410AS_6RYEK2ZJXXXX6RYEK2ZJ
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7A2826213D74CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1403092417&from=amt&uid=ST3250410AS_6RYEK2ZJXXXX6RYEK2ZJ
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403092417&from=amt&uid=ST3250410AS_6RYEK2ZJXXXX6RYEK2ZJ&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1403092417&from=amt&uid=ST3250410AS_6RYEK2ZJXXXX6RYEK2ZJ
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1403092417&from=amt&uid=ST3250410AS_6RYEK2ZJXXXX6RYEK2ZJ
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1403092417&from=amt&uid=ST3250410AS_6RYEK2ZJXXXX6RYEK2ZJ&q={searchTerms}
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1403092417&from=amt&uid=ST3250410AS_6RYEK2ZJXXXX6RYEK2ZJ
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403092417&from=amt&uid=ST3250410AS_6RYEK2ZJXXXX6RYEK2ZJ&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_secureddownload_14_23_ff&cd=2XzuyEtN2Y1L1QzuyCyEyCyC0BtA0C0EyBtDtAtDyByEtD0AtN0D0Tzu0SzzzzyEtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0EyEyBzy0AyB0FtGyC0EtC0FtG0F0ByE0BtGtB0B0FyCtGtB0E0CyCyD0E0C0DtAtByCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByCzz0Ezy0AyBtBtGyCzztDzztGyByC0EyEtGtDzztD0FtGyE0AtDyD0A0FtCtD0CtC0DtC2Q&cr=1472316280&ir=
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403092417&from=amt&uid=ST3250410AS_6RYEK2ZJXXXX6RYEK2ZJ&q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M4C183C99-7D65-42D6-ACD1-ABAFB4896ABD&SearchSource=58&CUI=&UM=5&UP=&q={searchTerms}&SSPV=SP215A_sp_ie
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M4C183C99-7D65-42D6-ACD1-ABAFB4896ABD&SearchSource=58&CUI=&UM=5&UP=&q={searchTerms}&SSPV=SP215A_sp_ie
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_secureddownload_14_23_ff&cd=2XzuyEtN2Y1L1QzuyCyEyCyC0BtA0C0EyBtDtAtDyByEtD0AtN0D0Tzu0SzzzzyEtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0EyEyBzy0AyB0FtGyC0EtC0FtG0F0ByE0BtGtB0B0FyCtGtB0E0CyCyD0E0C0DtAtByCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByCzz0Ezy0AyBtBtGyCzztDzztGyByC0EyEtGtDzztD0FtGyE0AtDyD0A0FtCtD0CtC0DtC2Q&cr=1472316280&ir=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403092417&from=amt&uid=ST3250410AS_6RYEK2ZJXXXX6RYEK2ZJ&q={searchTerms}
SearchScopes: HKCU - {F805E478-61BD-4B90-867A-95B1D6F100BC} URL = hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11406&pf=V7&p2=%5EBBE%5EOSJ000%5EYY%5EDE&gct=sb&itbv=12.10.6.48&apn_uid=38ED3D25-599E-4A96-A669-BD193DDF88A1&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=ie_8.0.7600.16385&doi=2014-05-20&trgb=IE&q={searchTerms}&psv=
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: Ask Toolbar -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
Toolbar: HKLM - loadtbs - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\****\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
Toolbar: HKCU - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - loadtbs - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\****\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default
FF NewTab: hxxp://istart.webssearches.com/newtab/?type=nt&ts=1403092417&from=amt&uid=ST3250410AS_6RYEK2ZJXXXX6RYEK2ZJ
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://istart.webssearches.com/?type=hp&ts=1403092417&from=amt&uid=ST3250410AS_6RYEK2ZJXXXX6RYEK2ZJ
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @esn/npbattlelog,version=2.4.0 - C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\searchplugins\Speedial.xml
FF SearchPlugin: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Quick Start - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\Extensions\quick_start@gmail.com [2014-06-18]
FF Extension: loadtbs - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\Extensions\software@loadtubes.com [2014-05-21]
FF Extension: Yahoo! Toolbar - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-05-20]
FF Extension: Speedial - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\Extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52} [2014-06-02]
FF Extension: webget - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\Extensions\{9edd0ea8-2819-47c2-8320-b007d5996f8a}.xpi [2014-05-21]
FF HKLM\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\extensions\quick_start@gmail.com
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-05-20]
FF Extension: No Name - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\extensions\{55685567-4840-4a91-962b-49a412e9485a}.xpi []

Chrome:
=======
CHR HomePage: hxxp://istart.webssearches.com/?type=hp&ts=1403092417&from=amt&uid=ST3250410AS_6RYEK2ZJXXXX6RYEK2ZJ
CHR StartupUrls: "hxxp://istart.webssearches.com/?type=hp&ts=1403092417&from=amt&uid=ST3250410AS_6RYEK2ZJXXXX6RYEK2ZJ"
CHR DefaultSearchKeyword: webssearches
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-02]
CHR Extension: (Google Drive) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-02]
CHR Extension: (YouTube) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-02]
CHR Extension: (Adblock Plus) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-18]
CHR Extension: (Google-Suche) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-02]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-02]
CHR Extension: (Google Mail) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-02]

========================== Services (Whitelisted) =================

S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-03-26] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1341664 2013-03-21] (ESET)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19741472 2014-05-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-04] ()
R2 RzOvlMon; C:\Program Files\Razer\Core\rzovlmon.exe [30912 2014-04-18] (Razer, Inc.)
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2014-07-18] (Microsoft Corporation) [File not signed]
R2 Update webget; C:\Program Files\webget\updatewebget.exe [321816 2014-07-18] ()
R2 Util webget; C:\Program Files\webget\bin\utilwebget.exe [321816 2014-07-18] ()
R2 Wajam Internet Enhancer Service; C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [217600 2014-06-06] (Wajam Internet Technologies Inc.) [File not signed]
R2 WindowsProtectManger; C:\ProgramData\WindowsProtectManger\wprotectmanager.exe [591776 2014-06-12] (Fuyu LIMITED)

==================== Drivers (Whitelisted) ====================

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [171680 2013-02-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [150080 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [46056 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [47568 2013-02-14] (ESET)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [102592 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [34984 2014-05-19] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [65216 2014-04-18] (Razer, Inc.)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [31528 2014-05-19] (Razer Inc)
R3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [131368 2014-05-19] (Razer Inc)
R1 {55685567-4840-4a91-962b-49a412e9485a}w; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys [52920 2014-06-19] (StdLib)
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys [52920 2014-05-19] (StdLib)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-19 13:26 - 2014-07-19 13:27 - 00018601 _____ () C:\Users\****\Desktop\FRST.txt
2014-07-19 13:26 - 2014-07-19 13:26 - 00000000 ____D () C:\FRST
2014-07-19 13:25 - 2014-07-19 13:26 - 01077248 _____ (Farbar) C:\Users\****\Desktop\FRST.exe
2014-07-19 13:23 - 2014-07-19 13:24 - 00000486 _____ () C:\Users\****\Desktop\defogger_disable.log
2014-07-19 13:23 - 2014-07-19 13:23 - 00000000 _____ () C:\Users\****\defogger_reenable
2014-07-19 13:22 - 2014-07-19 13:22 - 00050477 _____ () C:\Users\****\Desktop\Defogger.exe
2014-07-18 21:24 - 2014-07-19 13:00 - 00000000 ____D () C:\Users\****\AppData\Roaming\MD5 File Hasher
2014-07-18 21:24 - 2014-07-18 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MD5 File Hasher
2014-07-18 21:24 - 2014-07-18 21:24 - 00000000 ____D () C:\Program Files\MD5 File Hasher
2014-07-18 21:24 - 2013-09-23 14:56 - 01138688 ____S (Digital-Tronic) C:\Windows\system32\HashControls.ocx
2014-07-18 21:24 - 2005-07-17 08:21 - 00128736 ____S (Karen Kenworthy) C:\Windows\system32\PTHash.dll
2014-07-18 21:24 - 2000-05-22 16:58 - 00140488 ____S (Microsoft Corporation) C:\Windows\system32\comdlg32.ocx
2014-07-18 21:24 - 1998-06-09 00:00 - 00137216 ____S (Microsoft Corporation) C:\Windows\system32\MSDERUN.DLL
2014-07-18 21:23 - 2014-07-18 21:23 - 02443359 _____ (Digital-Tronic ) C:\Users\****\Downloads\MD5FileHasher_Setup.exe
2014-07-17 13:56 - 2014-07-17 14:01 - 00000000 ____D () C:\Users\****\AppData\Roaming\TeamViewer
2014-07-17 13:55 - 2014-07-17 13:56 - 06263496 _____ (TeamViewer GmbH) C:\Users\****\Downloads\TeamViewer_Setup_de.exe
2014-07-17 12:58 - 2014-07-17 12:58 - 00000000 ____D () C:\Users\****\AppData\Roaming\Unity
2014-07-17 10:51 - 2014-07-17 10:59 - 00000000 ____D () C:\Users\****\AppData\Local\PAYDAY 2
2014-07-17 10:51 - 2014-07-17 10:51 - 00000000 ____D () C:\Program Files\AGEIA Technologies
2014-07-16 18:59 - 2014-06-13 02:16 - 00609056 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2014-07-16 18:56 - 2014-06-13 04:57 - 01056712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234043.dll
2014-07-16 18:56 - 2014-06-13 04:57 - 00907552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234043.dll
2014-07-16 18:56 - 2014-06-13 04:45 - 15295448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-07-16 18:56 - 2014-06-13 04:44 - 24199624 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-07-16 18:56 - 2014-06-13 04:44 - 10677536 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-07-16 18:56 - 2014-06-13 04:43 - 11272544 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-07-16 18:56 - 2014-06-13 04:43 - 11211224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-07-16 18:56 - 2014-06-13 04:43 - 03988312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-07-16 18:56 - 2014-06-13 04:43 - 00907096 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2014-07-16 18:56 - 2014-06-13 04:43 - 00868184 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2014-07-11 17:21 - 2014-07-13 18:31 - 00000000 ____D () C:\Users\****\AppData\Local\LogMeIn Hamachi
2014-07-11 17:21 - 2014-07-11 17:21 - 00000000 ____D () C:\Users\****\AppData\Local\LogMeIn
2014-07-11 17:21 - 2014-07-11 17:21 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-09 17:19 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 17:19 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 17:19 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 17:19 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 17:19 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 17:19 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 17:19 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 17:19 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 17:19 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 17:19 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 17:19 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 17:19 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 17:19 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 17:19 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 17:19 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 17:19 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 17:19 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 17:19 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 17:19 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 17:19 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 17:19 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 17:19 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 17:19 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 17:19 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 17:19 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 17:19 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 17:19 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 17:19 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 17:19 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 17:19 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 17:18 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 17:18 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 17:18 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 17:18 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 17:18 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-01 16:28 - 2014-07-04 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xinorbis6
2014-07-01 16:28 - 2014-07-01 16:28 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xinorbis6
2014-07-01 16:28 - 2014-07-01 16:28 - 00000000 ____D () C:\Program Files\freshney.org
2014-06-29 14:43 - 2014-06-29 14:43 - 00158704 _____ () C:\Windows\Minidump\062914-24008-01.dmp
2014-06-28 17:03 - 2014-06-28 17:03 - 00000000 ____D () C:\Users\****\AppData\Local\master131
2014-06-24 20:09 - 2014-06-24 20:09 - 00000000 ____D () C:\Users\****\AppData\Local\Unity
2014-06-24 14:33 - 2014-07-19 00:38 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8fa8733ffe7b.job
2014-06-20 03:28 - 2014-06-19 17:01 - 00052920 _____ (StdLib) C:\Windows\system32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys

==================== One Month Modified Files and Folders =======

2014-07-19 13:27 - 2014-07-19 13:26 - 00018601 _____ () C:\Users\****\Desktop\FRST.txt
2014-07-19 13:26 - 2014-07-19 13:26 - 00000000 ____D () C:\FRST
2014-07-19 13:26 - 2014-07-19 13:25 - 01077248 _____ (Farbar) C:\Users\****\Desktop\FRST.exe
2014-07-19 13:25 - 2014-05-20 18:46 - 00000312 _____ () C:\Windows\Tasks\Speedial.job
2014-07-19 13:24 - 2014-07-19 13:23 - 00000486 _____ () C:\Users\****\Desktop\defogger_disable.log
2014-07-19 13:23 - 2014-07-19 13:23 - 00000000 _____ () C:\Users\****\defogger_reenable
2014-07-19 13:23 - 2014-05-20 15:28 - 00000000 ____D () C:\Users\****
2014-07-19 13:22 - 2014-07-19 13:22 - 00050477 _____ () C:\Users\****\Desktop\Defogger.exe
2014-07-19 13:16 - 2014-05-20 16:53 - 00000000 ____D () C:\Users\****\Desktop\Alles was man brauch
2014-07-19 13:07 - 2009-07-14 06:34 - 00014336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-19 13:07 - 2009-07-14 06:34 - 00014336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-19 13:02 - 2014-05-20 15:01 - 01260526 _____ () C:\Windows\WindowsUpdate.log
2014-07-19 13:01 - 2009-07-14 04:04 - 00000505 _____ () C:\Windows\win.ini
2014-07-19 13:00 - 2014-07-18 21:24 - 00000000 ____D () C:\Users\****\AppData\Roaming\MD5 File Hasher
2014-07-19 13:00 - 2014-06-02 16:27 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 13:00 - 2014-05-20 16:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-19 13:00 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-19 13:00 - 2009-07-14 06:39 - 00050868 _____ () C:\Windows\setupact.log
2014-07-19 00:58 - 2014-05-20 18:37 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2014-07-19 00:40 - 2014-05-20 20:10 - 00000000 ____D () C:\Program Files\Steam
2014-07-19 00:38 - 2014-06-24 14:33 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8fa8733ffe7b.job
2014-07-19 00:38 - 2014-06-03 14:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-18 21:24 - 2014-07-18 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MD5 File Hasher
2014-07-18 21:24 - 2014-07-18 21:24 - 00000000 ____D () C:\Program Files\MD5 File Hasher
2014-07-18 21:23 - 2014-07-18 21:23 - 02443359 _____ (Digital-Tronic ) C:\Users\****\Downloads\MD5FileHasher_Setup.exe
2014-07-18 20:53 - 2014-05-20 20:10 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-07-18 18:54 - 2014-05-23 15:27 - 00010906 _____ () C:\Windows\PFRO.log
2014-07-18 18:54 - 2009-07-14 06:53 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-18 18:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-18 18:52 - 2014-05-22 16:14 - 02755072 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-07-18 18:52 - 2009-07-14 01:40 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-18 18:52 - 2009-07-14 01:39 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\themeservice.dll
2014-07-17 16:43 - 2014-05-20 18:27 - 00000000 ____D () C:\Users\****\AppData\Roaming\.minecraft
2014-07-17 16:29 - 2014-03-09 16:48 - 00000000 ____D () C:\temp
2014-07-17 14:01 - 2014-07-17 13:56 - 00000000 ____D () C:\Users\****\AppData\Roaming\TeamViewer
2014-07-17 13:56 - 2014-07-17 13:55 - 06263496 _____ (TeamViewer GmbH) C:\Users\****\Downloads\TeamViewer_Setup_de.exe
2014-07-17 12:58 - 2014-07-17 12:58 - 00000000 ____D () C:\Users\****\AppData\Roaming\Unity
2014-07-17 10:59 - 2014-07-17 10:51 - 00000000 ____D () C:\Users\****\AppData\Local\PAYDAY 2
2014-07-17 10:51 - 2014-07-17 10:51 - 00000000 ____D () C:\Program Files\AGEIA Technologies
2014-07-17 10:51 - 2014-05-20 16:35 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-16 19:00 - 2014-05-20 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-16 15:05 - 2014-05-23 19:41 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-13 18:31 - 2014-07-11 17:21 - 00000000 ____D () C:\Users\****\AppData\Local\LogMeIn Hamachi
2014-07-13 18:27 - 2014-05-22 13:56 - 00000000 ____D () C:\Fraps
2014-07-11 17:21 - 2014-07-11 17:21 - 00000000 ____D () C:\Users\***\AppData\Local\LogMeIn
2014-07-11 17:21 - 2014-07-11 17:21 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-11 17:05 - 2014-05-31 19:18 - 00000000 ____D () C:\ProgramData\Origin
2014-07-11 17:02 - 2014-06-03 14:55 - 00297088 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-07-11 17:02 - 2014-06-03 12:43 - 00297088 _____ () C:\Windows\system32\PnkBstrB.exe
2014-07-11 17:02 - 2014-06-03 12:43 - 00140520 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-07-11 17:01 - 2014-06-03 12:43 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-07-11 17:00 - 2014-05-31 19:18 - 00000000 ____D () C:\Program Files\Origin
2014-07-11 15:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-07-10 16:09 - 2014-05-20 20:37 - 00158848 _____ () C:\Windows\DPINST.LOG
2014-07-10 16:00 - 2014-05-20 15:33 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-10 15:47 - 2009-07-14 06:33 - 00286288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 15:45 - 2009-07-14 10:56 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 19:23 - 2014-05-22 12:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 19:21 - 2009-10-14 04:21 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 17:38 - 2014-06-03 14:32 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 17:38 - 2014-06-03 14:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-04 19:57 - 2014-06-03 12:43 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-07-04 18:05 - 2014-07-01 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xinorbis6
2014-07-04 18:04 - 2014-06-07 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vegas Pro 11.0
2014-07-02 20:55 - 2014-05-20 19:02 - 00000000 ____D () C:\Users\****\AppData\Local\Paint.NET
2014-07-01 21:19 - 2014-05-20 20:20 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-01 19:33 - 2014-05-20 18:32 - 00000000 ____D () C:\Users\****\AppData\Roaming\NVIDIA
2014-07-01 16:42 - 2014-06-18 15:06 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-01 16:28 - 2014-07-01 16:28 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xinorbis6
2014-07-01 16:28 - 2014-07-01 16:28 - 00000000 ____D () C:\Program Files\freshney.org
2014-06-29 14:43 - 2014-06-29 14:43 - 00158704 _____ () C:\Windows\Minidump\062914-24008-01.dmp
2014-06-29 14:43 - 2014-06-01 01:13 - 234683754 _____ () C:\Windows\MEMORY.DMP
2014-06-29 14:43 - 2014-06-01 01:13 - 00000000 ____D () C:\Windows\Minidump
2014-06-28 17:03 - 2014-06-28 17:03 - 00000000 ____D () C:\Users\****\AppData\Local\master131
2014-06-26 17:47 - 2009-07-14 10:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-26 15:55 - 2014-05-20 18:58 - 00000000 ____D () C:\Program Files\Opera
2014-06-24 20:09 - 2014-06-24 20:09 - 00000000 ____D () C:\Users\****\AppData\Local\Unity
2014-06-20 21:39 - 2014-07-09 17:19 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 17:41 - 2014-06-18 13:54 - 00000000 ____D () C:\Users\****\AppData\Local\Genesis_06181154
2014-06-20 03:28 - 2014-05-20 18:45 - 00000000 ____D () C:\Program Files\webget
2014-06-19 17:01 - 2014-06-20 03:28 - 00052920 _____ (StdLib) C:\Windows\system32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w.sys
2014-06-19 02:16 - 2014-07-09 17:19 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 01:56 - 2014-07-09 17:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 01:56 - 2014-07-09 17:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 01:38 - 2014-07-09 17:19 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 01:37 - 2014-07-09 17:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 01:36 - 2014-07-09 17:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 17:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 01:32 - 2014-07-09 17:19 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 01:28 - 2014-07-09 17:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 17:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 01:25 - 2014-07-09 17:19 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 01:23 - 2014-07-09 17:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 01:23 - 2014-07-09 17:19 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 01:22 - 2014-07-09 17:19 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 01:16 - 2014-07-09 17:19 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 01:12 - 2014-07-09 17:19 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 17:19 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 00:59 - 2014-07-09 17:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 17:19 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 17:19 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 00:52 - 2014-07-09 17:19 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 00:49 - 2014-07-09 17:19 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 17:19 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 17:19 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 17:19 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:13 - 2014-07-09 17:19 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:09 - 2014-07-09 17:19 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:07 - 2014-07-09 17:19 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 14:52

==================== End Of Log ============================

Addition:

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01
Ran by **** at 2014-07-19 13:27:48
Running from C:\Users\****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal Firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

==================== Installed Programs ======================

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Ask Toolbar (HKLM\...\{4F524A2D-5637-4300-76A7-A758B70C0A06}) (Version: 12.10.6.48 - APN, LLC) <==== ATTENTION
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version:  - Alactro LLC) <==== ATTENTION
Cheat Engine 6.3 (HKLM\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version:  - Valve)
ESET Smart Security (HKLM\...\{B49F10A8-9DDB-4E48-9E02-FD5F1C0CE425}) (Version: 6.0.400.1 - ESET, spol s r. o.)
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Genesis (HKCU\...\genesis_06181154) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Half-Life 2 (HKLM\...\Steam App 220) (Version:  - Valve)
InetStat (HKCU\...\InetStat) (Version: 0.4 - InetStat)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
loadtbs-3.0 (HKLM\...\loadtbs-3.0) (Version:  - )
MD5 File Hasher 1.4 (HKLM\...\MD5 File Hasher_is1) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version: 6.4.1 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 340.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.43 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.43 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.43 (Version: 340.43 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Origin (HKLM\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41417}) (Version: 3.61.0 - dotPDN LLC)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Razer Core (HKLM\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
RocketDock 1.3.5 (HKLM\...\RocketDock_is1) (Version:  - Punk Software)
rrsavings (HKLM\...\rrsavings) (Version: 2.0.1 - rrsavings) <==== ATTENTION
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sony Vegas Pro Pre-Cracked By Exµs 11.0 (HKLM\...\Sony Vegas Pro Pre-Cracked By Exµs) (Version: 11.0 - TheMrExus)
Speedial (HKLM\...\Speedial) (Version:  - Speedial) <==== ATTENTION
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
suprasavings (HKLM\...\suprasavings) (Version: 2.0.1 - suprasavings) <==== ATTENTION
TP-LINK TL-WN851ND Driver (HKLM\...\{4BAE4C76-44C3-418F-B715-6BBF5A65323E}) (Version: 1.00.0000 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 2.01.0012 - TP-LINK)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Wajam (HKLM\...\Wajam) (Version: 2.8 (i2.1) - Wajam) <==== ATTENTION
webget (HKLM\...\webget) (Version: 2014.05.20.150449 - webget) <==== ATTENTION
webssearches uninstaller (HKLM\...\webssearches uninstaller) (Version:  - webssearches) <==== ATTENTION
WindowsProtectManger20.0.0.401 (HKLM\...\WindowsProtectManger) (Version: 20.0.0.401 - Fuyu LIMITED) <==== ATTENTION
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

11-07-2014 15:19:23 Installed LogMeIn Hamachi
13-07-2014 16:31:13 Removed LogMeIn Hamachi
16-07-2014 11:26:19 Windows Update
16-07-2014 16:57:19 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte
16-07-2014 16:59:26 Gerätetreiber-Paketinstallation: NVIDIA USB-Controller
17-07-2014 08:50:25 DirectX wurde installiert

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0A4E4FF3-9EEA-4B61-9C89-6FB16B43C536} - System32\Tasks\Speedial => C:\Users\****\AppData\Roaming\Speedial\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {13F4C4C1-E07D-4B7D-8E7E-366110BBB35B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {A36F140E-2979-43FB-AE83-A72160753B33} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-02] (Google Inc.)
Task: {BA1B7431-3927-403B-984D-576900B1643D} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8fa8733ffe7b => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-02] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8fa8733ffe7b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Speedial.job => C:\Users\BENDIX~1\AppData\Roaming\Speedial\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-05-20 16:40 - 2014-06-13 03:18 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-05-20 18:47 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files\RocketDock\RocketDock.dll
2014-06-03 12:43 - 2014-07-04 19:57 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-05-20 18:47 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files\RocketDock\RocketDock.exe
2014-05-20 17:04 - 2014-07-18 19:09 - 00321816 _____ () C:\Program Files\webget\updatewebget.exe
2014-05-20 19:58 - 2014-07-18 23:28 - 00321816 _____ () C:\Program Files\webget\bin\utilwebget.exe
2014-07-08 20:13 - 2014-07-17 12:21 - 00239384 _____ () C:\Program Files\webget\bin\webget.PurBrowse.exe
2014-06-02 17:08 - 2014-07-18 03:13 - 00096536 _____ () C:\Program Files\webget\bin\webget.BrowserAdapter.exe
2014-07-17 22:49 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-17 22:49 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-17 22:49 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-17 22:49 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-17 22:49 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-17 22:49 - 2014-07-15 11:24 - 14664008 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: EADM => "C:\Program Files\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: InetStat => "C:\Users\****\AppData\Roaming\InetStat\inetstat.exe" /c=14
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Registry Helper => "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2014 02:53:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/18/2014 02:53:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/17/2014 10:50:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (07/17/2014 10:50:25 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {63792361-d378-4990-9d8b-ace822b49653}

Error: (07/17/2014 02:42:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/17/2014 02:42:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/16/2014 06:59:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (07/16/2014 06:59:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (07/16/2014 06:57:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (07/16/2014 06:57:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.


System errors:
=============
Error: (07/18/2014 08:53:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/18/2014 08:53:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (07/18/2014 11:58:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update webget" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/18/2014 11:58:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Update webget erreicht.

Error: (07/14/2014 05:37:17 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7B4313D3-0C40-4DC3-8479-0C47E05A6F-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/12/2014 04:13:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/12/2014 04:13:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (07/11/2014 07:39:11 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7B4313D3-0C40-4DC3-8479-0C47E05A6F-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/11/2014 05:21:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/11/2014 05:21:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.


Microsoft Office Sessions:
=========================
Error: (07/18/2014 02:53:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Razer\razer_common_driver\Vista_XP\DPInst_amd64.exe

Error: (07/18/2014 02:53:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Razer\razer_common_driver\Drivers\DPInst_amd64.exe

Error: (07/17/2014 10:50:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (07/17/2014 10:50:25 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {63792361-d378-4990-9d8b-ace822b49653}

Error: (07/17/2014 02:42:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Razer\razer_common_driver\Vista_XP\DPInst_amd64.exe

Error: (07/17/2014 02:42:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Razer\razer_common_driver\Drivers\DPInst_amd64.exe

Error: (07/16/2014 06:59:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (07/16/2014 06:59:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (07/16/2014 06:57:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (07/16/2014 06:57:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 3325.55 MB
Available physical RAM: 1761.91 MB
Total Pagefile: 6649.4 MB
Available Pagefile: 4706.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:104.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 70F009D4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================


deeprybka 19.07.2014 14:00

Hi, wenn Du Hilfe willst dann kommt das runter:
Code:

Sony Vegas Pro Pre-Cracked By Exµs 11.0 (HKLM\...\Sony Vegas Pro Pre-Cracked By Exµs) (Version: 11.0 - TheMrExus)
http://www.trojaner-board.de/95394-c...-software.html

B.r. 19.07.2014 14:57

tut mir leid .... mein Bruder hatte das mal installiert und nicht aus dem Papierkorb gelöscht ... jetzt ist es aber weck

oh er sagt das das auch noch in nem ortner ist ich lösche es

deeprybka 19.07.2014 15:00

Deinstallieren... ;)

B.r. 19.07.2014 15:03

oh ja ich bitte um Entschuldigung er sagt das er es deinstalliert hatte aber das war da wirklich noch....aber jetzt ist es zu 100% weg :)

deeprybka 19.07.2014 15:05

:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab.
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.



Los geht's:


Schritt 1
Lade Dir bitte Revo Uninstallerhttp://deeprybka.trojaner-board.de/b...ninstaller.pnghier herunter.
Entpacke die zip-Datei auf den Desktop.Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter.
Auch wenn am Ende noch Programme übrig geblieben sind, die den ATTENTION-Zusatz haben, führe den nächsten Schritt aus:


Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3
Bitte lade Dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans den Virenscanner, da dieser Zoek stören könnte.
  • Starte die zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und sollte nicht 1:1 auf andere Computer übernommen werden.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:

    resetIEproxy;
    FFdefaults;
    CHRdefaults;
    iedefaults;
    emptyclsid;
    autoclean;

  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Schritt 4

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

B.r. 19.07.2014 15:32

Ich bin im Uninstallerfeld und kann dort verschiedene Ansichten wählen - finde aber nirgendwo eine Liste mit Zusätzen...

deeprybka 19.07.2014 15:43

Was steht denn in der Anleitung wo Du nach den Programmen mit "Attention" suchen sollst? :)

B.r. 19.07.2014 17:27

...fast 40° hier unterm Dach... Nachsicht!


AdwCleaner:

Code:

# AdwCleaner v3.216 - Bericht erstellt am 19/07/2014 um 17:45:12
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : bendix_roehl - BENDIX_PC
# Gestartet von : C:\Users\***\Desktop\adwcleaner_3.216.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw
Dienst Gelöscht : IePluginServices
Dienst Gelöscht : Wajam Internet Enhancer Service

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\Registry Helper
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\Program Files\002
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Program Files\Advanced System Protector
Ordner Gelöscht : C:\Program Files\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files\SupTab
Ordner Gelöscht : C:\Program Files\Systweak Support Dock
Ordner Gelöscht : C:\Program Files\Wajam
Ordner Gelöscht : C:\Users\***\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\***\AppData\Roaming\loadtbs
Ordner Gelöscht : C:\Users\***\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Speedial
Ordner Gelöscht : C:\Users\***\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\Extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\Extensions\quick_start@gmail.com
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\Extensions\software@loadtubes.com
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys
Datei Gelöscht : C:\Windows\system32\RegistryHelperLM.ocx
Datei Gelöscht : C:\Windows\system32\roboot.exe
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\searchplugins\Speedial.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\searchplugins\trovi-search.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\webssearches.xml
Datei Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks\WorldofTanks.lnk
Verknüpfung Desinfiziert : C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WorldofTanks.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SpeeDial_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SpeeDial_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_setup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vlc-media-player_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vlc-media-player_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-4300-76A7-7A786E7484D7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5637-4300-76A7-7A786E7484D7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5637-4300-76A7-7A786E7484D7}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\ClickConnect
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\RrSavings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\suprasavings
Schlüssel Gelöscht : HKLM\Software\Registry Helper
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWindowsProtectManger
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Wajam
Schlüssel Gelöscht : HKLM\Software\webssearchesSoftware
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-3.0
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SupTab\SEARCH~1.DLL

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://istart.webssearches.com/newtab/?type=nt&ts=1403092417&from=amt&uid=ST3250410AS_6RYEK2ZJXXXX6RYEK2ZJ");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "webssearches");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "webssearches");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hp&ts=1403092417&from=amt&uid=ST3250410AS_6RYEK2ZJXXXX6RYEK2ZJ");

-\\ Google Chrome v36.0.1985.125

[ Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=dspp&ts=1405767633&from=amt&uid=ST3250410AS_6RYEK2ZJXXXX6RYEK2ZJ&q={searchTerms}
Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1403092417&from=amt&uid=ST3250410AS_6RYEK2ZJXXXX6RYEK2ZJ&q={searchTerms}
Gelöscht [Startup_urls] : hxxp://istart.webssearches.com/?type=hp&ts=1403092417&from=amt&uid=ST3250410AS_6RYEK2ZJXXXX6RYEK2ZJ
Gelöscht [Homepage] : hxxp://istart.webssearches.com/?type=hp&ts=1403092417&from=amt&uid=ST3250410AS_6RYEK2ZJXXXX6RYEK2ZJ
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [13150 octets] - [19/07/2014 17:44:41]
AdwCleaner[S0].txt - [11723 octets] - [19/07/2014 17:45:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11784 octets] ##########

zoek:

Code:

Zoek.exe v5.0.0.0 Updated 16-07-2014
Tool run by bendix_roehl on 19.07.2014 at 17:55:40,71.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\bendix_roehl\Desktop\zoek.scr [Scan all users] [Script inserted]

==== System Restore Info ======================

19.07.2014 17:56:17 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2350961968-569790009-790667219-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F805E478-61BD-4B90-867A-95B1D6F100BC} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2350961968-569790009-790667219-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\BENDIX~1\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\prefs.js:
user_pref("browser.search.useDBForOrder", "false");

Added to C:\Users\BENDIX~1\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\BENDIX~1\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

prefs__1803_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\sweetpacks bundle uninstaller_Skype_1539816 deleted
C:\found.000 deleted
C:\Users\***\Searches deleted
"C:\Windows\Installer\5bca89.msi" deleted
"C:\Users\***\AppData\Roaming\convert\convert.exe" deleted
"C:\Users\***\AppData\Roaming\convert" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\BENDIX~1\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default
- Undetermined - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
- Undetermined - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\extensions\software@loadtubes.com
- Undetermined - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\extensions\quick_start@gmail.com

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default
7D852CC9987A6B0DEF00EEBB38C4BD12        - C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll -        Battlelog Game Launcher
025BBEF5A248B09BDC6684747F6EB5BC        - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll -        Java(TM) Platform SE 7 U55
290A0130C74ADCD4546BC6900D1665D9        - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll -        Java Deployment Toolkit 7.0.550.14
5B65E44CAD6C2C0C4A8CB09AFCBE108E        - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll -        NVIDIA 3D Vision
329DD33D3C72536E6B0B95183D3762A7        - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll -        NVIDIA 3D VISION


==== Chrome Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="hxxp://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InetStat deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Helper deleted successfully

==== Empty IE Cache ======================

C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\bhr1lmir.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=10 folders=4 13281926 bytes)

==== Empty Temp Folders ======================

C:\Users\***\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\BENDIX~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 19.07.2014 at 18:06:25,00 ======================

FRST:


FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-07-2014
Ran by *** (administrator) on BENDIX_PC on 19-07-2014 18:15:24
Running from C:\Users\***\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Razer, Inc.) C:\Program Files\Razer\Core\RzOvlMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Razer Inc.) C:\Program Files\Razer\Synapse\RzSynapse.exe
() C:\Program Files\RocketDock\RocketDock.exe
(Digital-Tronic) C:\Program Files\MD5 File Hasher\MD5FileHasher.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-05-22] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2350961968-569790009-790667219-1000\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2350961968-569790009-790667219-1000\...\Run: [MD5 File Hasher] => C:\Program Files\MD5 File Hasher\MD5FileHasher -s
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7A2826213D74CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @esn/npbattlelog,version=2.4.0 - C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-05-20]
FF Extension: No Name - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\extensions\{9edd0ea8-2819-47c2-8320-b007d5996f8a}.xpi []
FF Extension: No Name - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\bhr1lmir.default\extensions\{55685567-4840-4a91-962b-49a412e9485a}.xpi []

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-02]
CHR Extension: (Google Drive) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-02]
CHR Extension: (YouTube) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-02]
CHR Extension: (Google-Suche) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-02]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-02]
CHR Extension: (Google Mail) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-02]

========================== Services (Whitelisted) =================

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1341664 2013-03-21] (ESET)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19741472 2014-05-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-04] ()
R2 RzOvlMon; C:\Program Files\Razer\Core\rzovlmon.exe [30912 2014-04-18] (Razer, Inc.)
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2014-07-18] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [171680 2013-02-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [150080 2013-01-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [46056 2013-01-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [47568 2013-02-14] (ESET)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [102592 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [34984 2014-05-19] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [65216 2014-04-18] (Razer, Inc.)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [31528 2014-05-19] (Razer Inc)
R3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [131368 2014-05-19] (Razer Inc)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-19 18:14 - 2014-07-19 18:14 - 00019257 _____ () C:\Users\****\Desktop\Neues Textdokument.txt
2014-07-19 18:04 - 2014-02-13 23:59 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-19 17:56 - 2014-07-19 18:06 - 00009243 _____ () C:\zoek-results.log
2014-07-19 17:55 - 2014-07-19 18:03 - 00000000 ____D () C:\zoek_backup
2014-07-19 17:55 - 2014-07-14 15:11 - 01417360 _____ () C:\Users\**\Desktop\zoek.scr
2014-07-19 17:53 - 2014-07-19 17:54 - 04243371 _____ () C:\Users\***\Desktop\zoek.rar
2014-07-19 17:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-19 17:38 - 2014-07-19 17:45 - 00000000 ____D () C:\AdwCleaner
2014-07-19 17:37 - 2014-07-19 17:37 - 01354223 _____ () C:\Users\***\Desktop\adwcleaner_3.216.exe
2014-07-19 16:49 - 2014-07-19 16:49 - 00000000 ____D () C:\Users\***\Desktop\FRST-OlderVersion
2014-07-19 16:09 - 2014-07-19 16:09 - 00000000 ____D () C:\Users\***\Desktop\revouninstaller-portable
2014-07-19 13:48 - 2014-07-19 13:48 - 00002639 _____ () C:\Users\***\Desktop\Gmer.txt
2014-07-19 13:30 - 2014-07-19 13:30 - 00380416 _____ () C:\Users\***\Desktop\Gmer-19357.exe
2014-07-19 13:27 - 2014-07-19 14:18 - 00023737 _____ () C:\Users\***\Desktop\Addition.txt
2014-07-19 13:26 - 2014-07-19 18:16 - 00010065 _____ () C:\Users\***\Desktop\FRST.txt
2014-07-19 13:26 - 2014-07-19 18:15 - 00000000 ____D () C:\FRST
2014-07-19 13:25 - 2014-07-19 16:49 - 01079808 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2014-07-19 13:23 - 2014-07-19 13:24 - 00000486 _____ () C:\Users\***\Desktop\defogger_disable.log
2014-07-19 13:23 - 2014-07-19 13:23 - 00000000 _____ () C:\Users\***\defogger_reenable
2014-07-19 13:22 - 2014-07-19 13:22 - 00050477 _____ () C:\Users\***\Desktop\Defogger.exe
2014-07-18 21:24 - 2014-07-19 18:06 - 00000000 ____D () C:\Users\***\AppData\Roaming\MD5 File Hasher
2014-07-18 21:24 - 2014-07-18 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MD5 File Hasher
2014-07-18 21:24 - 2014-07-18 21:24 - 00000000 ____D () C:\Program Files\MD5 File Hasher
2014-07-18 21:24 - 2013-09-23 14:56 - 01138688 ____S (Digital-Tronic) C:\Windows\system32\HashControls.ocx
2014-07-18 21:24 - 2005-07-17 08:21 - 00128736 ____S (Karen Kenworthy) C:\Windows\system32\PTHash.dll
2014-07-18 21:24 - 2000-05-22 16:58 - 00140488 ____S (Microsoft Corporation) C:\Windows\system32\comdlg32.ocx
2014-07-18 21:24 - 1998-06-09 00:00 - 00137216 ____S (Microsoft Corporation) C:\Windows\system32\MSDERUN.DLL
2014-07-17 13:56 - 2014-07-17 14:01 - 00000000 ____D () C:\Users\***\AppData\Roaming\TeamViewer
2014-07-17 12:58 - 2014-07-17 12:58 - 00000000 ____D () C:\Users\***\AppData\Roaming\Unity
2014-07-17 10:51 - 2014-07-17 10:59 - 00000000 ____D () C:\Users\***\AppData\Local\PAYDAY 2
2014-07-17 10:51 - 2014-07-17 10:51 - 00000000 ____D () C:\Program Files\AGEIA Technologies
2014-07-16 18:59 - 2014-06-13 02:16 - 00609056 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2014-07-16 18:56 - 2014-06-13 04:57 - 01056712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3234043.dll
2014-07-16 18:56 - 2014-06-13 04:57 - 00907552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3234043.dll
2014-07-16 18:56 - 2014-06-13 04:45 - 15295448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-07-16 18:56 - 2014-06-13 04:44 - 24199624 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-07-16 18:56 - 2014-06-13 04:44 - 10677536 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-07-16 18:56 - 2014-06-13 04:43 - 11272544 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-07-16 18:56 - 2014-06-13 04:43 - 11211224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-07-16 18:56 - 2014-06-13 04:43 - 03988312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-07-16 18:56 - 2014-06-13 04:43 - 00907096 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2014-07-16 18:56 - 2014-06-13 04:43 - 00868184 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2014-07-11 17:21 - 2014-07-13 18:31 - 00000000 ____D () C:\Users\***\AppData\Local\LogMeIn Hamachi
2014-07-11 17:21 - 2014-07-11 17:21 - 00000000 ____D () C:\Users\***\AppData\Local\LogMeIn
2014-07-11 17:21 - 2014-07-11 17:21 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-09 17:19 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 17:19 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 17:19 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 17:19 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 17:19 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 17:19 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 17:19 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 17:19 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 17:19 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 17:19 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 17:19 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 17:19 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 17:19 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 17:19 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 17:19 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 17:19 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 17:19 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 17:19 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 17:19 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 17:19 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 17:19 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 17:19 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 17:19 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 17:19 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 17:19 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 17:19 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 17:19 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 17:19 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 17:19 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 17:19 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 17:18 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 17:18 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 17:18 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 17:18 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 17:18 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-01 16:28 - 2014-07-04 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xinorbis6
2014-07-01 16:28 - 2014-07-01 16:28 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xinorbis6
2014-07-01 16:28 - 2014-07-01 16:28 - 00000000 ____D () C:\Program Files\freshney.org
2014-06-29 14:43 - 2014-06-29 14:43 - 00158704 _____ () C:\Windows\Minidump\062914-24008-01.dmp
2014-06-28 17:03 - 2014-06-28 17:03 - 00000000 ____D () C:\Users\***\AppData\Local\master131
2014-06-24 20:09 - 2014-06-24 20:09 - 00000000 ____D () C:\Users\***\AppData\Local\Unity
2014-06-24 14:33 - 2014-07-19 17:38 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8fa8733ffe7b.job

==================== One Month Modified Files and Folders =======

2014-07-19 18:16 - 2014-07-19 13:26 - 00010065 _____ () C:\Users\***\Desktop\FRST.txt
2014-07-19 18:15 - 2014-07-19 13:26 - 00000000 ____D () C:\FRST
2014-07-19 18:14 - 2014-07-19 18:14 - 00019257 _____ () C:\Users\***\Desktop\Neues Textdokument.txt
2014-07-19 18:13 - 2009-07-14 06:34 - 00014336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-19 18:13 - 2009-07-14 06:34 - 00014336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-19 18:10 - 2014-05-20 15:01 - 01296343 _____ () C:\Windows\WindowsUpdate.log
2014-07-19 18:06 - 2014-07-19 17:56 - 00009243 _____ () C:\zoek-results.log
2014-07-19 18:06 - 2014-07-18 21:24 - 00000000 ____D () C:\Users\***\AppData\Roaming\MD5 File Hasher
2014-07-19 18:06 - 2014-06-02 16:27 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 18:06 - 2014-05-20 16:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-19 18:06 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-19 18:06 - 2009-07-14 06:39 - 00051204 _____ () C:\Windows\setupact.log
2014-07-19 18:05 - 2014-05-23 15:27 - 00017386 _____ () C:\Windows\PFRO.log
2014-07-19 18:03 - 2014-07-19 17:55 - 00000000 ____D () C:\zoek_backup
2014-07-19 18:03 - 2014-05-20 15:28 - 00000000 ____D () C:\Users\***
2014-07-19 17:54 - 2014-07-19 17:53 - 04243371 _____ () C:\Users\***\Desktop\zoek.rar
2014-07-19 17:45 - 2014-07-19 17:38 - 00000000 ____D () C:\AdwCleaner
2014-07-19 17:45 - 2014-06-02 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-19 17:45 - 2014-06-02 16:25 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks
2014-07-19 17:45 - 2014-05-20 19:10 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-19 17:38 - 2014-06-24 14:33 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8fa8733ffe7b.job
2014-07-19 17:38 - 2014-06-03 14:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-19 17:37 - 2014-07-19 17:37 - 01354223 _____ () C:\Users\***\Desktop\adwcleaner_3.216.exe
2014-07-19 17:07 - 2009-07-14 04:04 - 00000505 _____ () C:\Windows\win.ini
2014-07-19 16:58 - 2014-06-18 13:54 - 00000000 ____D () C:\Users\***\AppData\Local\Genesis_06181154
2014-07-19 16:52 - 2014-05-20 20:10 - 00000000 ____D () C:\Program Files\Steam
2014-07-19 16:52 - 2014-05-20 18:37 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype
2014-07-19 16:49 - 2014-07-19 16:49 - 00000000 ____D () C:\Users\***\Desktop\FRST-OlderVersion
2014-07-19 16:49 - 2014-07-19 13:25 - 01079808 _____ (Farbar) C:\Users\***\Desktop\FRST.exe
2014-07-19 16:49 - 2014-05-31 19:18 - 00000000 ____D () C:\ProgramData\Origin
2014-07-19 16:48 - 2014-05-31 19:18 - 00000000 ____D () C:\Program Files\Origin
2014-07-19 16:09 - 2014-07-19 16:09 - 00000000 ____D () C:\Users\***\Desktop\revouninstaller-portable
2014-07-19 16:02 - 2014-06-07 15:33 - 00000000 ____D () C:\Program Files\Sony
2014-07-19 15:56 - 2014-05-20 16:53 - 00000000 ____D () C:\Users\***\Desktop\Alles was man brauch
2014-07-19 14:27 - 2014-05-20 20:10 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-07-19 14:18 - 2014-07-19 13:27 - 00023737 _____ () C:\Users\***\Desktop\Addition.txt
2014-07-19 13:48 - 2014-07-19 13:48 - 00002639 _____ () C:\Users\****\Desktop\Gmer.txt
2014-07-19 13:30 - 2014-07-19 13:30 - 00380416 _____ () C:\Users\***\Desktop\Gmer-19357.exe
2014-07-19 13:24 - 2014-07-19 13:23 - 00000486 _____ () C:\Users\***\Desktop\defogger_disable.log
2014-07-19 13:23 - 2014-07-19 13:23 - 00000000 _____ () C:\Users\***\defogger_reenable
2014-07-19 13:22 - 2014-07-19 13:22 - 00050477 _____ () C:\Users\***\Desktop\Defogger.exe
2014-07-18 21:24 - 2014-07-18 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MD5 File Hasher
2014-07-18 21:24 - 2014-07-18 21:24 - 00000000 ____D () C:\Program Files\MD5 File Hasher
2014-07-18 18:54 - 2009-07-14 06:53 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-18 18:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-18 18:52 - 2014-05-22 16:14 - 02755072 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-07-18 18:52 - 2009-07-14 01:40 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-18 18:52 - 2009-07-14 01:39 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\themeservice.dll
2014-07-17 16:43 - 2014-05-20 18:27 - 00000000 ____D () C:\Users\***\AppData\Roaming\.minecraft
2014-07-17 16:29 - 2014-03-09 16:48 - 00000000 ____D () C:\temp
2014-07-17 14:01 - 2014-07-17 13:56 - 00000000 ____D () C:\Users\***\AppData\Roaming\TeamViewer
2014-07-17 12:58 - 2014-07-17 12:58 - 00000000 ____D () C:\Users\***\AppData\Roaming\Unity
2014-07-17 10:59 - 2014-07-17 10:51 - 00000000 ____D () C:\Users\***\AppData\Local\PAYDAY 2
2014-07-17 10:51 - 2014-07-17 10:51 - 00000000 ____D () C:\Program Files\AGEIA Technologies
2014-07-17 10:51 - 2014-05-20 16:35 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-16 19:00 - 2014-05-20 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-16 15:05 - 2014-05-23 19:41 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-14 15:11 - 2014-07-19 17:55 - 01417360 _____ () C:\Users\***\Desktop\zoek.scr
2014-07-13 18:31 - 2014-07-11 17:21 - 00000000 ____D () C:\Users\***\AppData\Local\LogMeIn Hamachi
2014-07-13 18:27 - 2014-05-22 13:56 - 00000000 ____D () C:\Fraps
2014-07-11 17:21 - 2014-07-11 17:21 - 00000000 ____D () C:\Users\****\AppData\Local\LogMeIn
2014-07-11 17:21 - 2014-07-11 17:21 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-07-11 17:02 - 2014-06-03 14:55 - 00297088 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-07-11 17:02 - 2014-06-03 12:43 - 00297088 _____ () C:\Windows\system32\PnkBstrB.exe
2014-07-11 17:02 - 2014-06-03 12:43 - 00140520 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-07-11 17:01 - 2014-06-03 12:43 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-07-11 15:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-07-10 16:09 - 2014-05-20 20:37 - 00158848 _____ () C:\Windows\DPINST.LOG
2014-07-10 16:00 - 2014-05-20 15:33 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-10 15:47 - 2009-07-14 06:33 - 00286288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 15:45 - 2009-07-14 10:56 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 19:23 - 2014-05-22 12:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 19:21 - 2009-10-14 04:21 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 17:38 - 2014-06-03 14:32 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 17:38 - 2014-06-03 14:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-04 19:57 - 2014-06-03 12:43 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-07-04 18:05 - 2014-07-01 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xinorbis6
2014-07-02 20:55 - 2014-05-20 19:02 - 00000000 ____D () C:\Users\****\AppData\Local\Paint.NET
2014-07-01 21:19 - 2014-05-20 20:20 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-01 19:33 - 2014-05-20 18:32 - 00000000 ____D () C:\Users\***\AppData\Roaming\NVIDIA
2014-07-01 16:42 - 2014-06-18 15:06 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-01 16:28 - 2014-07-01 16:28 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xinorbis6
2014-07-01 16:28 - 2014-07-01 16:28 - 00000000 ____D () C:\Program Files\freshney.org
2014-06-29 14:43 - 2014-06-29 14:43 - 00158704 _____ () C:\Windows\Minidump\062914-24008-01.dmp
2014-06-29 14:43 - 2014-06-01 01:13 - 234683754 _____ () C:\Windows\MEMORY.DMP
2014-06-29 14:43 - 2014-06-01 01:13 - 00000000 ____D () C:\Windows\Minidump
2014-06-28 17:03 - 2014-06-28 17:03 - 00000000 ____D () C:\Users\***\AppData\Local\master131
2014-06-26 17:47 - 2009-07-14 10:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-26 15:55 - 2014-05-20 18:58 - 00000000 ____D () C:\Program Files\Opera
2014-06-24 20:09 - 2014-06-24 20:09 - 00000000 ____D () C:\Users\***\AppData\Local\Unity
2014-06-20 21:39 - 2014-07-09 17:19 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-19 02:16 - 2014-07-09 17:19 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 01:56 - 2014-07-09 17:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 01:56 - 2014-07-09 17:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 01:38 - 2014-07-09 17:19 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 01:37 - 2014-07-09 17:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 01:36 - 2014-07-09 17:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-09 17:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 01:32 - 2014-07-09 17:19 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 01:28 - 2014-07-09 17:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 01:28 - 2014-07-09 17:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 01:25 - 2014-07-09 17:19 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 01:23 - 2014-07-09 17:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 01:23 - 2014-07-09 17:19 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 01:22 - 2014-07-09 17:19 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 01:16 - 2014-07-09 17:19 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 01:12 - 2014-07-09 17:19 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:06 - 2014-07-09 17:19 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-09 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 00:59 - 2014-07-09 17:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 00:58 - 2014-07-09 17:19 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 00:52 - 2014-07-09 17:19 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 00:52 - 2014-07-09 17:19 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 00:49 - 2014-07-09 17:19 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 00:46 - 2014-07-09 17:19 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-09 17:19 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 00:35 - 2014-07-09 17:19 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:13 - 2014-07-09 17:19 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:09 - 2014-07-09 17:19 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:07 - 2014-07-09 17:19 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 14:52

==================== End Of Log ============================

--- --- ---


addition:

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:19-07-2014
Ran by *** at 2014-07-19 18:16:20
Running from C:\Users\***\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET Smart Security 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET Smart Security 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal Firewall (Enabled) {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

==================== Installed Programs ======================

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Cheat Engine 6.3 (HKLM\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version:  - Valve)
ESET Smart Security (HKLM\...\{B49F10A8-9DDB-4E48-9E02-FD5F1C0CE425}) (Version: 6.0.400.1 - ESET, spol s r. o.)
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Half-Life 2 (HKLM\...\Steam App 220) (Version:  - Valve)
InetStat (HKCU\...\InetStat) (Version: 0.4 - InetStat)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
MD5 File Hasher 1.4 (HKLM\...\MD5 File Hasher_is1) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version: 6.4.1 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 340.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.43 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.43 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.43 (Version: 340.43 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Origin (HKLM\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41417}) (Version: 3.61.0 - dotPDN LLC)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Razer Core (HKLM\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
RocketDock 1.3.5 (HKLM\...\RocketDock_is1) (Version:  - Punk Software)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
TP-LINK TL-WN851ND Driver (HKLM\...\{4BAE4C76-44C3-418F-B715-6BBF5A65323E}) (Version: 1.00.0000 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 2.01.0012 - TP-LINK)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Restore Points  =========================

16-07-2014 16:57:19 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte
16-07-2014 16:59:26 Gerätetreiber-Paketinstallation: NVIDIA USB-Controller
17-07-2014 08:50:25 DirectX wurde installiert
19-07-2014 14:53:38 Revo Uninstaller's restore point - Ask Toolbar
19-07-2014 14:55:59 Revo Uninstaller's restore point - Buzzdock
19-07-2014 14:57:43 Revo Uninstaller's restore point - Genesis
19-07-2014 14:58:49 Revo Uninstaller's restore point - rrsavings
19-07-2014 15:00:21 Revo Uninstaller's restore point - Speedial
19-07-2014 15:02:12 Revo Uninstaller's restore point - suprasavings
19-07-2014 15:03:36 Revo Uninstaller's restore point - Wajam
19-07-2014 15:05:33 Revo Uninstaller's restore point - webget
19-07-2014 15:07:03 Revo Uninstaller's restore point - webssearches uninstaller
19-07-2014 15:09:22 Revo Uninstaller's restore point - Buzzdock
19-07-2014 15:11:33 Revo Uninstaller's restore point - WindowsProtectManger20.0.0.401
19-07-2014 15:56:12 zoek.exe restore point

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {13F4C4C1-E07D-4B7D-8E7E-366110BBB35B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {A36F140E-2979-43FB-AE83-A72160753B33} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-02] (Google Inc.)
Task: {BA1B7431-3927-403B-984D-576900B1643D} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8fa8733ffe7b => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-02] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8fa8733ffe7b.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-20 16:40 - 2014-06-13 03:18 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-05-20 18:47 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files\RocketDock\RocketDock.dll
2014-06-03 12:43 - 2014-07-04 19:57 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-05-20 18:47 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files\RocketDock\RocketDock.exe
2014-07-17 22:49 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-17 22:49 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-17 22:49 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-17 22:49 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-17 22:49 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: EADM => "C:\Program Files\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2014 05:56:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (07/19/2014 05:11:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (07/19/2014 05:11:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {33df8259-762f-492d-b2a0-37188636f478}

Error: (07/19/2014 05:09:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (07/19/2014 05:09:22 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {33df8259-762f-492d-b2a0-37188636f478}

Error: (07/19/2014 05:07:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (07/19/2014 05:07:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {33df8259-762f-492d-b2a0-37188636f478}

Error: (07/19/2014 05:05:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (07/19/2014 05:05:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {33df8259-762f-492d-b2a0-37188636f478}

Error: (07/19/2014 05:03:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.


System errors:
=============
Error: (07/19/2014 06:03:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/19/2014 06:03:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/19/2014 06:03:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/19/2014 06:03:04 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/19/2014 06:03:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/18/2014 08:53:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/18/2014 08:53:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (07/18/2014 11:58:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update webget" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/18/2014 11:58:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Update webget erreicht.

Error: (07/14/2014 05:37:17 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7B4313D3-0C40-4DC3-8479-0C47E05A6F-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (07/19/2014 05:56:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (07/19/2014 05:11:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (07/19/2014 05:11:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {33df8259-762f-492d-b2a0-37188636f478}

Error: (07/19/2014 05:09:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (07/19/2014 05:09:22 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {33df8259-762f-492d-b2a0-37188636f478}

Error: (07/19/2014 05:07:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (07/19/2014 05:07:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {33df8259-762f-492d-b2a0-37188636f478}

Error: (07/19/2014 05:05:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (07/19/2014 05:05:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {33df8259-762f-492d-b2a0-37188636f478}

Error: (07/19/2014 05:03:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.


==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 3325.55 MB
Available physical RAM: 2066.47 MB
Total Pagefile: 6649.4 MB
Available Pagefile: 5254.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1929.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:105.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 70F009D4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================


deeprybka 19.07.2014 18:00

Ok,

Schritt 1
Downloade Dir HitmanProhttp://deeprybka.trojaner-board.de/b.../hitmanpro.pngauf Deinen Desktop:

HitmanPro-32 Bit Version
HitmanPro-64 Bit Version
Schritt 2

http://filepony.de/icon/malwarebytes_anti_malware.png Malwarebytes Antimalware
  • Download-Link
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
  • Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

http://www.trojaner-board.de/extra/lesestoff.pngGibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

B.r. 19.07.2014 19:44

Bis jetzt kommen keine popups mehr :)

Hitman:

Code:


       
Code:

       
HitmanPro 3.7.9.221
www.hitmanpro.com

   Computer name . . . . : BENDIX_PC
   Windows . . . . . . . : 6.1.1.7601.X86/2
   User name . . . . . . : bendix_pc\***
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-07-19 19:24:56
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 15s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 10

   Objects scanned . . . : 1.082.581
   Files scanned . . . . : 27.886
   Remnants scanned  . . : 573.111 files / 481.584 keys

Suspicious files ____________________________________________________________

   C:\Users\*\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll
      Size . . . . . . . : 963.480 bytes
      Age  . . . . . . . : 46.2 days (2014-06-03 15:21:37)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\**\AppData\Local\PunkBuster\BF3\pb\dll\wc002342.dll
      Size . . . . . . . : 969.032 bytes
      Age  . . . . . . . : 15.0 days (2014-07-04 19:57:43)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : FC5702BFEF687EDAF89499C7849E4FDA0AF9D72A5A632C5B4E20F2562468596C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 23.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
         -0.2s C:\Users\*\AppData\Local\PunkBuster\BF3\pb\htm\wc002342.htm
          0.0s C:\Users\*\AppData\Local\PunkBuster\BF3\pb\dll\wc002342.dll

   C:\Users\*\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 969.032 bytes
      Age  . . . . . . . : 8.1 days (2014-07-11 17:02:16)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : FC5702BFEF687EDAF89499C7849E4FDA0AF9D72A5A632C5B4E20F2562468596C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 23.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
         -76.8s C:\ProgramData\Origin\Logs\IGO_Log.Origin_5852.txt
         -55.7s C:\Users\***\AppData\Local\Origin\Web Cache\data7\7\z47x2d07.d
         -54.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\1\3d531h7a.d
         -54.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\d\72crx28m.d
         -53.6s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\1aji4n98.d
         -53.5s C:\Users\***\AppData\Local\Origin\Web Cache\data7\1\bmqyp0oq.d
         -51.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\0\ggn2f4lp.d
         -51.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\6\jtq16om6.d
         -51.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\12arzljt.d
         -51.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\0\1qn8c1ip.d
         -51.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\7\12yqkb1g.d
         -51.7s C:\ProgramData\Origin\Logs\IGO_Log.bf3_3472.txt
         -50.3s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\c43igswu.d
         -50.3s C:\Users\***\AppData\Local\Origin\Web Cache\data7\7\1y81out7.d
         -50.3s C:\Users\***\AppData\Local\Origin\Web Cache\data7\d\zgotvc3m.d
         -50.3s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\2png3cbt.d
         -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\3\2z9ulbqs.d
         -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\339nrvv8.d
         -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\7\3n9x7wu7.d
         -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\1\15k4t4zq.d
         -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\2\ge6b9h3r.d
         -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\1m36t45u.d
         -49.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\9\1qxzizz9.d
         -49.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\1gh0lbeu.d
         -49.7s C:\Users\***\AppData\Local\Origin\Web Cache\data7\d\zmnhz5em.d
         -49.7s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\20cgy1hx.d
         -49.6s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\3no7hs7x.d
         -49.5s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\jxwtrhjt.d
         -49.5s C:\Users\***\AppData\Local\Origin\Web Cache\data7\2\3jsfncsb.d
         -49.5s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\1c3v0iiu.d
         -49.4s C:\Users\***\AppData\Local\Origin\Web Cache\data7\c\2mqv07sl.d
         -49.4s C:\Users\***\AppData\Local\Origin\Web Cache\data7\e\1iz9gxpn.d
         -49.4s C:\Users\***\AppData\Local\Origin\Web Cache\data7\6\235mnazv.d
         -49.4s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\278ull5d.d
         -49.3s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\cnjllooh.d
         -48.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\0\2xiix4pp.d
         -48.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\2\cgy78o5b.d
         -48.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\2mk2gkph.d
         -48.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\9\3hhgv4r9.d
         -48.1s C:\ProgramData\Origin\Logs\IGO_Log.EACoreServer_3488.txt
         -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\3fpjcmxd.d
         -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\0\3jysjdmp.d
         -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\2rp2zene.d
         -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\9\3v1xx6o9.d
         -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\c\ct3e2w5l.d
         -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\f\3fn6mk2o.d
         -47.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\0\1yii9vjp.d
         -47.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\2\3r781hqr.d
         -47.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\a\3ea7jsrz.d
         -47.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\d\2xe9btom.d
         -47.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\9\2q8ak19i.d
         -47.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\38xol01h.d
         -47.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\1\5wxsotfq.d
         -47.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\1wukqarx.d
         -47.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\2sseylct.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\2rcc0j75.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\17mlkyx5.d
         -47.1s C:\Users***\AppData\Local\Origin\Web Cache\data7\8\gnhjzon8.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\a\mjmep7zj.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\e82p3m9e.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\q3n9xovd.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\f\rmoz8moo.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\a\1655q14z.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\c\3uk61azl.d
         -46.9s C:\Users\******\AppData\Local\Origin\Web Cache\data7\b\1cm8eqdk.d
         -46.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\c\320yldgl.d
         -46.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\a\1zum3akz.d
         -46.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\c\3ql6xftl.d
         -43.9s C:\Users\*\AppData\Local\Origin\Web Cache\data7\1\2geqol9q.d
         -43.9s C:\Users\*\AppData\Local\Origin\Web Cache\data7\8\211b9ghx.d
         -43.8s C:\Users\*\AppData\Local\Origin\Web Cache\data7\9\1f25qr7y.d
         -43.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\5\1o759wp5.d
         -43.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\9\23mygxjy.d
         -43.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\6\xkt9dy1f.d
         -43.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\7\16bn4etw.d
         -43.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\7\3fqq8l97.d
         -38.8s C:\Users\*\AppData\Local\Origin\Web Cache\data7\5\3vjnxwle.d
         -38.4s C:\Users\*\AppData\Local\Origin\Web Cache\data7\7\221f5tqg.d
         -38.4s C:\Users\*\AppData\Local\Origin\Web Cache\data7\4\261j4ogt.d
         -38.0s C:\Users\*\AppData\Local\Origin\Web Cache\data7\0\309mqmmp.d
         -37.6s C:\Users\*\AppData\Local\Origin\Web Cache\data7\2\3q0oc0jr.d
         -37.6s C:\Users\*\AppData\Local\Origin\Web Cache\data7\5\31j61c6e.d
         -37.2s C:\Users\*\AppData\Local\Origin\Web Cache\data7\4\3b2cauh4.d
         -36.9s C:\Users\*\AppData\Local\Origin\Web Cache\data7\a\v9n4t6zz.d
         -36.8s C:\Users\*\AppData\Local\Origin\Web Cache\data7\3\mk3b6eb3.d
         -35.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\f\3rxktnpo.d
         -35.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\f\3rxktnpo.d
         -35.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\f\3rxktnpo.d
         -30.5s C:\Users\*\AppData\Local\Origin\Web Cache\data7\9\1rc8vdly.d
         -30.5s C:\Users\*\AppData\Local\Origin\Web Cache\data7\9\1rc8vdly.d
         -30.1s C:\Users\*\AppData\Local\Origin\Web Cache\data7\3\3ts3ffkc.d
         -25.2s C:\Users\*\AppData\Local\Origin\Web Cache\data7\7\389ru9wg.d
         -15.1s C:\Users\*\AppData\Local\Origin\Web Cache\data7\4\yeiz0yqd.d
         -14.6s C:\Users\*\AppData\Local\Origin\Web Cache\data7\3\24srh3zs.d
         -13.0s C:\Users\*\AppData\Local\Origin\Web Cache\data7\1\2vpwv7qa.d
         -12.8s C:\Users\*\AppData\Local\Origin\Web Cache\data7\5\3v08uls5.d
         -3.4s C:\Users\*\AppData\Local\Origin\Web Cache\data7\5\3abukcae.d
          0.0s C:\Users\
                 
   C:\Users\*\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 969.032 bytes
      Age  . . . . . . . : 46.2 days (2014-06-03 14:55:26)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : FC5702BFEF687EDAF89499C7849E4FDA0AF9D72A5A632C5B4E20F2562468596C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\*\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
      Size . . . . . . . : 140.520 bytes
      Age  . . . . . . . : 46.2 days (2014-06-03 14:55:48)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : A02F21CE0AAE716212DD2593B8392A7674D8CE932B3B133B3A33152809E7307C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\*\Desktop\FRST-OlderVersion\FRST.exe
      Size . . . . . . . : 1.077.248 bytes
      Age  . . . . . . . : 0.2 days (2014-07-19 13:25:55)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : C2CCBE42983258BE2DE4090FCBACB726A9198499DA137BD471EF2FFFA9F14B7A
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\*\Desktop\FRST.exe
      Size . . . . . . . : 1.079.808 bytes
      Age  . . . . . . . : 0.1 days (2014-07-19 16:49:48)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 99FBF88DE71B1D73A772E91B57AB27FE242454596C2B2A9B4176086085903A26
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.3s C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\8ACRNP89.txt
         -0.3s C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\10MCYGD8.txt
          0.0s C:\Users\*\Desktop\FRST.exe

   C:\Windows\system32\drivers\PnkBstrK.sys
      Size . . . . . . . : 140.520 bytes
      Age  . . . . . . . : 46.3 days (2014-06-03 12:43:31)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : A02F21CE0AAE716212DD2593B8392A7674D8CE932B3B133B3A33152809E7307C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 26.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.


Repairs _____________________________________________________________________

   Proxyserver auf diesem Computer (Benutzer)
   127.0.0.1:51210

   Proxyserver auf diesem Computer (Benutzer)
   127.0.0.1:51210



MBAM:

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 19.07.2014
Suchlauf-Zeit: 19:58:57
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.19.06
Rootkit Datenbank: v2014.07.17.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: ***

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 269214
Verstrichene Zeit: 7 Min, 18 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Keine Aktion durch Benutzer, [e5bc653be19a3ff79b6aa7b46f93956b],

Registrierungswerte: 1
PUP.Optional.QuickStart.A, HKU\S-1-5-21-2350961968-569790009-790667219-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, Keine Aktion durch Benutzer, [8a17efb1b7c484b2fd4ef9cfdf23db25]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 1
PUP.Optional.AdPeak.A, C:\temp, Keine Aktion durch Benutzer, [71304d5380fb00363c6e0fbc0ef4e11f],

Dateien: 6
PUP.Optional.WebSearchs.A, C:\Users\**\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage, Keine Aktion durch Benutzer, [6e330e92d5a6072fd245873be2206898],
PUP.Optional.WebSearchs.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal, Keine Aktion durch Benutzer, [821f7d23cfac90a6f720b111f11133cd],
PUP.Optional.Boost.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, Keine Aktion durch Benutzer, [acf5742c3a4150e6f03fd2f0ff03d52b],
PUP.Optional.Boost.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, Keine Aktion durch Benutzer, [5d444b556714979fb07f814151b15ba5],
PUP.Optional.AdPeak.A, C:\temp\lsp2.log, Keine Aktion durch Benutzer, [71304d5380fb00363c6e0fbc0ef4e11f],
PUP.Optional.AdPeak.A, C:\temp\t.txt, Keine Aktion durch Benutzer, [71304d5380fb00363c6e0fbc0ef4e11f],

Physische Sektoren: 0
(No malicious items detected)


(end)

deeprybka 19.07.2014 19:47

Hi, in der Anweisung steht doch Funde bei Malwarebytes..... ;)

Bitte Scan wiederholen und log posten. Dann noch:

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

B.r. 19.07.2014 19:59

bis jetzt kommen keine popups mehr , ich bedanke mich schon ein mal :) ohne euch hätte ich das NIE hin bekommen

Hitman:

Code:

HitmanPro 3.7.9.221
www.hitmanpro.com

  Computer name . . . . : BENDIX_PC
  Windows . . . . . . . : 6.1.1.7601.X86/2
  User name . . . . . . : bendix_pc\***
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Free

  Scan date . . . . . . : 2014-07-19 19:24:56
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 8m 15s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 10

  Objects scanned . . . : 1.082.581
  Files scanned . . . . : 27.886
  Remnants scanned  . . : 573.111 files / 481.584 keys

Suspicious files ____________________________________________________________

  C:\Users\*\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll
      Size . . . . . . . : 963.480 bytes
      Age  . . . . . . . : 46.2 days (2014-06-03 15:21:37)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.
        Program is code signed with a valid Authenticode certificate.

  C:\Users\**\AppData\Local\PunkBuster\BF3\pb\dll\wc002342.dll
      Size . . . . . . . : 969.032 bytes
      Age  . . . . . . . : 15.0 days (2014-07-04 19:57:43)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : FC5702BFEF687EDAF89499C7849E4FDA0AF9D72A5A632C5B4E20F2562468596C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 23.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
        Program contains PE structure anomalies. This is not typical for most programs.
        Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
        -0.2s C:\Users\*\AppData\Local\PunkBuster\BF3\pb\htm\wc002342.htm
          0.0s C:\Users\*\AppData\Local\PunkBuster\BF3\pb\dll\wc002342.dll

  C:\Users\*\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 969.032 bytes
      Age  . . . . . . . : 8.1 days (2014-07-11 17:02:16)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : FC5702BFEF687EDAF89499C7849E4FDA0AF9D72A5A632C5B4E20F2562468596C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 23.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
        Program contains PE structure anomalies. This is not typical for most programs.
        Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
        -76.8s C:\ProgramData\Origin\Logs\IGO_Log.Origin_5852.txt
        -55.7s C:\Users\***\AppData\Local\Origin\Web Cache\data7\7\z47x2d07.d
        -54.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\1\3d531h7a.d
        -54.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\d\72crx28m.d
        -53.6s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\1aji4n98.d
        -53.5s C:\Users\***\AppData\Local\Origin\Web Cache\data7\1\bmqyp0oq.d
        -51.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\0\ggn2f4lp.d
        -51.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\6\jtq16om6.d
        -51.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\12arzljt.d
        -51.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\0\1qn8c1ip.d
        -51.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\7\12yqkb1g.d
        -51.7s C:\ProgramData\Origin\Logs\IGO_Log.bf3_3472.txt
        -50.3s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\c43igswu.d
        -50.3s C:\Users\***\AppData\Local\Origin\Web Cache\data7\7\1y81out7.d
        -50.3s C:\Users\***\AppData\Local\Origin\Web Cache\data7\d\zgotvc3m.d
        -50.3s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\2png3cbt.d
        -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\3\2z9ulbqs.d
        -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\339nrvv8.d
        -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\7\3n9x7wu7.d
        -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\1\15k4t4zq.d
        -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\2\ge6b9h3r.d
        -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\1m36t45u.d
        -49.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\9\1qxzizz9.d
        -49.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\1gh0lbeu.d
        -49.7s C:\Users\***\AppData\Local\Origin\Web Cache\data7\d\zmnhz5em.d
        -49.7s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\20cgy1hx.d
        -49.6s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\3no7hs7x.d
        -49.5s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\jxwtrhjt.d
        -49.5s C:\Users\***\AppData\Local\Origin\Web Cache\data7\2\3jsfncsb.d
        -49.5s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\1c3v0iiu.d
        -49.4s C:\Users\***\AppData\Local\Origin\Web Cache\data7\c\2mqv07sl.d
        -49.4s C:\Users\***\AppData\Local\Origin\Web Cache\data7\e\1iz9gxpn.d
        -49.4s C:\Users\***\AppData\Local\Origin\Web Cache\data7\6\235mnazv.d
        -49.4s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\278ull5d.d
        -49.3s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\cnjllooh.d
        -48.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\0\2xiix4pp.d
        -48.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\2\cgy78o5b.d
        -48.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\2mk2gkph.d
        -48.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\9\3hhgv4r9.d
        -48.1s C:\ProgramData\Origin\Logs\IGO_Log.EACoreServer_3488.txt
        -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\3fpjcmxd.d
        -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\0\3jysjdmp.d
        -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\2rp2zene.d
        -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\9\3v1xx6o9.d
        -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\c\ct3e2w5l.d
        -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\f\3fn6mk2o.d
        -47.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\0\1yii9vjp.d
        -47.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\2\3r781hqr.d
        -47.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\a\3ea7jsrz.d
        -47.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\d\2xe9btom.d
        -47.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\9\2q8ak19i.d
        -47.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\38xol01h.d
        -47.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\1\5wxsotfq.d
        -47.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\1wukqarx.d
        -47.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\2sseylct.d
        -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\2rcc0j75.d
        -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\17mlkyx5.d
        -47.1s C:\Users***\AppData\Local\Origin\Web Cache\data7\8\gnhjzon8.d
        -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\a\mjmep7zj.d
        -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\e82p3m9e.d
        -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\q3n9xovd.d
        -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\f\rmoz8moo.d
        -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\a\1655q14z.d
        -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\c\3uk61azl.d
        -46.9s C:\Users\******\AppData\Local\Origin\Web Cache\data7\b\1cm8eqdk.d
        -46.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\c\320yldgl.d
        -46.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\a\1zum3akz.d
        -46.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\c\3ql6xftl.d
        -43.9s C:\Users\*\AppData\Local\Origin\Web Cache\data7\1\2geqol9q.d
        -43.9s C:\Users\*\AppData\Local\Origin\Web Cache\data7\8\211b9ghx.d
        -43.8s C:\Users\*\AppData\Local\Origin\Web Cache\data7\9\1f25qr7y.d
        -43.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\5\1o759wp5.d
        -43.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\9\23mygxjy.d
        -43.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\6\xkt9dy1f.d
        -43.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\7\16bn4etw.d
        -43.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\7\3fqq8l97.d
        -38.8s C:\Users\*\AppData\Local\Origin\Web Cache\data7\5\3vjnxwle.d
        -38.4s C:\Users\*\AppData\Local\Origin\Web Cache\data7\7\221f5tqg.d
        -38.4s C:\Users\*\AppData\Local\Origin\Web Cache\data7\4\261j4ogt.d
        -38.0s C:\Users\*\AppData\Local\Origin\Web Cache\data7\0\309mqmmp.d
        -37.6s C:\Users\*\AppData\Local\Origin\Web Cache\data7\2\3q0oc0jr.d
        -37.6s C:\Users\*\AppData\Local\Origin\Web Cache\data7\5\31j61c6e.d
        -37.2s C:\Users\*\AppData\Local\Origin\Web Cache\data7\4\3b2cauh4.d
        -36.9s C:\Users\*\AppData\Local\Origin\Web Cache\data7\a\v9n4t6zz.d
        -36.8s C:\Users\*\AppData\Local\Origin\Web Cache\data7\3\mk3b6eb3.d
        -35.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\f\3rxktnpo.d
        -35.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\f\3rxktnpo.d
        -35.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\f\3rxktnpo.d
        -30.5s C:\Users\*\AppData\Local\Origin\Web Cache\data7\9\1rc8vdly.d
        -30.5s C:\Users\*\AppData\Local\Origin\Web Cache\data7\9\1rc8vdly.d
        -30.1s C:\Users\*\AppData\Local\Origin\Web Cache\data7\3\3ts3ffkc.d
        -25.2s C:\Users\*\AppData\Local\Origin\Web Cache\data7\7\389ru9wg.d
        -15.1s C:\Users\*\AppData\Local\Origin\Web Cache\data7\4\yeiz0yqd.d
        -14.6s C:\Users\*\AppData\Local\Origin\Web Cache\data7\3\24srh3zs.d
        -13.0s C:\Users\*\AppData\Local\Origin\Web Cache\data7\1\2vpwv7qa.d
        -12.8s C:\Users\*\AppData\Local\Origin\Web Cache\data7\5\3v08uls5.d
        -3.4s C:\Users\*\AppData\Local\Origin\Web Cache\data7\5\3abukcae.d
          0.0s C:\Users\
                 
  C:\Users\*\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 969.032 bytes
      Age  . . . . . . . : 46.2 days (2014-06-03 14:55:26)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : FC5702BFEF687EDAF89499C7849E4FDA0AF9D72A5A632C5B4E20F2562468596C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.
        Program is code signed with a valid Authenticode certificate.

  C:\Users\*\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
      Size . . . . . . . : 140.520 bytes
      Age  . . . . . . . : 46.2 days (2014-06-03 14:55:48)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : A02F21CE0AAE716212DD2593B8392A7674D8CE932B3B133B3A33152809E7307C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.
        Program is code signed with a valid Authenticode certificate.

  C:\Users\*\Desktop\FRST-OlderVersion\FRST.exe
      Size . . . . . . . : 1.077.248 bytes
      Age  . . . . . . . : 0.2 days (2014-07-19 13:25:55)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : C2CCBE42983258BE2DE4090FCBACB726A9198499DA137BD471EF2FFFA9F14B7A
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
        Program has no publisher information but prompts the user for permission elevation.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.

  C:\Users\*\Desktop\FRST.exe
      Size . . . . . . . : 1.079.808 bytes
      Age  . . . . . . . : 0.1 days (2014-07-19 16:49:48)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 99FBF88DE71B1D73A772E91B57AB27FE242454596C2B2A9B4176086085903A26
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
        Program has no publisher information but prompts the user for permission elevation.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
      Forensic Cluster
        -0.3s C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\8ACRNP89.txt
        -0.3s C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\10MCYGD8.txt
          0.0s C:\Users\*\Desktop\FRST.exe

  C:\Windows\system32\drivers\PnkBstrK.sys
      Size . . . . . . . : 140.520 bytes
      Age  . . . . . . . : 46.3 days (2014-06-03 12:43:31)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : A02F21CE0AAE716212DD2593B8392A7674D8CE932B3B133B3A33152809E7307C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 26.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
        Program contains PE structure anomalies. This is not typical for most programs.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.
        Program is code signed with a valid Authenticode certificate.


Repairs _____________________________________________________________________

  Proxyserver auf diesem Computer (Benutzer)
  127.0.0.1:51210

  Proxyserver auf diesem Computer (Benutzer)
  127.0.0.1:51210

MBAM:

Code:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 19.07.2014
Suchlauf-Zeit: 19:58:57
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.19.06
Rootkit Datenbank: v2014.07.17.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: ***

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 269214
Verstrichene Zeit: 7 Min, 18 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Keine Aktion durch Benutzer, [e5bc653be19a3ff79b6aa7b46f93956b],

Registrierungswerte: 1
PUP.Optional.QuickStart.A, HKU\S-1-5-21-2350961968-569790009-790667219-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, Keine Aktion durch Benutzer, [8a17efb1b7c484b2fd4ef9cfdf23db25]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 1
PUP.Optional.AdPeak.A, C:\temp, Keine Aktion durch Benutzer, [71304d5380fb00363c6e0fbc0ef4e11f],

Dateien: 6
PUP.Optional.WebSearchs.A, C:\Users\**\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage, Keine Aktion durch Benutzer, [6e330e92d5a6072fd245873be2206898],
PUP.Optional.WebSearchs.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal, Keine Aktion durch Benutzer, [821f7d23cfac90a6f720b111f11133cd],
PUP.Optional.Boost.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, Keine Aktion durch Benutzer, [acf5742c3a4150e6f03fd2f0ff03d52b],
PUP.Optional.Boost.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, Keine Aktion durch Benutzer, [5d444b556714979fb07f814151b15ba5],
PUP.Optional.AdPeak.A, C:\temp\lsp2.log, Keine Aktion durch Benutzer, [71304d5380fb00363c6e0fbc0ef4e11f],
PUP.Optional.AdPeak.A, C:\temp\t.txt, Keine Aktion durch Benutzer, [71304d5380fb00363c6e0fbc0ef4e11f],

Physische Sektoren: 0
(No malicious items detected)


(end)

vielen dank ! :)

Hitman:

Code:


       
Code:

       
HitmanPro 3.7.9.221
www.hitmanpro.com

   Computer name . . . . : BENDIX_PC
   Windows . . . . . . . : 6.1.1.7601.X86/2
   User name . . . . . . : bendix_pc\***
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-07-19 19:24:56
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 15s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 10

   Objects scanned . . . : 1.082.581
   Files scanned . . . . : 27.886
   Remnants scanned  . . : 573.111 files / 481.584 keys

Suspicious files ____________________________________________________________

   C:\Users\*\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll
      Size . . . . . . . : 963.480 bytes
      Age  . . . . . . . : 46.2 days (2014-06-03 15:21:37)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\**\AppData\Local\PunkBuster\BF3\pb\dll\wc002342.dll
      Size . . . . . . . : 969.032 bytes
      Age  . . . . . . . : 15.0 days (2014-07-04 19:57:43)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : FC5702BFEF687EDAF89499C7849E4FDA0AF9D72A5A632C5B4E20F2562468596C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 23.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
         -0.2s C:\Users\*\AppData\Local\PunkBuster\BF3\pb\htm\wc002342.htm
          0.0s C:\Users\*\AppData\Local\PunkBuster\BF3\pb\dll\wc002342.dll

   C:\Users\*\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 969.032 bytes
      Age  . . . . . . . : 8.1 days (2014-07-11 17:02:16)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : FC5702BFEF687EDAF89499C7849E4FDA0AF9D72A5A632C5B4E20F2562468596C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 23.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
         -76.8s C:\ProgramData\Origin\Logs\IGO_Log.Origin_5852.txt
         -55.7s C:\Users\***\AppData\Local\Origin\Web Cache\data7\7\z47x2d07.d
         -54.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\1\3d531h7a.d
         -54.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\d\72crx28m.d
         -53.6s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\1aji4n98.d
         -53.5s C:\Users\***\AppData\Local\Origin\Web Cache\data7\1\bmqyp0oq.d
         -51.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\0\ggn2f4lp.d
         -51.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\6\jtq16om6.d
         -51.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\12arzljt.d
         -51.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\0\1qn8c1ip.d
         -51.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\7\12yqkb1g.d
         -51.7s C:\ProgramData\Origin\Logs\IGO_Log.bf3_3472.txt
         -50.3s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\c43igswu.d
         -50.3s C:\Users\***\AppData\Local\Origin\Web Cache\data7\7\1y81out7.d
         -50.3s C:\Users\***\AppData\Local\Origin\Web Cache\data7\d\zgotvc3m.d
         -50.3s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\2png3cbt.d
         -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\3\2z9ulbqs.d
         -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\339nrvv8.d
         -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\7\3n9x7wu7.d
         -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\1\15k4t4zq.d
         -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\2\ge6b9h3r.d
         -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\1m36t45u.d
         -49.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\9\1qxzizz9.d
         -49.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\1gh0lbeu.d
         -49.7s C:\Users\***\AppData\Local\Origin\Web Cache\data7\d\zmnhz5em.d
         -49.7s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\20cgy1hx.d
         -49.6s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\3no7hs7x.d
         -49.5s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\jxwtrhjt.d
         -49.5s C:\Users\***\AppData\Local\Origin\Web Cache\data7\2\3jsfncsb.d
         -49.5s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\1c3v0iiu.d
         -49.4s C:\Users\***\AppData\Local\Origin\Web Cache\data7\c\2mqv07sl.d
         -49.4s C:\Users\***\AppData\Local\Origin\Web Cache\data7\e\1iz9gxpn.d
         -49.4s C:\Users\***\AppData\Local\Origin\Web Cache\data7\6\235mnazv.d
         -49.4s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\278ull5d.d
         -49.3s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\cnjllooh.d
         -48.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\0\2xiix4pp.d
         -48.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\2\cgy78o5b.d
         -48.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\2mk2gkph.d
         -48.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\9\3hhgv4r9.d
         -48.1s C:\ProgramData\Origin\Logs\IGO_Log.EACoreServer_3488.txt
         -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\3fpjcmxd.d
         -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\0\3jysjdmp.d
         -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\2rp2zene.d
         -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\9\3v1xx6o9.d
         -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\c\ct3e2w5l.d
         -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\f\3fn6mk2o.d
         -47.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\0\1yii9vjp.d
         -47.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\2\3r781hqr.d
         -47.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\a\3ea7jsrz.d
         -47.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\d\2xe9btom.d
         -47.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\9\2q8ak19i.d
         -47.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\38xol01h.d
         -47.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\1\5wxsotfq.d
         -47.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\1wukqarx.d
         -47.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\2sseylct.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\2rcc0j75.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\17mlkyx5.d
         -47.1s C:\Users***\AppData\Local\Origin\Web Cache\data7\8\gnhjzon8.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\a\mjmep7zj.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\e82p3m9e.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\q3n9xovd.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\f\rmoz8moo.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\a\1655q14z.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\c\3uk61azl.d
         -46.9s C:\Users\******\AppData\Local\Origin\Web Cache\data7\b\1cm8eqdk.d
         -46.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\c\320yldgl.d
         -46.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\a\1zum3akz.d
         -46.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\c\3ql6xftl.d
         -43.9s C:\Users\*\AppData\Local\Origin\Web Cache\data7\1\2geqol9q.d
         -43.9s C:\Users\*\AppData\Local\Origin\Web Cache\data7\8\211b9ghx.d
         -43.8s C:\Users\*\AppData\Local\Origin\Web Cache\data7\9\1f25qr7y.d
         -43.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\5\1o759wp5.d
         -43.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\9\23mygxjy.d
         -43.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\6\xkt9dy1f.d
         -43.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\7\16bn4etw.d
         -43.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\7\3fqq8l97.d
         -38.8s C:\Users\*\AppData\Local\Origin\Web Cache\data7\5\3vjnxwle.d
         -38.4s C:\Users\*\AppData\Local\Origin\Web Cache\data7\7\221f5tqg.d
         -38.4s C:\Users\*\AppData\Local\Origin\Web Cache\data7\4\261j4ogt.d
         -38.0s C:\Users\*\AppData\Local\Origin\Web Cache\data7\0\309mqmmp.d
         -37.6s C:\Users\*\AppData\Local\Origin\Web Cache\data7\2\3q0oc0jr.d
         -37.6s C:\Users\*\AppData\Local\Origin\Web Cache\data7\5\31j61c6e.d
         -37.2s C:\Users\*\AppData\Local\Origin\Web Cache\data7\4\3b2cauh4.d
         -36.9s C:\Users\*\AppData\Local\Origin\Web Cache\data7\a\v9n4t6zz.d
         -36.8s C:\Users\*\AppData\Local\Origin\Web Cache\data7\3\mk3b6eb3.d
         -35.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\f\3rxktnpo.d
         -35.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\f\3rxktnpo.d
         -35.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\f\3rxktnpo.d
         -30.5s C:\Users\*\AppData\Local\Origin\Web Cache\data7\9\1rc8vdly.d
         -30.5s C:\Users\*\AppData\Local\Origin\Web Cache\data7\9\1rc8vdly.d
         -30.1s C:\Users\*\AppData\Local\Origin\Web Cache\data7\3\3ts3ffkc.d
         -25.2s C:\Users\*\AppData\Local\Origin\Web Cache\data7\7\389ru9wg.d
         -15.1s C:\Users\*\AppData\Local\Origin\Web Cache\data7\4\yeiz0yqd.d
         -14.6s C:\Users\*\AppData\Local\Origin\Web Cache\data7\3\24srh3zs.d
         -13.0s C:\Users\*\AppData\Local\Origin\Web Cache\data7\1\2vpwv7qa.d
         -12.8s C:\Users\*\AppData\Local\Origin\Web Cache\data7\5\3v08uls5.d
         -3.4s C:\Users\*\AppData\Local\Origin\Web Cache\data7\5\3abukcae.d
          0.0s C:\Users\
                 
   C:\Users\*\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 969.032 bytes
      Age  . . . . . . . : 46.2 days (2014-06-03 14:55:26)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : FC5702BFEF687EDAF89499C7849E4FDA0AF9D72A5A632C5B4E20F2562468596C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\*\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
      Size . . . . . . . : 140.520 bytes
      Age  . . . . . . . : 46.2 days (2014-06-03 14:55:48)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : A02F21CE0AAE716212DD2593B8392A7674D8CE932B3B133B3A33152809E7307C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\*\Desktop\FRST-OlderVersion\FRST.exe
      Size . . . . . . . : 1.077.248 bytes
      Age  . . . . . . . : 0.2 days (2014-07-19 13:25:55)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : C2CCBE42983258BE2DE4090FCBACB726A9198499DA137BD471EF2FFFA9F14B7A
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\*\Desktop\FRST.exe
      Size . . . . . . . : 1.079.808 bytes
      Age  . . . . . . . : 0.1 days (2014-07-19 16:49:48)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 99FBF88DE71B1D73A772E91B57AB27FE242454596C2B2A9B4176086085903A26
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.3s C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\8ACRNP89.txt
         -0.3s C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\10MCYGD8.txt
          0.0s C:\Users\*\Desktop\FRST.exe

   C:\Windows\system32\drivers\PnkBstrK.sys
      Size . . . . . . . : 140.520 bytes
      Age  . . . . . . . : 46.3 days (2014-06-03 12:43:31)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : A02F21CE0AAE716212DD2593B8392A7674D8CE932B3B133B3A33152809E7307C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 26.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.


Repairs _____________________________________________________________________

   Proxyserver auf diesem Computer (Benutzer)
   127.0.0.1:51210

   Proxyserver auf diesem Computer (Benutzer)
   127.0.0.1:51210



MBAM:

Code:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 19.07.2014
Suchlauf-Zeit: 19:58:57
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.19.06
Rootkit Datenbank: v2014.07.17.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: ***

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 269214
Verstrichene Zeit: 7 Min, 18 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Keine Aktion durch Benutzer, [e5bc653be19a3ff79b6aa7b46f93956b],

Registrierungswerte: 1
PUP.Optional.QuickStart.A, HKU\S-1-5-21-2350961968-569790009-790667219-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, Keine Aktion durch Benutzer, [8a17efb1b7c484b2fd4ef9cfdf23db25]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 1
PUP.Optional.AdPeak.A, C:\temp, Keine Aktion durch Benutzer, [71304d5380fb00363c6e0fbc0ef4e11f],

Dateien: 6
PUP.Optional.WebSearchs.A, C:\Users\**\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage, Keine Aktion durch Benutzer, [6e330e92d5a6072fd245873be2206898],
PUP.Optional.WebSearchs.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal, Keine Aktion durch Benutzer, [821f7d23cfac90a6f720b111f11133cd],
PUP.Optional.Boost.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, Keine Aktion durch Benutzer, [acf5742c3a4150e6f03fd2f0ff03d52b],
PUP.Optional.Boost.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, Keine Aktion durch Benutzer, [5d444b556714979fb07f814151b15ba5],
PUP.Optional.AdPeak.A, C:\temp\lsp2.log, Keine Aktion durch Benutzer, [71304d5380fb00363c6e0fbc0ef4e11f],
PUP.Optional.AdPeak.A, C:\temp\t.txt, Keine Aktion durch Benutzer, [71304d5380fb00363c6e0fbc0ef4e11f],

Physische Sektoren: 0
(No malicious items detected)


(end)

test

wenn es jetzt geht bedanke ich mich noch ein mahl aufrichtig für diese gute Hilfe :)

hitman:

Code:


       
Code:

       
HitmanPro 3.7.9.221
www.hitmanpro.com

   Computer name . . . . : BENDIX_PC
   Windows . . . . . . . : 6.1.1.7601.X86/2
   User name . . . . . . : bendix_pc\***
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-07-19 19:24:56
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 15s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 10

   Objects scanned . . . : 1.082.581
   Files scanned . . . . : 27.886
   Remnants scanned  . . : 573.111 files / 481.584 keys

Suspicious files ____________________________________________________________

   C:\Users\*\AppData\Local\PunkBuster\BF3\pb\dll\wc002331.dll
      Size . . . . . . . : 963.480 bytes
      Age  . . . . . . . : 46.2 days (2014-06-03 15:21:37)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4693498864B2A4C15EECDD4D132FFDFEDE3F9E4BAFA427F77BC87046A7352D1E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\**\AppData\Local\PunkBuster\BF3\pb\dll\wc002342.dll
      Size . . . . . . . : 969.032 bytes
      Age  . . . . . . . : 15.0 days (2014-07-04 19:57:43)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : FC5702BFEF687EDAF89499C7849E4FDA0AF9D72A5A632C5B4E20F2562468596C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 23.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
         -0.2s C:\Users\*\AppData\Local\PunkBuster\BF3\pb\htm\wc002342.htm
          0.0s C:\Users\*\AppData\Local\PunkBuster\BF3\pb\dll\wc002342.dll

   C:\Users\*\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 969.032 bytes
      Age  . . . . . . . : 8.1 days (2014-07-11 17:02:16)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : FC5702BFEF687EDAF89499C7849E4FDA0AF9D72A5A632C5B4E20F2562468596C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 23.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
         -76.8s C:\ProgramData\Origin\Logs\IGO_Log.Origin_5852.txt
         -55.7s C:\Users\***\AppData\Local\Origin\Web Cache\data7\7\z47x2d07.d
         -54.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\1\3d531h7a.d
         -54.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\d\72crx28m.d
         -53.6s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\1aji4n98.d
         -53.5s C:\Users\***\AppData\Local\Origin\Web Cache\data7\1\bmqyp0oq.d
         -51.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\0\ggn2f4lp.d
         -51.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\6\jtq16om6.d
         -51.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\12arzljt.d
         -51.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\0\1qn8c1ip.d
         -51.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\7\12yqkb1g.d
         -51.7s C:\ProgramData\Origin\Logs\IGO_Log.bf3_3472.txt
         -50.3s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\c43igswu.d
         -50.3s C:\Users\***\AppData\Local\Origin\Web Cache\data7\7\1y81out7.d
         -50.3s C:\Users\***\AppData\Local\Origin\Web Cache\data7\d\zgotvc3m.d
         -50.3s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\2png3cbt.d
         -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\3\2z9ulbqs.d
         -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\339nrvv8.d
         -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\7\3n9x7wu7.d
         -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\1\15k4t4zq.d
         -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\2\ge6b9h3r.d
         -50.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\1m36t45u.d
         -49.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\9\1qxzizz9.d
         -49.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\1gh0lbeu.d
         -49.7s C:\Users\***\AppData\Local\Origin\Web Cache\data7\d\zmnhz5em.d
         -49.7s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\20cgy1hx.d
         -49.6s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\3no7hs7x.d
         -49.5s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\jxwtrhjt.d
         -49.5s C:\Users\***\AppData\Local\Origin\Web Cache\data7\2\3jsfncsb.d
         -49.5s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\1c3v0iiu.d
         -49.4s C:\Users\***\AppData\Local\Origin\Web Cache\data7\c\2mqv07sl.d
         -49.4s C:\Users\***\AppData\Local\Origin\Web Cache\data7\e\1iz9gxpn.d
         -49.4s C:\Users\***\AppData\Local\Origin\Web Cache\data7\6\235mnazv.d
         -49.4s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\278ull5d.d
         -49.3s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\cnjllooh.d
         -48.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\0\2xiix4pp.d
         -48.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\2\cgy78o5b.d
         -48.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\2mk2gkph.d
         -48.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\9\3hhgv4r9.d
         -48.1s C:\ProgramData\Origin\Logs\IGO_Log.EACoreServer_3488.txt
         -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\3fpjcmxd.d
         -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\0\3jysjdmp.d
         -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\2rp2zene.d
         -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\9\3v1xx6o9.d
         -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\c\ct3e2w5l.d
         -48.0s C:\Users\***\AppData\Local\Origin\Web Cache\data7\f\3fn6mk2o.d
         -47.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\0\1yii9vjp.d
         -47.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\2\3r781hqr.d
         -47.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\a\3ea7jsrz.d
         -47.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\d\2xe9btom.d
         -47.8s C:\Users\***\AppData\Local\Origin\Web Cache\data7\9\2q8ak19i.d
         -47.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\38xol01h.d
         -47.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\1\5wxsotfq.d
         -47.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\8\1wukqarx.d
         -47.2s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\2sseylct.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\2rcc0j75.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\17mlkyx5.d
         -47.1s C:\Users***\AppData\Local\Origin\Web Cache\data7\8\gnhjzon8.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\a\mjmep7zj.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\5\e82p3m9e.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\4\q3n9xovd.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\f\rmoz8moo.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\a\1655q14z.d
         -47.1s C:\Users\***\AppData\Local\Origin\Web Cache\data7\c\3uk61azl.d
         -46.9s C:\Users\******\AppData\Local\Origin\Web Cache\data7\b\1cm8eqdk.d
         -46.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\c\320yldgl.d
         -46.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\a\1zum3akz.d
         -46.9s C:\Users\***\AppData\Local\Origin\Web Cache\data7\c\3ql6xftl.d
         -43.9s C:\Users\*\AppData\Local\Origin\Web Cache\data7\1\2geqol9q.d
         -43.9s C:\Users\*\AppData\Local\Origin\Web Cache\data7\8\211b9ghx.d
         -43.8s C:\Users\*\AppData\Local\Origin\Web Cache\data7\9\1f25qr7y.d
         -43.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\5\1o759wp5.d
         -43.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\9\23mygxjy.d
         -43.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\6\xkt9dy1f.d
         -43.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\7\16bn4etw.d
         -43.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\7\3fqq8l97.d
         -38.8s C:\Users\*\AppData\Local\Origin\Web Cache\data7\5\3vjnxwle.d
         -38.4s C:\Users\*\AppData\Local\Origin\Web Cache\data7\7\221f5tqg.d
         -38.4s C:\Users\*\AppData\Local\Origin\Web Cache\data7\4\261j4ogt.d
         -38.0s C:\Users\*\AppData\Local\Origin\Web Cache\data7\0\309mqmmp.d
         -37.6s C:\Users\*\AppData\Local\Origin\Web Cache\data7\2\3q0oc0jr.d
         -37.6s C:\Users\*\AppData\Local\Origin\Web Cache\data7\5\31j61c6e.d
         -37.2s C:\Users\*\AppData\Local\Origin\Web Cache\data7\4\3b2cauh4.d
         -36.9s C:\Users\*\AppData\Local\Origin\Web Cache\data7\a\v9n4t6zz.d
         -36.8s C:\Users\*\AppData\Local\Origin\Web Cache\data7\3\mk3b6eb3.d
         -35.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\f\3rxktnpo.d
         -35.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\f\3rxktnpo.d
         -35.7s C:\Users\*\AppData\Local\Origin\Web Cache\data7\f\3rxktnpo.d
         -30.5s C:\Users\*\AppData\Local\Origin\Web Cache\data7\9\1rc8vdly.d
         -30.5s C:\Users\*\AppData\Local\Origin\Web Cache\data7\9\1rc8vdly.d
         -30.1s C:\Users\*\AppData\Local\Origin\Web Cache\data7\3\3ts3ffkc.d
         -25.2s C:\Users\*\AppData\Local\Origin\Web Cache\data7\7\389ru9wg.d
         -15.1s C:\Users\*\AppData\Local\Origin\Web Cache\data7\4\yeiz0yqd.d
         -14.6s C:\Users\*\AppData\Local\Origin\Web Cache\data7\3\24srh3zs.d
         -13.0s C:\Users\*\AppData\Local\Origin\Web Cache\data7\1\2vpwv7qa.d
         -12.8s C:\Users\*\AppData\Local\Origin\Web Cache\data7\5\3v08uls5.d
         -3.4s C:\Users\*\AppData\Local\Origin\Web Cache\data7\5\3abukcae.d
          0.0s C:\Users\
                 
   C:\Users\*\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 969.032 bytes
      Age  . . . . . . . : 46.2 days (2014-06-03 14:55:26)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : FC5702BFEF687EDAF89499C7849E4FDA0AF9D72A5A632C5B4E20F2562468596C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\*\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
      Size . . . . . . . : 140.520 bytes
      Age  . . . . . . . : 46.2 days (2014-06-03 14:55:48)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : A02F21CE0AAE716212DD2593B8392A7674D8CE932B3B133B3A33152809E7307C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\*\Desktop\FRST-OlderVersion\FRST.exe
      Size . . . . . . . : 1.077.248 bytes
      Age  . . . . . . . : 0.2 days (2014-07-19 13:25:55)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : C2CCBE42983258BE2DE4090FCBACB726A9198499DA137BD471EF2FFFA9F14B7A
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\*\Desktop\FRST.exe
      Size . . . . . . . : 1.079.808 bytes
      Age  . . . . . . . : 0.1 days (2014-07-19 16:49:48)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 99FBF88DE71B1D73A772E91B57AB27FE242454596C2B2A9B4176086085903A26
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.3s C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\8ACRNP89.txt
         -0.3s C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\10MCYGD8.txt
          0.0s C:\Users\*\Desktop\FRST.exe

   C:\Windows\system32\drivers\PnkBstrK.sys
      Size . . . . . . . : 140.520 bytes
      Age  . . . . . . . : 46.3 days (2014-06-03 12:43:31)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : A02F21CE0AAE716212DD2593B8392A7674D8CE932B3B133B3A33152809E7307C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 26.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.


Repairs _____________________________________________________________________

   Proxyserver auf diesem Computer (Benutzer)
   127.0.0.1:51210

   Proxyserver auf diesem Computer (Benutzer)
   127.0.0.1:51210




MBAM:

Code:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 19.07.2014
Suchlauf-Zeit: 19:58:57
Logdatei: MBAM.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.19.06
Rootkit Datenbank: v2014.07.17.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: ***

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 269214
Verstrichene Zeit: 7 Min, 18 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Keine Aktion durch Benutzer, [e5bc653be19a3ff79b6aa7b46f93956b],

Registrierungswerte: 1
PUP.Optional.QuickStart.A, HKU\S-1-5-21-2350961968-569790009-790667219-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, Keine Aktion durch Benutzer, [8a17efb1b7c484b2fd4ef9cfdf23db25]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 1
PUP.Optional.AdPeak.A, C:\temp, Keine Aktion durch Benutzer, [71304d5380fb00363c6e0fbc0ef4e11f],

Dateien: 6
PUP.Optional.WebSearchs.A, C:\Users\**\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage, Keine Aktion durch Benutzer, [6e330e92d5a6072fd245873be2206898],
PUP.Optional.WebSearchs.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_istart.webssearches.com_0.localstorage-journal, Keine Aktion durch Benutzer, [821f7d23cfac90a6f720b111f11133cd],
PUP.Optional.Boost.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, Keine Aktion durch Benutzer, [acf5742c3a4150e6f03fd2f0ff03d52b],
PUP.Optional.Boost.A, C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, Keine Aktion durch Benutzer, [5d444b556714979fb07f814151b15ba5],
PUP.Optional.AdPeak.A, C:\temp\lsp2.log, Keine Aktion durch Benutzer, [71304d5380fb00363c6e0fbc0ef4e11f],
PUP.Optional.AdPeak.A, C:\temp\t.txt, Keine Aktion durch Benutzer, [71304d5380fb00363c6e0fbc0ef4e11f],

Physische Sektoren: 0
(No malicious items detected)


(end)


deeprybka 19.07.2014 19:59

Zitat:

Keine Aktion durch Benutzer,
am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)

Dann FRST-Scan...

B.r. 19.07.2014 20:00

OH Entschuldigung für den Spam ich habe mich verguckt :D


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:10 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131