Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Nervige Popupwerbung im Browser, Steam etc.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.03.2015, 21:34   #1
Drasurc
 
Nervige Popupwerbung im Browser, Steam etc. - Standard

Nervige Popupwerbung im Browser, Steam etc.



Guden Tach !
Seit 3 Tagen bekomme ich ständig irgendwelche Popup Fenster im Browser, Steam etc. Die Popups sind meistens auf Russisch oder so... habe schon hier im Forum gesucht und die Seite "adultcameras.info" scheint bei manchen im Umlauf zu sein.
Habe schon etliche Lösungsvorschläge durchgeführt (ADWCleaner, Wiederherstellung. sämtliche Antiviren Scanner drüberlaufen lassen aber alles keine Wirkung.
Ich denke die Popups werden durch irgendein Java-Script aufgerufen falls das bei der Bearbeitung vllt. hilft
Ich hoffe, ihr könnt mir helfen

Vielen Dank im Voraus,
Drasurc

Alt 17.03.2015, 23:17   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Nervige Popupwerbung im Browser, Steam etc. - Standard

Nervige Popupwerbung im Browser, Steam etc.





Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:

Schritt 1


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 18.03.2015, 16:43   #3
Drasurc
 
Nervige Popupwerbung im Browser, Steam etc. - Standard

Nervige Popupwerbung im Browser, Steam etc.



Erstmal DANKE für die schnelle Antowort Jürgen !
Habe FRST durchlaufen lassen.

FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Peter (administrator) on PETER-PC on 18-03-2015 16:39:55
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available profiles: Peter)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\puush\puush.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-05-02] ()
HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\Run: [Spybot-S&D Cleaning] => D:\Programme\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\MountPoints2: {8e8a9428-e7d6-11e2-a6b7-9962696beedf} - F:\pushinst.exe
HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\MountPoints2: {9b679813-d1d6-11e2-a9f3-b4acd1d2e3db} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\MountPoints2: {cc656008-f84a-11e2-b371-ef19b39dfaa7} - F:\setup.exe
HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\MountPoints2: {fb03321c-cebc-11e2-86ba-8816c3223ed8} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [WebDrive] -> {37D70BD3-073C-4180-ADD9-C032EA5A7204} => C:\Windows\system32\wdShellExt.dll (South River Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\..\Interfaces\{1B1F3298-A30A-49DB-AC15-6FF50F039D4D}: [NameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\78zcl8l0.default
FF NewTab: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-06-11] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Mozilla Plugins\npitunes.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2013-11-21] (EA Digital Illusions CE AB)
FF Plugin-x32: @idsoftware.com/QuakeLive -> C:\ProgramData\id Software\QuakeLive\npquakezero.dll [2012-02-14] (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Peter\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-03-30] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3058922360-1817362732-2215544763-1000: @screenleap.com/ScreenleapPlugin,version=1.1 -> C:\Users\Peter\AppData\Local\Screenleap\npscreenleap1.1.dll [2014-11-27] (ScreenLeap, Inc.)
FF Plugin HKU\S-1-5-21-3058922360-1817362732-2215544763-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3058922360-1817362732-2215544763-1000: electronicarts.com/GameFacePlugin -> C:\Users\Peter\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-20]
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-20]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-20]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-20]
CHR Extension: (Adblock Plus) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-24]
CHR Extension: (Google Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-20]
CHR Extension: (Google Sheets) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-20]
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Peter\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2012-04-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-01] () [File not signed]
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5278064 2014-09-09] (Binary Fortress Software)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174624 2015-01-30] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-02-16] (LogMeIn, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation)
S4 OpenVPNService; D:\Programme\vpn\OpenVPN\bin\openvpnserv.exe [32568 2014-06-05] (The OpenVPN Project)
S3 Origin Client Service; D:\Programme\Origin\OriginClientService.exe [1910640 2015-03-07] (Electronic Arts)
S4 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-30] ()
S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S4 WebDriveService; C:\Program Files\WebDrive\wdService.exe [4773592 2013-08-22] (South River Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 BRSptSvc; "C:\ProgramData\BitRaider\BRSptSvc.exe" [X]
S4 HiPatchService; D:\Spiele\smite\HiPatchService.exe [X]
S4 NetBalancerService; "C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe" [X]
S4 nlsvc; D:\Programme\NetLimiter\NLSvc.exe [X]
S2 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-04] (AVM Berlin)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-29] (DT Soft Ltd)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R1 nbdrv; C:\Windows\System32\DRIVERS\nbdrv.sys [41392 2013-11-25] (SeriousBit)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-06-25] (SteelSeries Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-05-19] (Duplex Secure Ltd.)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-05-09] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-05-09] (Acronis International GmbH)
S3 V0770Vid; C:\Windows\System32\DRIVERS\V0770Vid.sys [379776 2012-06-01] (Creative Technology Ltd.)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-05-09] (Acronis International GmbH)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31824 2013-10-18] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 WebDriveFSD; C:\Program Files\WebDrive\wdfsd.sys [89816 2013-08-22] ()
U3 aq17ur1s; C:\Windows\System32\Drivers\aq17ur1s.sys [0 ] (NVIDIA Corporation) <==== ATTENTION (zero size file/folder)
U3 av7w3y1l; No ImagePath
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S2 nldrv; \??\D:\Programme\NetLimiter\nldrv.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 16:39 - 2015-03-18 16:40 - 00019595 _____ () C:\Users\Peter\Desktop\FRST.txt
2015-03-18 16:39 - 2015-03-18 16:39 - 02095616 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2015-03-17 21:24 - 2015-03-18 16:39 - 00000000 ____D () C:\FRST
2015-03-12 15:09 - 2015-03-12 15:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-12 14:57 - 2015-03-12 14:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-12 14:57 - 2015-03-12 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-12 14:57 - 2015-03-12 14:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-03-12 14:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-12 14:57 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-12 14:57 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-07 19:02 - 2015-03-07 19:03 - 00000000 ____D () C:\Users\Peter\AppData\Local\Origin
2015-03-07 19:02 - 2015-03-07 19:02 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Origin
2015-03-07 17:49 - 2015-03-07 17:49 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\WinRAR
2015-03-07 17:42 - 2015-03-07 17:42 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2015-03-07 17:42 - 2015-03-07 17:42 - 00000000 ____D () C:\ProgramData\Tunngle
2015-03-07 17:42 - 2015-03-07 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2015-03-07 17:40 - 2015-03-07 17:40 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2015-03-07 15:37 - 2015-03-07 15:37 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\NVIDIA
2015-03-07 15:34 - 2015-03-07 15:34 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\java
2015-02-24 19:15 - 2015-02-24 19:15 - 00000000 ____D () C:\Users\Peter\AppData\Local\Macromedia
2015-02-24 19:13 - 2015-02-24 19:16 - 00000000 ____D () C:\Users\Peter\AppData\Local\CrashDumps
2015-02-24 19:06 - 2015-02-24 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-02-24 19:06 - 2015-02-24 19:06 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-02-24 18:34 - 2015-02-24 18:35 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\A Bird Story
2015-02-23 20:27 - 2015-02-23 20:27 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-02-23 20:22 - 2015-02-24 19:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-23 20:22 - 2015-02-23 20:22 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-23 20:16 - 2015-02-23 20:16 - 00000000 ____D () C:\Users\Peter\AppData\Local\Adobe
2015-02-23 20:09 - 2015-02-23 20:09 - 00114688 _____ () C:\Users\Peter\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-23 20:09 - 2015-02-23 20:09 - 00000000 ____D () C:\Users\Peter\AppData\Local\Deployment
2015-02-23 18:21 - 2015-02-23 18:21 - 00000000 _____ () C:\autoexec.bat
2015-02-22 16:50 - 2015-02-22 16:50 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\LolClient
2015-02-22 16:12 - 2015-02-22 16:12 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\SteelSeries
2015-02-22 16:12 - 2015-02-22 16:12 - 00000000 ____D () C:\Users\Peter\AppData\Local\VirtualStore
2015-02-21 17:11 - 2015-02-21 17:11 - 00000000 ____D () C:\Users\Peter\AppData\Local\Steam
2015-02-21 14:48 - 2015-02-21 14:48 - 00000000 ____D () C:\Users\Peter\AppData\Local\Mozilla
2015-02-21 13:18 - 2015-02-21 13:18 - 00000000 ____D () C:\Users\Peter\AppData\Local\DisplayFusion
2015-02-21 13:13 - 2015-02-21 13:13 - 00000000 ____D () C:\Users\Peter\AppData\Local\LogMeIn
2015-02-20 18:39 - 2015-02-20 18:39 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-20 18:38 - 2015-02-24 19:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 16:40 - 2013-05-07 18:24 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-18 16:37 - 2013-05-07 17:49 - 02070114 _____ () C:\Windows\WindowsUpdate.log
2015-03-18 16:34 - 2015-01-28 17:15 - 00019260 _____ () C:\Windows\setupact.log
2015-03-18 16:34 - 2014-01-13 22:00 - 00000000 ____D () C:\Users\Peter\AppData\Local\LogMeIn Hamachi
2015-03-18 16:33 - 2014-04-01 17:17 - 00000000 ____D () C:\ProgramData\VMware
2015-03-18 16:33 - 2013-05-07 18:24 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-18 16:33 - 2013-05-07 18:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-18 16:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-17 22:36 - 2014-01-29 18:43 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\TS3Client
2015-03-17 22:18 - 2013-10-10 16:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-17 18:34 - 2009-07-14 05:45 - 00014944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-17 18:34 - 2009-07-14 05:45 - 00014944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-17 18:33 - 2009-07-14 18:58 - 00702138 _____ () C:\Windows\system32\perfh007.dat
2015-03-17 18:33 - 2009-07-14 18:58 - 00150804 _____ () C:\Windows\system32\perfc007.dat
2015-03-17 18:33 - 2009-07-14 06:13 - 01628890 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-16 18:30 - 2014-12-29 18:05 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\.minecraft
2015-03-15 17:59 - 2013-07-23 17:24 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\vlc
2015-03-13 17:45 - 2015-02-06 07:49 - 00049288 _____ () C:\Windows\PFRO.log
2015-03-07 21:03 - 2013-08-18 15:32 - 00000000 ____D () C:\ProgramData\Origin
2015-03-07 19:12 - 2013-10-12 15:00 - 00000000 ____D () C:\Users\Peter\Documents\FIFA 14
2015-03-07 17:42 - 2013-07-12 19:38 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Tunngle
2015-03-07 15:44 - 2013-10-21 13:59 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-07 15:44 - 2013-07-11 16:29 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-07 15:44 - 2013-05-07 21:12 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-03-07 15:44 - 2013-05-07 21:12 - 00000000 ____D () C:\Program Files\Java
2015-03-07 15:43 - 2014-06-04 16:11 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-03 14:17 - 2013-05-10 16:14 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 20:24 - 2013-05-07 17:49 - 00000000 ____D () C:\Users\Peter
2015-02-28 19:00 - 2013-08-10 13:04 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Skype
2015-02-24 19:16 - 2013-05-07 18:24 - 00000000 ____D () C:\Users\Peter\AppData\Local\Google
2015-02-24 19:15 - 2013-11-17 18:39 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Mozilla
2015-02-24 19:06 - 2015-01-29 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-02-24 19:06 - 2015-01-27 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2015-02-24 19:06 - 2013-05-22 17:50 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Spotify
2015-02-24 19:05 - 2015-02-07 17:02 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Sony
2015-02-24 19:05 - 2015-02-07 17:02 - 00000000 ____D () C:\Users\Peter\AppData\Local\Sony
2015-02-24 19:05 - 2015-02-05 21:25 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Locktime Software
2015-02-24 19:05 - 2015-02-05 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLimiter 4
2015-02-24 19:05 - 2015-02-05 17:04 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Anvsoft
2015-02-24 19:05 - 2015-01-28 17:49 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2015-02-24 19:05 - 2015-01-28 17:48 - 00000000 ___RD () C:\Users\Peter\Documents\MAGIX
2015-02-24 19:05 - 2015-01-27 18:52 - 00000000 ____D () C:\Windows\C0E8FE43C35B451DB35FD4BD056D70E7.TMP
2015-02-24 19:05 - 2015-01-27 17:52 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Creative
2015-02-24 19:05 - 2015-01-27 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme
2015-02-24 19:05 - 2015-01-27 16:41 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-02-24 19:05 - 2015-01-18 19:54 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\globalip
2015-02-24 19:05 - 2015-01-14 19:04 - 00000000 ____D () C:\Program Files\iPod
2015-02-24 19:05 - 2015-01-14 19:04 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-02-24 19:05 - 2014-12-03 21:28 - 00000000 ____D () C:\Users\Peter\AppData\Local\gDaap
2015-02-24 19:05 - 2014-11-27 19:33 - 00000000 ____D () C:\Users\Peter\AppData\Local\Screenleap
2015-02-24 19:05 - 2014-11-16 14:24 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\SpaceEngineers
2015-02-24 19:05 - 2014-09-06 01:47 - 00000000 ____D () C:\Users\Peter\AppData\Local\Skype
2015-02-24 19:05 - 2014-08-31 16:30 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Electronic Arts
2015-02-24 19:05 - 2014-08-31 16:22 - 00000000 ____D () C:\Users\Peter\AppData\Local\Unity
2015-02-24 19:05 - 2014-08-19 18:38 - 00000000 ____D () C:\Users\Peter\AppData\Local\UWebKit151
2015-02-24 19:05 - 2014-07-04 14:03 - 00000000 ____D () C:\Users\Peter\AppData\Local\CrashRpt
2015-02-24 19:05 - 2014-07-03 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeskNotifier
2015-02-24 19:05 - 2014-06-30 16:24 - 00000000 ____D () C:\Program Files (x86)\Screaming Bee
2015-02-24 19:05 - 2014-06-05 20:22 - 00000000 ____D () C:\Users\Peter\AppData\Local\SniperV2
2015-02-24 19:05 - 2014-05-31 08:09 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Notepad++
2015-02-24 19:05 - 2014-05-10 23:47 - 00000000 ____D () C:\Users\Peter\AppData\Local\Downloaded Installations
2015-02-24 19:05 - 2014-05-10 23:15 - 00000000 ____D () C:\Users\Peter\AppData\Local\SWTORPerf
2015-02-24 19:05 - 2014-05-02 18:52 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\puush
2015-02-24 19:05 - 2014-04-21 13:31 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Curse Client
2015-02-24 19:05 - 2014-03-22 16:49 - 00000000 ____D () C:\Users\Peter\AppData\Local\Arma 3
2015-02-24 19:05 - 2014-03-05 14:44 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\MAGIX
2015-02-24 19:05 - 2014-03-05 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2015-02-24 19:05 - 2014-03-05 14:42 - 00000000 ____D () C:\ProgramData\MAGIX
2015-02-24 19:05 - 2014-03-05 14:42 - 00000000 ____D () C:\Program Files\Common Files\MAGIX Services
2015-02-24 19:05 - 2014-03-05 14:42 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2015-02-24 19:05 - 2014-02-22 15:04 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Banished 1.0
2015-02-24 19:05 - 2014-02-12 20:43 - 00000000 ____D () C:\Users\Peter\AppData\Local\Ahri.tw
2015-02-24 19:05 - 2014-01-02 10:34 - 00000000 ____D () C:\Users\Peter\AppData\Local\DayZ
2015-02-24 19:05 - 2014-01-01 22:15 - 00000000 ____D () C:\Program Files (x86)\Dotjosh Studios
2015-02-24 19:05 - 2014-01-01 15:02 - 00000000 ____D () C:\Users\Peter\AppData\Local\SIX Networks
2015-02-24 19:05 - 2013-12-31 14:03 - 00000000 ____D () C:\Users\Peter\AppData\Local\ArmA 2 OA
2015-02-24 19:05 - 2013-12-31 14:02 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2015-02-24 19:05 - 2013-12-30 17:13 - 00000000 ____D () C:\Users\Peter\AppData\Local\CDWLauncher
2015-02-24 19:05 - 2013-12-25 12:44 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\TeamViewer
2015-02-24 19:05 - 2013-12-16 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No23 Recorder
2015-02-24 19:05 - 2013-12-16 17:22 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Audacity
2015-02-24 19:05 - 2013-11-26 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloody trapland
2015-02-24 19:05 - 2013-11-26 20:20 - 00000000 ____D () C:\Program Files (x86)\Bloody trapland
2015-02-24 19:05 - 2013-11-26 20:11 - 00000000 ____D () C:\ProgramData\Desura
2015-02-24 19:05 - 2013-11-25 21:14 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Bloody Trapland
2015-02-24 19:05 - 2013-11-10 03:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebDrive
2015-02-24 19:05 - 2013-11-10 03:11 - 00000000 ____D () C:\Program Files\WebDrive
2015-02-24 19:05 - 2013-11-08 16:06 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Screaming Bee
2015-02-24 19:05 - 2013-11-08 16:06 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screaming Bee
2015-02-24 19:05 - 2013-11-08 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
2015-02-24 19:05 - 2013-11-05 21:07 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-24 19:05 - 2013-10-30 18:24 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Battle.net
2015-02-24 19:05 - 2013-10-27 19:43 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\.technic
2015-02-24 19:05 - 2013-10-22 18:38 - 00000000 ____D () C:\Users\Peter\AppData\Local\Temp8a5f2e77e6cf663bfd522ffc8dea0465
2015-02-24 19:05 - 2013-10-22 18:38 - 00000000 ____D () C:\Users\Peter\AppData\Local\Temp78556cc9e59cb76a90f74f77140ad6ad
2015-02-24 19:05 - 2013-10-06 14:47 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\raidcall
2015-02-24 19:05 - 2013-10-03 13:00 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2015-02-24 19:05 - 2013-10-03 13:00 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\ICQM
2015-02-24 19:05 - 2013-09-30 19:59 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\ftblauncher
2015-02-24 19:05 - 2013-09-28 03:53 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-24 19:05 - 2013-09-19 16:59 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike
2015-02-24 19:05 - 2013-09-18 20:24 - 00000000 ____D () C:\Users\Peter\AppData\Local\fabi.me
2015-02-24 19:05 - 2013-09-10 17:50 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2015-02-24 19:05 - 2013-09-10 17:49 - 00000000 ____D () C:\Users\Peter\AppData\Local\Overwolf
2015-02-24 19:05 - 2013-09-07 16:25 - 00000000 ____D () C:\Program Files (x86)\Alcohol Soft
2015-02-24 19:05 - 2013-08-21 16:42 - 00000000 ____D () C:\Users\Peter\AppData\Local\PunkBuster
2015-02-24 19:05 - 2013-08-10 19:45 - 00000000 ____D () C:\Users\Peter\AppData\Local\Black_Tree_Gaming
2015-02-24 19:05 - 2013-08-09 22:11 - 00000000 ____D () C:\Users\Peter\AppData\Local\SteelSeries_ApS
2015-02-24 19:05 - 2013-08-09 22:10 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries
2015-02-24 19:05 - 2013-08-05 19:41 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-02-24 19:05 - 2013-08-05 15:20 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\MKKE
2015-02-24 19:05 - 2013-07-29 13:37 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\DAEMON Tools Lite
2015-02-24 19:05 - 2013-07-25 17:31 - 00000000 ____D () C:\ProgramData\TechSmith
2015-02-24 19:05 - 2013-07-25 17:15 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
2015-02-24 19:05 - 2013-07-25 16:33 - 00000000 ____D () C:\Users\Peter\AppData\Local\Dxtory Software
2015-02-24 19:05 - 2013-07-16 18:27 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\OBS
2015-02-24 19:05 - 2013-07-16 18:26 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-02-24 19:05 - 2013-07-08 15:26 - 00000000 ____D () C:\Program Files (x86)\avmwlanstick
2015-02-24 19:05 - 2013-07-08 15:25 - 00000000 ____D () C:\Users\Peter\AVM_Driver
2015-02-24 19:05 - 2013-07-06 21:02 - 00000000 ____D () C:\Users\Peter\AppData\Local\gtk-2.0
2015-02-24 19:05 - 2013-07-04 16:14 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\RIFT
2015-02-24 19:05 - 2013-07-04 16:14 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
2015-02-24 19:05 - 2013-06-28 16:22 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Appadaumen.de
2015-02-24 19:05 - 2013-06-25 16:52 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\AVG2013
2015-02-24 19:05 - 2013-06-19 20:51 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\uTorrent
2015-02-24 19:05 - 2013-06-15 18:01 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\DVDVideoSoft
2015-02-24 19:05 - 2013-06-05 16:39 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\OpenOffice.org
2015-02-24 19:05 - 2013-06-01 00:21 - 00000000 ____D () C:\BrickForce
2015-02-24 19:05 - 2013-05-19 14:07 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Canneverbe Limited
2015-02-24 19:05 - 2013-05-08 16:07 - 00000000 ____D () C:\Windows\pss
2015-02-24 19:05 - 2013-05-07 19:40 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-24 19:05 - 2013-05-07 19:26 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Macromedia
2015-02-24 19:05 - 2013-05-07 19:26 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Adobe
2015-02-24 19:05 - 2013-05-07 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-24 19:05 - 2013-05-07 18:35 - 00000000 ____D () C:\Users\Peter\AppData\Local\TeamSpeak 3 Client
2015-02-24 19:05 - 2013-05-07 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-24 19:05 - 2013-05-07 18:24 - 00000000 ____D () C:\Users\Peter\AppData\Local\Apps\2.0
2015-02-24 19:05 - 2013-05-07 17:49 - 00000000 ___RD () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-24 19:05 - 2013-05-07 17:49 - 00000000 ___RD () C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-24 19:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-02-24 19:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-24 19:04 - 2013-12-16 17:32 - 00000000 ____D () C:\ProgramData\Caphyon
2015-02-24 19:04 - 2013-05-07 18:24 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-16 16:20 - 2013-05-07 19:32 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys

==================== Files in the root of some directories =======

2013-12-18 19:38 - 2014-03-05 14:38 - 0000147 _____ () C:\Users\Peter\AppData\Roaming\WB.CFG
2013-07-25 17:36 - 2015-02-03 19:31 - 0010752 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\Peter\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Peter\AppData\Local\Temp\Quarantine.exe
C:\Users\Peter\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Peter\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-10 14:57

==================== End Of Log ============================
         
--- --- ---


und die Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Peter at 2015-03-18 16:40:25
Running from C:\Users\Peter\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

¡¶300Ó¢ÐÛ¡· °æ±¾ 0.2.0 (HKLM-x32\...\{6F985E79-2AAA-48A4-B9A4-4953B5D95D90}_is1) (Version: 0.2.0 - )
µTorrent (HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\uTorrent) (Version: 3.4.0.30345 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A Bird Story (HKLM-x32\...\Steam App 327410) (Version:  - Freebird Games)
Acronis True Image 2014 (HKLM-x32\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\Amazon Amazon Music) (Version: 3.7.0.693 - Amazon Services LLC)
Any Video Converter 5.7.7 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
ArtMoney SE v7.43 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.43 - System SoftLab)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
AwesomiumSetup (HKLM-x32\...\{19EF99D1-7EE6-4B5E-ABEE-0B3825F703B0}) (Version: 1.00.0000 - SIX Networks GmbH)
BananaMt2 2.0 (HKLM-x32\...\BananaMt2) (Version: 2.0 - BananaMt2)
Banished 1.0 (HKLM-x32\...\Banished 1.0) (Version: 1.0 - Cat-A-Cat)
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Blender (HKLM\...\Blender) (Version: 2.70a - Blender Foundation)
Bloody trapland version 1.45 (HKLM-x32\...\{79C07A47-0ED1-4C16-9412-C572897CE10F}_is1) (Version: 1.45 - 2Play Studios)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Brick-Force  (HKLM-x32\...\Brick-Force) (Version:  - Infernum Productions AG)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)
Camtasia Studio 7 (HKLM-x32\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation)
Camtasia Studio 8 (HKLM-x32\...\{6BED66AA-1DC6-474B-AC70-205CC3A68A39}) (Version: 8.4.4.1859 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Creative Live! Central 3 (HKLM-x32\...\Creative Live! Central 2) (Version: 3.01.21 - Creative Technology Ltd)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Crossfire Europe (HKLM-x32\...\Crossfire Europe) (Version: 1.172 - SG Europe)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Damned (HKLM-x32\...\Steam App 251170) (Version:  - 9heads Game Studios)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Debut Videorekorder (HKLM-x32\...\Debut) (Version: 1.95 - NCH Software)
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
DeskNotifier 2.0.0 (HKLM-x32\...\DeskNotifier) (Version: 2.0.0 - elfsoft)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DisplayFusion 6.1.2 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 6.1.2.0 - Binary Fortress Software)
DJ Streamer (HKLM-x32\...\{D971FAE4-35BC-4FD7-8F12-2557077D8BB9}) (Version: 1.3.5 - Screaming Bee)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - Trendy Entertainment)
Dxtory version 2.0.122 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.122 - Dxtory Software)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
EA SPORTS™ FIFA 15 Demo (HKLM-x32\...\{108C0C19-6316-4944-A62F-C744488F8639}) (Version: 1.0.0.0 - Electronic Arts)
Eryi's Action (HKLM-x32\...\Steam App 261700) (Version:  - Xtal Sword)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Euro Truck Simulator 2 Multiplayer 0.1.2 R2 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.1.2 R2 Alpha - ETS2MP Team)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
F1 2013 (HKLM-x32\...\Steam App 223670) (Version:  - Codemasters Birmingham)
F1RFT 2010 MP V1.0 Final (HKLM-x32\...\F1RFT 2010 MP V1.0 Final) (Version:  - )
F1RFT 2010 MP V2.1 Update (HKLM-x32\...\F1RFT 2010 MP V2.1 Update) (Version:  - )
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
FastAccess Web Alert (HKLM-x32\...\FastAccess Web Alert) (Version: 1.00 - Sensible Vision)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Forged By Chaos (HKLM-x32\...\ForgedByChaos) (Version:  - )
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube Download version 3.2.3.610 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.3.610 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.5.628 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.5.628 - DVDVideoSoft Ltd.)
Game Dev Tycoon Version 1.4.5 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.4.5 - Greenheart Games Pty. Ltd.)
Game of Thrones - A Telltale Games Series (HKLM-x32\...\Steam App 330840) (Version:  - Telltale Games)
Gameforge Live 2.0.4 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.4 - Gameforge)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Goofball Goals (HKLM-x32\...\Goofball Goals) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GTR Evolution (HKLM-x32\...\Steam App 8660) (Version:  - SimBin)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
ICQ 8.1 (build 6337) (HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\ICQ) (Version: 8.1.6337.0 - Mail.Ru)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.5.1.0 - Lightworks)
Live! Cam Sync HD VF0770 Driver (1.00.02.00) (HKLM\...\Creative VF0770) (Version:  - Creative Technology Ltd.)
LMMS 1.0.2 (HKLM-x32\...\LMMS) (Version: 1.0.2 - LMMS Developers)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.319 - LogMeIn, Inc.) Hidden
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.11 - www.leaguereplays.com)
MAGIX Burn routines (64-Bit) (HKLM\...\{49146694-5F5F-4B1F-AD15-6587F47A0FD7}) (Version: 9.0.0.212 - MAGIX AG)
MAGIX Low Latency Driver (64-Bit) (HKLM\...\{42976FDB-5756-4077-A491-095F228E99E2}) (Version: 2.10.2011.0 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{AB8304F0-383F-4F80-8988-87727C415BF7}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 (HKLM\...\MX.{FFDC29E6-5C7C-4AA8-AF5A-99E015165382}) (Version: 14.0.0.159 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 (Version: 14.0.0.159 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
ManyCam 4.0.77 (HKLM-x32\...\ManyCam) (Version: 4.0.77 - Visicom Media Inc.)
Mausi3 (HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\4729debaf2cd0ca4) (Version: 1.0.0.1 - Appadaumen.de)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.215.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts)
Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version:  - Virtual Heroes)
MorphVOX Junior (HKLM-x32\...\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}) (Version: 2.8.1 - Screaming Bee)
Mortal Kombat Komplete Edition (HKLM-x32\...\Steam App 237110) (Version:  - NetherRealm Studios)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 25.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 25.0 (x86 en-US)) (Version: 25.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MTA:SA v1.3.4 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.4 - Multi Theft Auto)
MTA:SA v1.4.0 (HKLM-x32\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto)
My Game Long Name (HKLM\...\UDK-361e498d-77da-4c68-9b04-b8e83c1c1f6a) (Version:  - Epic Games, Inc.)
Nether (HKLM-x32\...\Steam App 247730) (Version:  - Phosphor Games)
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.9.0) (Version: 4.0.9.0 - Locktime Software)
NetLimiter 4 (Version: 4.0.9.0 - Locktime Software) Hidden
No23 Recorder (HKLM-x32\...\No23 Recorder) (Version: 2.1.0.3 - No23)
No23 Recorder (x32 Version: 2.1.0.3 - No23) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
OpenVPN 2.3.4-I002  (HKLM-x32\...\OpenVPN) (Version: 2.3.4-I002 - )
Orcs Must Die 2 (HKLM-x32\...\Orcs Must Die 2_is1) (Version:  - )
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Orcs Must Die! Unchained (HKLM-x32\...\{8EBA33AF-48E0-4207-A4EE-96029415AD76}_is1) (Version:  - Gameforge 4D GmbH)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Overwolf (HKLM-x32\...\{48615A7B-F026-4F62-A3F1-49001B8E21CB}) (Version: 0.44.256 - Overwolf)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Panzar (HKLM-x32\...\{4FF82163-423A-43CE-898D-3B60D19A5E8F}_is1) (Version: 1.0 - Panzar)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)
Quake Live (HKLM-x32\...\Quake Live) (Version:  - id Software)
Quake Live Mozilla Plugin (HKLM-x32\...\{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}) (Version: 1.0.520 - id Software)
QuickDownloader (HKLM-x32\...\QuickDownloader) (Version:  - )
RACE 07 (HKLM-x32\...\Steam App 8600) (Version:  - SimBin)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.8-1.0.8500.20 - raidcall.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
rFactor (remove only) (HKLM-x32\...\rFactor) (Version:  - )
RIFT (HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\RIFT) (Version:  - Trion Worlds, Inc.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
S4 League_EU (HKLM-x32\...\{4015DB12-140F-4EE2-B0CA-4700C24B08B9}) (Version: 1.00.0000 - )
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Samplitude Pro X Silver (HKLM-x32\...\MAGIX_{08E5C3CC-05DC-4E8F-B1A1-4ED2C3C065A7}) (Version: 12.0.2.115 - MAGIX AG)
Samplitude Pro X Silver (x32 Version: 12.0.2.115 - MAGIX AG) Hidden
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.0.1 - Samsung Electronics)
Search.us.com (HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\{AD1C44DB-B932-4A62-9072-03DAAEAD61C5}) (Version:  - Search.us.com)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
ShiftWindow 1.02 (HKLM-x32\...\ShiftWindow_is1) (Version:  - Grismar)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 0.1.1682.0 - Hi-Rez Studios)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
Speccy (HKLM\...\Speccy) (Version: 1.22 - Piriform)
Spotify (HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\Spotify) (Version: 0.9.0.133.gd18ed589 - Spotify AB)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.40 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.59.30483 - SteelSeries)
Supraball (HKLM-x32\...\Supraball) (Version:  - Supra Games Gbr)
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
The Swapper (HKLM-x32\...\Steam App 231160) (Version:  - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)
TL-WN721N/TL-WN722N Driver (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.0.0 - TP-LINK)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
Tower Wars (HKLM-x32\...\Steam App 214360) (Version:  - SuperVillain Studios)
Trials Evolution Gold Edition (HKLM-x32\...\InstallShield_{07D857B8-C956-401D-BC8F-EDA8459AF037}) (Version: 1.0.0.3 - Ubisoft)
Trials Evolution Gold Edition (x32 Version: 1.0.0.3 - Ubisoft) Hidden
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
UltraMon (HKLM\...\{9069EE0A-7615-4D86-AD80-CA263E936DA6}) (Version: 3.2.2 - Realtime Soft Ltd)
Unity Web Player (HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{3814DB30-091D-11E4-BDE0-F04DA23A5C58}) (Version: 13.0.373 - Sony)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.1 - VMware, Inc)
VMware Player (Version: 6.0.1 - VMware, Inc.) Hidden
VPNAutoconnect (HKLM-x32\...\{8E557F21-99AE-440D-8058-CD8CB3302E13}) (Version: 1.15 - globalip)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WebDrive (HKLM\...\{F08E87FD-F62B-4BAC-A2D6-A94755653F30}) (Version: 11.00.2789 - South River Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Utils (HKLM-x32\...\Windows Utils) (Version:  - )
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3058922360-1817362732-2215544763-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> D:\Programme\Blender\BlendThumb64.dll No File

==================== Restore Points  =========================

24-02-2015 19:16:57 Windows Update
24-02-2015 19:52:46 Cleaner (Spybot - Search & Destroy 2.4, administrator privileges
01-03-2015 10:01:25 Windows Update
04-03-2015 17:41:59 Windows Update
08-03-2015 12:57:50 Windows Update
11-03-2015 20:46:52 Windows Update
15-03-2015 14:23:45 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-02-09 21:16 - 00007466 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14BE86F3-4B89-4851-B0B8-5A14B069A535} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {55C77216-11FB-4F6B-B43D-96966B1C8751} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-07] (Google Inc.)
Task: {80D926C0-F645-4470-93B8-5F8A25E3C6E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {E33ADB44-4A0E-473F-8D8B-E8D8A7746ED1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-07] (Google Inc.)
Task: {E57AC323-7AE1-4F3A-9C97-26C65BCFFB73} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-05-07 18:17 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-01 09:32 - 2013-10-01 09:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2013-11-07 01:52 - 2013-11-07 01:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-07 18:43 - 2007-09-02 12:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2012-01-10 13:41 - 2014-05-02 18:53 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe
2013-08-20 21:37 - 2014-11-30 20:41 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-05-07 18:43 - 2007-09-02 12:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2015-03-13 18:42 - 2015-03-07 07:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-13 18:42 - 2015-03-07 07:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-13 18:42 - 2015-03-07 07:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
2013-10-01 10:00 - 2013-10-01 10:00 - 00022336 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\Peter\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Peter\Anwendungsdaten:NT2
AlternateDataStreams: C:\Users\Peter\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Peter\AppData\Roaming:NT2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3058922360-1817362732-2215544763-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: AVM WLAN Connection Service => 2
MSCONFIG\Services: AxAutoMntSrv => 2
MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: bonanzadealslive => 2
MSCONFIG\Services: bonanzadealslivem => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BRSptSvc => 3
MSCONFIG\Services: Desura Install Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NetBalancerService => 2
MSCONFIG\Services: nlsvc => 2
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: OverwolfUpdaterService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: StarWindServiceAE => 2
MSCONFIG\Services: syncagentsrv => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: TunngleService => 3
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: WajamUpdaterV3 => 2
MSCONFIG\Services: WebDriveService => 2
MSCONFIG\Services: Yontoo Desktop Updater => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DeskNotifier.lnk => C:\Windows\pss\DeskNotifier.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk => C:\Windows\pss\LOLRecorder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UltraMon.lnk => C:\Windows\pss\UltraMon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^net.lnk => C:\Windows\pss\net.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Peter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TeamSpeak 3 Client.lnk => C:\Windows\pss\TeamSpeak 3 Client.lnk.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
MSCONFIG\startupreg: Amazon Music => "C:\Users\Peter\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: AVMWlanClient => C:\Program Files (x86)\avmwlanstick\wlangui.exe
MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Peter\AppData\Local\Smartbar\Application\QuickShare.exe startup
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: FastAccess Web Alert => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\FAInstaller\FATRY.exe
MSCONFIG\startupreg: icq => C:\Users\Peter\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: iTunesHelper => "D:\iTunesHelper.exe"
MSCONFIG\startupreg: Live! Central 3 => "C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: NetBalancer => C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
MSCONFIG\startupreg: NetLimiter => "D:\Programme\NetLimiter\nlclientapp.exe" /minimized
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Spotify => "C:\Users\Peter\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Peter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "D:\Programme\steam\steam.exe" -silent
MSCONFIG\startupreg: SteelSeries Engine => D:\Programme\SteelSeries Engine\SteelSeriesEngine.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: V0770Mon.exe => C:\Windows\V0770Mon.exe
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Peter\AppData\Roaming\Yontoo\YontooDesktop.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-3058922360-1817362732-2215544763-500 - Administrator - Disabled)
Gast (S-1-5-21-3058922360-1817362732-2215544763-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3058922360-1817362732-2215544763-1002 - Limited - Enabled)
Peter (S-1-5-21-3058922360-1817362732-2215544763-1000 - Administrator - Enabled) => C:\Users\Peter

==================== Faulty Device Manager Devices =============

Name: ARXSK96U IDE Controller
Description: ARXSK96U IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: aq17ur1s
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: AGPQBMNR IDE Controller
Description: AGPQBMNR IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: av7w3y1l
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: nldrv
Description: nldrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: nldrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: TAP-Win32 Adapter V9 (Tunngle)
Description: TAP-Win32 Adapter V9 (Tunngle)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9 (Tunngle)
Service: tap0901t
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2015 03:12:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/12/2015 03:09:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/12/2015 03:08:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (03/18/2015 04:35:05 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "NIKLAS-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{5E17941A-8E72-414D-9D96-F5ABF78014DF}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/18/2015 04:34:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (03/18/2015 04:34:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (03/18/2015 04:34:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (03/18/2015 04:34:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (03/18/2015 04:34:30 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (03/18/2015 04:34:30 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (03/18/2015 04:34:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%-2140993535

Error: (03/18/2015 04:34:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: 
%%-2140993535

Error: (03/18/2015 04:34:14 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801


Microsoft Office Sessions:
=========================
Error: (03/12/2015 03:12:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\esetsmartinstaller_deu.exe

Error: (03/12/2015 03:09:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\esetsmartinstaller_deu.exe

Error: (03/12/2015 03:08:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2013-05-29 17:57:38.781
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Peter\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-29 17:57:38.720
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Peter\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-29 17:57:38.605
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-29 17:57:38.549
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 23%
Total physical RAM: 8055.6 MB
Available physical RAM: 6173.29 MB
Total Pagefile: 16109.39 MB
Available Pagefile: 14014.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:126.16 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:139.07 GB) NTFS
Drive e: (Aufnahmen) (Fixed) (Total:931.51 GB) (Free:931.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F522DF3B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 706469D2)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B3129645)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Danke schonmal im Voraus !
__________________

Alt 18.03.2015, 17:05   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Nervige Popupwerbung im Browser, Steam etc. - Standard

Nervige Popupwerbung im Browser, Steam etc.



Hi,
wenn ich es richtig verstehe, dann besteht das Problem seit dem 14.03. und aktuell auch noch?

Kannst Du bitte mal nen screenshot posten von diesen popups?

Zitat:
Popups werden durch irgendein Java-Script aufgerufen
Was meinst Du damit?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 18.03.2015, 17:23   #5
Drasurc
 
Nervige Popupwerbung im Browser, Steam etc. - Standard

Nervige Popupwerbung im Browser, Steam etc.



Sie sind mir zumindest dort zum erstenmal aufgefallen. War die ersten 2 Märzwochen garnicht am PC deswegen kann ich keine 100% genaue Angabe machen. Der PC war wohl in Nutzung nur genau wann kann ich nicht sagen :/

Screenshot von Steam:


Mit JavaScript meine ich das, wenn ich z.B. bei amazon etwas suchen möchte und mit der Maus über den "suchen" Button gehe steht ja normalerweise der Link zu dem der Button mich führt unten Links im Browser (Chrome). Bei mir zeigt der Button unten Links aber "JavaScript..." an.
Ich kann da momentan leider keinen Screenshot machen da das Popup wohl nur manchmal auftritt :S


Alt 18.03.2015, 17:51   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Nervige Popupwerbung im Browser, Steam etc. - Standard

Nervige Popupwerbung im Browser, Steam etc.



Bitte Dein Antivirusprogramm temporär deaktivieren.

Schritt 1
Download von ZOEK (by Smeenk)
  • Speichere die zoek.exe auf dem Desktop.
  • Bitte deaktiviere während der Verwendung von Zoek Deinen Virenscanner, da dieser Zoek stören könnte.
  • Starte die zoek.exe mit einem Doppelklick und warte bis die Programmoberfläche erscheint (ca. 30 Sekunden)
  • Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:
    Code:
    ATTFilter
    systemspecs;
    filesrcm;
    autoclean;
    emptyclsid;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
    Zitat:
    Zoek.exe is running now.
    Do not start any browser windows, they may get closed automatically.
    Please wait! This window will close when finished.
    A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter C:\
  • Bitte poste mir das zoek-results.log.
__________________
--> Nervige Popupwerbung im Browser, Steam etc.

Alt 18.03.2015, 18:21   #7
Drasurc
 
Nervige Popupwerbung im Browser, Steam etc. - Standard

Nervige Popupwerbung im Browser, Steam etc.



Hier die zoek-results.txt
Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 17-March-2015
Tool run by Drasurc on 18.03.2015 at 17:57:26,40.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: E:\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

18.03.2015 17:58:11 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Dungeon Defenders deleted successfully
C:\PROGRA~2\G Data deleted successfully
C:\Program Files\HitmanPro deleted successfully
C:\PROGRA~3\Common Files deleted successfully
C:\PROGRA~3\Tunngle deleted successfully
C:\Users\Peter\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3058922360-1817362732-2215544763-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HiPatchService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HiPatchService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nlsvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\nlsvc deleted successfully

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Dungeon Defenders not found
C:\PROGRA~2\G Data not found
C:\Users\Peter\AppData\Roaming\.minecraft deleted
C:\Users\Peter\AppData\Roaming\DVDVideoSoft deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\Users\Peter\AppData\Roaming\WB.CFG deleted
C:\Users\Peter\AppData\Roaming\Common deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Hotspot Shield deleted
C:\Users\Peter\AppData\Local\CrashRpt deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8056 MB
CPU Info: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
CPU Speed: 3301,1 MHz
Sound Card: Lautsprecher (2- High Definitio | 
Digitalaudio (HDMI) (2- High De | 
Display Adapters: NVIDIA GeForce GTX 970 | NVIDIA GeForce GTX 970 | NVIDIA GeForce GTX 970 | NVIDIA GeForce GTX 970 | Intel(R) HD Graphics 3000 | Intel(R) HD Graphics 3000 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 2x; PnP-Monitor (Standard) | PnP-Monitor (Standard) | 
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Hamachi Network Interface | Atheros AR9271 Wireless Network Adapter
CD / DVD Drives: 1x (F: | ) F: DTSOFT  BDROM
Ports: COM1 LPT1
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C:  232,8GB | D:  465,8GB | E:  931,5GB
Hard Disks - Free: C:  130,2GB | D:  139,1GB | E:  931,3GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 10/16/12 | ALASKA - 1072009
Time Zone: Mitteleuropäische Zeit
Motherboard *: ASUSTeK COMPUTER INC. P8B75-M
Country: Deutschland 
Language: DEU 

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Google Chrome	41.0.2272.89
Internet Explorer Version: 10.0.9200.16660 
Mozilla Firefox version: 25.0 (x86 en-US)
Google Chrome version: 41.0.2272.89
Adobe Reader version: 11.0.10.32
Sun Java version: 1.8.0_40 (32-bit) 
Sun Java version: 1.8.0_40 (64-bit) 
Flash Player version: 16.0.0.305

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Peter\AppData\Local\Temp ====
2015-03-12 13:53:40	E0DC8C6BBC787B972A9A468648DBFD85	1008128	----a-w-	C:\Users\Peter\AppData\Local\Temp\jrt\libiconv2.dll
2015-03-12 13:53:40	D202BAA425176287017FFE1FB5D1B77C	103424	----a-w-	C:\Users\Peter\AppData\Local\Temp\jrt\libintl3.dll
2015-03-12 13:53:40	57CAC848FA14AE38F14F9441F8933282	140288	----a-w-	C:\Users\Peter\AppData\Local\Temp\jrt\pcre3.dll
2015-03-12 13:53:40	547C43567AB8C08EB30F6C6BACB479A3	79360	----a-w-	C:\Users\Peter\AppData\Local\Temp\jrt\regex2.dll
2015-03-07 14:42:49	55FD284EE60759524338C42DD1F3573A	561576	----a-w-	C:\Users\Peter\AppData\Local\Temp\jre-8u40-windows-au.exe
2015-03-07 14:37:07	715C98AA5955E7E07FB99D87F522E73A	200192	------w-	C:\Users\Peter\AppData\Local\Temp\jna\jna7364976806689286452.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-03-07 16:40:24	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Windows\SysWOW64\Access.dat
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2015-03-12 13:57:31	26C43960C99EE861A5D0EDC4DCF3B1C3	129752	----a-w-	C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2015-03-12 13:57:21	CA43F8904E24BBE49982E4C0B29E6579	25816	----a-w-	C:\Windows\Sysnative\drivers\mbam.sys
2015-03-12 13:57:21	A646C2DDB8C46E9B20A326FAF566646C	63704	----a-w-	C:\Windows\Sysnative\drivers\mwac.sys
2015-03-12 13:57:21	478CC94C937D235CB0A96AB8F2359D81	93400	----a-w-	C:\Windows\Sysnative\drivers\mbamchameleon.sys
2015-02-23 19:27:11	C00C33ECF1273D50FA4468A4444DCEA2	43664	----a-w-	C:\Windows\Sysnative\drivers\hitmanpro37.sys
====== C:\Windows\Tasks ======
2015-02-20 17:39:11	--------	d-----w-	C:\Windows\Sysnative\Tasks\Safer-Networking
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-03-12 14:09:02	--------	d-----w-	C:\PROGRA~2\ESET
2015-03-07 14:44:19	--------	d-----w-	C:\PROGRA~2\COMMON~1\Java
2015-02-24 18:06:56	--------	d-----w-	C:\PROGRA~2\LogMeIn Hamachi
======= C: =====
2015-02-23 17:21:01	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\autoexec.bat
====== C:\Users\Peter\AppData\Roaming ======
2015-03-18 16:17:00	--------	d-----w-	C:\Users\Peter\AppData\Local\Paint.NET
2015-03-07 18:02:36	--------	d-----w-	C:\Users\Peter\AppData\Roaming\Origin
2015-03-07 18:02:34	--------	d-----w-	C:\Users\Peter\AppData\Local\Origin
2015-03-07 16:49:09	--------	d-----w-	C:\Users\Peter\AppData\Roaming\WinRAR
2015-03-07 14:37:09	--------	d-----w-	C:\Users\Peter\AppData\Roaming\NVIDIA
2015-03-07 14:34:32	--------	d-----w-	C:\Users\Peter\AppData\Roaming\java
2015-02-24 18:13:23	--------	d-----w-	C:\Users\Peter\AppData\Local\CrashDumps
2015-02-24 17:34:57	--------	d-----w-	C:\Users\Peter\AppData\Roaming\A Bird Story
2015-02-23 19:16:54	--------	d-----w-	C:\Users\Peter\AppData\Local\Adobe
2015-02-23 19:09:16	257D761F8AF552FFF4637400E3908459	114688	----a-w-	C:\Users\Peter\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-23 19:09:16	--------	d-----w-	C:\Users\Peter\AppData\Local\Deployment
2015-02-22 15:50:07	--------	d-----w-	C:\Users\Peter\AppData\Roaming\LolClient
2015-02-22 15:12:16	--------	d-----w-	C:\Users\Peter\AppData\Roaming\SteelSeries
2015-02-21 16:11:48	--------	d-----w-	C:\Users\Peter\AppData\Local\Steam
2015-02-21 13:48:32	--------	d-----w-	C:\Users\Peter\AppData\Local\Mozilla
2015-02-21 12:18:42	--------	d-----w-	C:\Users\Peter\AppData\Local\DisplayFusion
2015-02-21 12:13:58	--------	d-----w-	C:\Users\Peter\AppData\Local\LogMeIn
2015-02-20 17:43:00	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs
2015-02-20 17:37:59	--------	d-----w-	C:\Users\Peter\AppData\Local\Programs
====== C:\Users\Peter ======
2015-03-18 15:39:43	F58676DE827DD9A5F3A44A698E8B4663	2095616	----a-w-	C:\Users\Peter\Desktop\FRST64.exe
2015-03-07 16:42:37	--------	d-----w-	C:\Users\Public\Documents\Tunngle
2015-03-07 16:42:37	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2015-02-24 18:06:56	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-02-23 19:22:24	--------	d-----w-	C:\ProgramData\HitmanPro
2015-02-23 17:20:18	--------	d-----w-	C:\Users\Peter\Start Menu

====== C: exe-files ==
2015-03-18 15:39:43	F58676DE827DD9A5F3A44A698E8B4663	2095616	----a-w-	C:\Users\Peter\Desktop\FRST64.exe
2015-03-17 17:29:50	A19E8C12D751614C95B274FBBF4E95B0	484024	----a-w-	C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\00007160\streaming-assets-left_4_dead_2.19410377.exe
2015-03-17 17:29:50	663F16F263033FEECCB817B7188516A9	461096	----a-w-	C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\0000719d\streaming-assets-south_park_the_stick_of_truth.19410377.exe
2015-03-17 17:29:49	A3E46242E9F02F3C8BF491F224FA5FBB	460672	----a-w-	C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\00007183\streaming-assets-orcs_must_die_2.19410377.exe
2015-03-17 17:29:49	78D57B6E110EDA254B8315034EF6D902	412728	----a-w-	C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\0000715f\streaming-assets-league_of_legends.19410377.exe
2015-03-17 17:29:49	568912035B681E5CF712B0838F5B9163	396872	----a-w-	C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\00007176\streaming-assets-mortal_kombat.19410377.exe
2015-03-17 17:29:48	9054420CB4B70EA6AB4B4AC21FF6975E	372872	----a-w-	C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\00007157\streaming-assets-hearthstone_heroes_of_warcraft.19410377.exe
2015-03-17 17:29:48	68DE3E62DDCB85E2120C3EFD22A122F2	360424	----a-w-	C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\000071b5\streaming-assets-warcraft_3_tft.19410377.exe
2015-03-17 17:29:48	5DE4EEBD5224A6645F02867296240722	356736	----a-w-	C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\0000715b\streaming-assets-just_cause_2.19410377.exe
2015-03-17 17:29:47	B5F89E95243701A83D630C3860BBD962	285728	----a-w-	C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\0000715c\streaming-assets-just_cause_2_multiplayer.19410377.exe
2015-03-17 17:29:47	B419B3410CB09BF117D5CD5C58ED51AC	192152	----a-w-	C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\000071a7\streaming-assets-the_stanley_parable.19410377.exe
2015-03-17 17:29:47	337AE100254B95EBAE5256831BB8400B	279048	----a-w-	C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\00007199\streaming-assets-skyrim.19410377.exe
2015-03-17 17:29:47	13910AF75B07D73379CF25C098B47E31	354240	----a-w-	C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\00007185\streaming-assets-payday_2.19410377.exe
2015-03-17 17:29:32	9839DA9F59DDABFDD27E2D981A682EAC	5254568	----a-w-	C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\00007141\DAO.19407091.exe
2015-03-17 14:18:06	7B2A209308EA205FB31FA7944DFF9399	22016	----a-w-	C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\StreamingAssets\skyrim\automated_launch.exe
2015-03-17 14:06:06	435C55D158682C9B2DB61F2D85B2EAD1	35840	----a-w-	C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\StreamingAssets\hearthstone_heroes_of_warcraft\automated_launch.exe
2015-03-16 18:27:16	D24128C047C85A44FCE392E376BFF8D4	18103800	----a-w-	C:\Riot Games\League of Legends\RADS\projects\lol_game_client\releases\0.0.1.20\deploy\League of Legends.exe
2015-03-16 18:20:50	F435677A723823CD708254645656AEE3	3331064	----a-w-	C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\LoLPatcherUx.exe
2015-03-16 18:20:50	0C0BE97725F9CE45D23B0C1DBB733C0B	3796984	----a-w-	C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\LoLPatcher.exe
2015-03-16 18:20:50	037DDC1B04092E3A8D42BBFBD5894D28	114168	----a-w-	C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.23\deploy\jpatch.exe
2015-03-16 18:20:46	290978BC5B1F2F2EA5A18A08A7050669	2211832	----a-w-	C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.239\deploy\LoLLauncher.exe
2015-03-16 18:20:46	037DDC1B04092E3A8D42BBFBD5894D28	114168	----a-w-	C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.239\deploy\jpatch.exe
2015-03-16 16:08:32	E610D078F51B94352DFBD0414D9458C3	676144	----a-w-	C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
2015-03-16 16:08:28	EF7D906D2A2F7BD18477F47E074A3F11	173872	----a-w-	C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe
2015-03-13 17:41:37	7DF547F2E361A6ADC8DFAF9544C6A283	10033232	----a-w-	C:\Program Files (x86)\Google\Update\Install\{D48B430A-2917-4008-A0ED-665249BA9665}\41.0.2272.89_40.0.2214.115_chrome_updater.exe
2015-03-13 17:41:36	7DF547F2E361A6ADC8DFAF9544C6A283	10033232	----a-w-	C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\41.0.2272.89\41.0.2272.89_40.0.2214.115_chrome_updater.exe
2015-03-12 14:09:06	E273331224005C5A8A504164373DE1DC	535304	----a-w-	C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2015-03-12 14:09:06	9E47522861242EE002D7F385C35D1322	2887824	----a-w-	C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2015-03-12 14:09:06	5B3DE7968D23B476AFB256D8014B25B9	333424	----a-w-	C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2015-03-12 14:09:06	47B06E473B78A792DF07D226E0537D63	119184	----a-w-	C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2015-03-12 14:09:06	3C3F35C91F230493B088B334E39D1F7A	358144	----a-w-	C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2015-03-11 19:37:34	E05AA5F22B9F3124B3D16304F549A1DC	439696	----a-w-	C:\Users\Peter\AppData\Local\NVIDIA\NvBackend\Packages\00007107\CoProc update.19389532.exe
=== C: other files ==
2015-03-12 13:57:31	26C43960C99EE861A5D0EDC4DCF3B1C3	129752	----a-w-	C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-03-12 13:57:21	CA43F8904E24BBE49982E4C0B29E6579	25816	----a-w-	C:\Windows\System32\drivers\mbam.sys
2015-03-12 13:57:21	A646C2DDB8C46E9B20A326FAF566646C	63704	----a-w-	C:\Windows\System32\drivers\mwac.sys
2015-03-12 13:57:21	478CC94C937D235CB0A96AB8F2359D81	93400	----a-w-	C:\Windows\System32\drivers\mbamchameleon.sys
2015-03-12 13:53:40	F56A319979F631C141F5FF02DF87FDB1	43563	----a-w-	C:\Users\Peter\AppData\Local\Temp\jrt\prelim.bat
2015-03-12 13:53:40	E49F9C309DC32E854A081507B89EBE39	11201	----a-w-	C:\Users\Peter\AppData\Local\Temp\jrt\runvalues.bat
2015-03-12 13:53:40	DD1E4D974B1672ABD09EFFB225791C4A	1230	----a-w-	C:\Users\Peter\AppData\Local\Temp\jrt\TDL4.bat
2015-03-12 13:53:40	AD2F52DC72B10AF331692E4A4DD80DFC	18670	----a-w-	C:\Users\Peter\AppData\Local\Temp\jrt\medfos.bat
2015-03-12 13:53:40	AA0C656F898523BEDF2DA6923197BB80	1264	----a-w-	C:\Users\Peter\AppData\Local\Temp\jrt\surfvox.bat
2015-03-12 13:53:40	8E6020C14F982CF11B3FE7DBB0CB8EDE	24738	----a-w-	C:\Users\Peter\AppData\Local\Temp\jrt\searchlnk.bat
2015-03-12 13:53:40	883C768ADFD65F6C4968BD852B8D45E5	14924	----a-w-	C:\Users\Peter\AppData\Local\Temp\jrt\get.bat
2015-03-12 13:53:40	86707BCE5CBB65D9B1C41E249B4423BA	152733	----a-w-	C:\Users\Peter\AppData\Local\Temp\jrt\firefox.bat
2015-03-12 13:53:40	83F691D8398F0E37E71E9355BF730DB9	719	----a-w-	C:\Users\Peter\AppData\Local\Temp\jrt\ev_clear.bat
2015-03-12 13:53:40	56CE326F6AAE3CF1709D332C04E8F9F1	191237	----a-w-	C:\Users\Peter\AppData\Local\Temp\jrt\misc.bat
2015-03-12 13:53:40	38A0BDF322ACCC968B0A824C38D50157	29635	----a-w-	C:\Users\Peter\AppData\Local\Temp\jrt\ask.bat
2015-03-12 13:53:40	335DFF8F23E5EC02B5426362F0F8509B	31401	----a-w-	C:\Users\Peter\AppData\Local\Temp\jrt\iexplore.bat
2015-03-12 13:53:40	0C4649A62845AB5D5DBCC4998477FF6D	1813	----a-w-	C:\Users\Peter\AppData\Local\Temp\jrt\delfolders.bat
2015-03-12 13:53:40	080CFDE64F31E7B50EECF4552033E84D	9937	----a-w-	C:\Users\Peter\AppData\Local\Temp\jrt\mws.bat
2015-03-12 13:53:40	048407135C9B1FB6A355E256BD96160D	14192	----a-w-	C:\Users\Peter\AppData\Local\Temp\jrt\chrome.bat

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\78zcl8l0.default
user_pref("browser.newtab.url", "");

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\78zcl8l0.default
C62322C77D1AAB77B1CF1130FCC3673A	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll -	Shockwave Flash
BB56E2AC04608ED784B1293BB676CE24	- C:\Users\Peter\AppData\Local\Screenleap\npscreenleap1.1.dll -	Screenshare Plugin
2BC6A052D9B153F6DC2F0E420FB4F407	- C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -	Unity Player
C899B98999270821EDFFA56044DE2377	- C:\Users\Peter\AppData\Roaming\raidcall\plugins\nprcplugin.dll -	Raidcall plugin
E557911A8903410D52FF9B3245954F4F	- C:\Users\Peter\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll -	Game Face Plugin
D0621E248FE23302CB379AA664CA17ED	- C:\ProgramData\id Software\QuakeLive\npquakezero.dll -	QUAKE LIVE


==== Chromium Look ======================

Google Chrome Version: 41.0.2272.89 (Up to date, latest Stable version: 41.0.2272.89)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aakchaleigkohafkfjfjbblobjifikek - C:\Users\Peter\AppData\LocalLow\proxtube\CHROME\proxtube.crx[14.05.2013 20:35]

AdBlock - Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Chrome Hotword Shared Module - Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://google.de/"
"Search Page"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Use Search Asst"="yes"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://google.de/"
"Use Search Asst"="no"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="hxxp://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 65800 deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\2250232B8C4065744B1AE53E4D447027 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Infrastructure Helper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FastAccess Web Alert deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetBalancer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yontoo Desktop deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Peter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Peter\AppData\Local\Mozilla\Firefox\Profiles\78zcl8l0.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=970 folders=394 241226659 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Peter\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Peter\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 18.03.2015 at 18:19:46,24 ======================
         

Antwort

Themen zu Nervige Popupwerbung im Browser, Steam etc.
adwcleaner, antiviren, bearbeitung, browser, confused, durchgeführt, etliche, fenster, forum, gesuch, gesucht, hilft, hoffe, javascript, nervige, popup, popups, popupwerbung, russisch, scan, scanner, schei, script, seite, steam, sämtliche, tagen, umlauf, virus



Ähnliche Themen: Nervige Popupwerbung im Browser, Steam etc.


  1. Windows 8.1: Adware im Steam-Browser!
    Plagegeister aller Art und deren Bekämpfung - 18.10.2015 (7)
  2. Windows 7: Steam Account durch Virus gehackt und entwendet, Steam infiziert : Win32:Malware-gen
    Log-Analyse und Auswertung - 14.09.2015 (16)
  3. Browser Problem(+Steam) : unzählige ungewollte Pop ups
    Plagegeister aller Art und deren Bekämpfung - 07.09.2015 (11)
  4. Popup Invasion im Jedem Browser und bei Steam
    Log-Analyse und Auswertung - 08.06.2015 (8)
  5. Tabs mit Werbung im Browser und Steam
    Log-Analyse und Auswertung - 02.04.2015 (4)
  6. Ständig nervige Werbung im Chrome Browser
    Log-Analyse und Auswertung - 01.03.2015 (13)
  7. Windows 7: Adware oder ähnliches. Browser und steam betroffen
    Log-Analyse und Auswertung - 18.12.2014 (7)
  8. Adware/Trojaner Problem im Browser/Steam
    Netzwerk und Hardware - 01.07.2014 (22)
  9. Ungewollte Werbung in Browser und Steam
    Plagegeister aller Art und deren Bekämpfung - 27.05.2014 (9)
  10. Wlan Verbindung. Ping Einbrüche sobald ich Browser|LoL|Steam|multiplayer öffne
    Netzwerk und Hardware - 11.05.2014 (1)
  11. nervige Pop ups
    Plagegeister aller Art und deren Bekämpfung - 27.02.2014 (8)
  12. Steam(file2.exe) ohne das man Steam installiert hat
    Plagegeister aller Art und deren Bekämpfung - 21.02.2010 (1)
  13. Viren blocken Antivir und öffnen nervige Tabs im Browser
    Log-Analyse und Auswertung - 13.11.2009 (1)
  14. Nervige Spyware
    Plagegeister aller Art und deren Bekämpfung - 22.07.2006 (11)
  15. nervige pop-ups
    Log-Analyse und Auswertung - 04.06.2006 (14)
  16. nervige Pop Ups
    Plagegeister aller Art und deren Bekämpfung - 08.11.2004 (1)
  17. Nervige Dll
    Archiv - 18.01.2003 (0)

Zum Thema Nervige Popupwerbung im Browser, Steam etc. - Guden Tach ! Seit 3 Tagen bekomme ich ständig irgendwelche Popup Fenster im Browser, Steam etc. Die Popups sind meistens auf Russisch oder so... habe schon hier im Forum gesucht - Nervige Popupwerbung im Browser, Steam etc....
Archiv
Du betrachtest: Nervige Popupwerbung im Browser, Steam etc. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.