Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 7: Webseiten werden auf Werbung umgeleitet.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.04.2014, 19:53   #1
Martin1234
 
Windows 7: Webseiten werden auf Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Werbung umgeleitet.



Hi, habe das Problem das mein firefox manchmal zuerst eine Werbeseite aufruft und nach jedem neustart adblock von meinem firefox entfernt wird.
Das Problem hierfür ist wohl Adware/Crossrider.A.507 den mein antivir zwar finden aber nicht komplett löschen kann.
Zusätzlich habe ich wohl ein paar andere unerwünschte Programme die ich allerdings auch nicht los werde und keine Ahnung habe was sie machen zumindest blockt mein malewarebytes ab und an eine website die ich nicht aufgerufen habe.

hoffe ihr könnt mir helfen.

Grüße Martin



Hier noch meine log files.

Addition.txt

FRST.txt

GMER.log

maleware.log

Alt 25.04.2014, 21:10   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Webseiten werden auf Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Werbung umgeleitet.



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 25.04.2014, 22:50   #3
Martin1234
 
Windows 7: Webseiten werden auf Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Werbung umgeleitet.



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-04-2014 01
Ran by Martin at 2014-04-25 20:04:24
Running from C:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
aiofw (x32 Version: 2.01.0000.0000 - Eastman Kodak Company) Hidden
aioocr (x32 Version: 1.00.0000 - kodak) Hidden
aioprnt (x32 Version: 2.01.0000.0000 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 2.01.0000.0000 - Eastman Kodak Company) Hidden
AMD USB Filter Driver (x32 Version: 1.0.14.91 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
applicationupdater (HKCU\...\SOE-C:/Users/Martin/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version:  - Sony Online Entertainment)
ATI Catalyst Install Manager (HKLM\...\{8019A54F-530F-84C2-24DD-1C9F53257F7C}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
AutoIt v3.3.8.1 (HKLM-x32\...\AutoItv3) (Version:  - AutoIt Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield Heroes (Martin) (HKCU\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser Configuration Utility (HKLM-x32\...\{D793423B-FF18-4A54-B9C9-75B3396BAAC4}) (Version: 1.0.10.0 - DeviceVM Inc.)
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - ) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
center (x32 Version: 2.01.0000.0000 - Eastman Kodak Company) Hidden
concept/design onlineTV 6 (HKLM-x32\...\{5BF5331F-E271-4A1F-AF5D-30A93EFF2584}_is1) (Version: onlineTV 6 - concept/design GmbH)
Counter-Strike 1.6 V40 (HKLM-x32\...\Counter-Strike 1.6 V40) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version:  - )
Curse Client (HKCU\...\090215de958f1060) (Version: 4.0.1.286 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{6BDEB2BD-7C8B-4734-9E2F-E9EDC9D6C844}) (Version:  - Microsoft)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Die Siedler IV (HKLM-x32\...\S4Uninst) (Version:  - )
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 1.0.2.23 - DivX, Inc. )
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve )
Dropbox (HKCU\...\Dropbox) (Version: 1.4.7 - Dropbox, Inc.)
EPU (HKLM-x32\...\{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}) (Version: 1.02.20 - )
Express Gate (HKLM-x32\...\{99AD9D6D-A456-49EE-8360-F22EE7AA1272}) (Version: 1.5.17.9 - DeviceVM, Inc.)
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube to MP3 Converter version 3.9.40.602 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
FTPRush 2.1.8 (HKLM-x32\...\FTP Rush_is1) (Version: 2.1.8 - wftpserver.com)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GPU Caps Viewer v1.4.2 (HKLM-x32\...\GPU Caps Viewer_is1) (Version:  - oZone3D.Net)
Hamachi 1.0.1.5 (HKLM-x32\...\Hamachi) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Help_CTR (x32 Version: 2.01.0000.000 - Eastman Kodak Company) Hidden
helptut (x32 Version: 2.00.0000.0000 - kodak) Hidden
helpug (x32 Version: 2.01.0000.0000 - kodak) Hidden
HGST Align Tool (HKLM-x32\...\{DD432BE5-28CD-413E-875F-1B04550ED306}) (Version: 2.0.154 - Acronis)
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{61ADDE9C-3AE6-46FC-9127-DFFF637AED03}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (HKLM\...\{8F4884F1-488D-4738-8F71-65A378BB484C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Hilfe (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Iminent (x32 Version: 6.46.1.0 - Iminent) Hidden <==== ATTENTION
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Java(TM) SE Development Kit 6 Update 20 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160200}) (Version: 1.6.0.200 - Sun Microsystems, Inc.)
Java(TM) SE Development Kit 6 Update 23 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160230}) (Version: 1.6.0.230 - Oracle)
JDownloader (HKLM-x32\...\JDownloader) (Version:  - AppWork UG (haftungsbeschränkt))
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.)
KODAK All-in-One-Druckersoftware (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
ksdip (x32 Version: 2.00.0000.0000 - Eastman Kodak Company) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.52 (HKLM\...\Logitech Gaming Software) (Version: 8.52.15 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MorphVOX Pro (HKLM-x32\...\{6D938EC0-26C8-4926-B082-64BABE34EB84}) (Version: 4.3.19 - Screaming Bee)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
netbrdg (x32 Version: 6.04.0000.0001 - EASTMAN KODAK Company) Hidden
No23 Recorder (HKLM-x32\...\{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}) (Version: 2.1.0.3 - No23)
NVIDIA 3D Vision Controller-Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Oracle VM VirtualBox 4.1.18 (HKLM\...\{4EE61784-10C6-4B7C-A0B2-5BED17B05741}) (Version: 4.1.18 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 8.2.6.475 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.11.2.26246 - Grinding Gear Games)
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PKR (HKLM-x32\...\PKR) (Version:  - PKR Ltd)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Power Sound Editor Free (HKLM-x32\...\Power Sound Editor Free) (Version:  - PowerSE Studio Inc.)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Protegere (HKLM-x32\...\Protegere) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
QIP 2010 10.10.12.4240 (HKCU\...\QIP 2010) (Version: 10.10.12.4240 - )
QIP Internet Guardian (HKCU\...\QipGuard) (Version:  - )
QuickTime (HKLM-x32\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
RAR Password Cracker (HKLM-x32\...\RAR Password Cracker) (Version: 4.12 - dnSoft Research Group)
RAR Password Unlocker (HKLM-x32\...\{69B77D45-F5AD-4AB9-933D-352703324469}_is1) (Version:  - RAR Password Unlocker, Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.17.23 - Razer Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.15.209.2010 - Realtek)
Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Sandboxie 3.48 (64-bit) (HKLM\...\Sandboxie) (Version:  - )
SFR (x32 Version: 6.04.0000.0001 - Eastman Kodak Company) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Six Updater (HKLM-x32\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7016 - Six Projects)
Skype Toolbars (HKLM-x32\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SopCast 3.3.2 (HKLM-x32\...\SopCast) (Version: 3.3.2 - www.sopcast.com)
Sound Blaster Play! (HKLM-x32\...\{6C8D0421-2896-45E0-AFDA-960BC2E2E2EF}) (Version: 1.1 - )
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
Spotify (HKCU\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
SpyHunter (HKLM\...\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}) (Version: 4.11.10.4138 - Enigma Software Group USA, LLC)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StationRipper 2.98.2 (HKCU\...\StationRipper) (Version: 2.98.2 - Ratajik Software)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SX Virtual Link (HKLM\...\SX Virtual Link) (Version: 2.2.0 - silex technology, Inc.)
System.Data.SQLite v1.0.74.0 (HKLM-x32\...\{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1) (Version: 1.0.74.0 - System.Data.SQLite Team)
TeamPlayerLITE (HKLM-x32\...\{AB262B3B-3D7C-4252-88EA-16E359202365}_is1) (Version: v2.5 - WunderWorks)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
TmUnitedForever (HKLM-x32\...\TmUnitedForever_is1) (Version:  - Nadeo)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
TurboV EVO (HKLM-x32\...\{491D92A9-69CA-4EB4-81D3-0106F9337957}) (Version: 1.02.20 - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unigine Heaven Benchmark v2.1 (HKLM-x32\...\{38468127-9E6F-4FC9-B5F7-42D4AD437D96}) (Version: 2.1 - Unigine Corp.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D7D96A96-F61F-48AD-B2DC-4F4B6938D2AB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{0C175ED0-26B9-4B09-AFA9-3F16A03A29B9}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{651EE0E5-C789-48D8-8B91-F79352B783C9}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{81CA2EFA-7250-4B1E-B3A6-E0595224E2CD}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{190EC86F-5867-4D7A-B9F3-D14D82C26F3D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2B7EA7DF-B822-4C58-B90A-961B6BAF454B}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Veetle TV 0.9.17 (HKLM-x32\...\Veetle TV) (Version: 0.9.17 - Veetle, Inc)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VKMusic 4 (HKLM-x32\...\VKMusic 4_is1) (Version:  - )
VLC media player 1.1.5 (HKLM-x32\...\VLC media player) (Version: 1.1.5 - VideoLAN)
William Hill Poker (HKCU\...\William Hill Poker) (Version:  - )
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.7.7 - Shark007)
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WinSCP 4.3.2 (HKLM-x32\...\winscp3_is1) (Version: 4.3.2 - Martin Prikryl)
Wippien 2.5 (HKLM\...\A4DA3EE7-C6FC-44AD-9E47-9A4D3B0099D3_is1) (Version:  - )
Wise Registry Cleaner 8.03 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.03 - WiseCleaner.com, Inc.)
Word Reader 5.4 (HKLM-x32\...\Word Reader 5.4) (Version:  - hxxp://www.word-reader.com/)
Xilisoft Video Editor 2 (HKLM-x32\...\Xilisoft Video Editor 2) (Version: 2.2.0.20120901 - Xilisoft)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
X-NetStat Pro 5.59 (HKLM-x32\...\X-NetStat Pro) (Version: 5.59 - Fresh Software)
YTD Video Downloader 3.9 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version:  - GreenTree Applications SRL)

==================== Restore Points  =========================

23-04-2014 01:19:50 Windows Update
24-04-2014 13:54:22 Installed osu!

==================== Hosts content: ==========================

2009-07-14 04:34 - 2011-09-21 14:42 - 00000950 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 mp02.maniaplanet.com
127.0.0.1 mp01.maniaplanet.com
127.0.0.1 mp03.maniaplanet.com
127.0.0.1 game.maniaplanet.com


==================== Scheduled Tasks (whitelisted) =============

Task: {010D7A89-E101-461F-8C70-EF540C30B983} - System32\Tasks\{FB8EA66E-ED8D-45AD-AB21-9C643F703307} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {12DE61B0-2209-4588-B552-D5219EFCFA98} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {1ADF5663-E05A-43D1-BC68-5B5CED2AEFF8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2B777F26-C005-4300-8359-E7D0BE967350} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2012-10-10] (Enigma Software Group USA, LLC.)
Task: {3723DF38-63D0-4262-8052-DFFCF4EEBBE5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-30] (Google Inc.)
Task: {784C8773-8F92-4600-9188-969185BFB8BA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {86018B28-2CB6-404F-A6B6-B2BB0D2285FB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-30] (Google Inc.)
Task: {B0BC92F7-18A5-4006-B559-64DEB6190EE4} - \Lyrics-Pal Update No Task File <==== ATTENTION
Task: {DA61FD1D-9973-44EA-A2B3-594DBB006D28} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {EC325C81-0468-4FB3-A8B3-B670DA0FD661} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [2010-04-02] (ASUSTeK Computer Inc.)
Task: {F96FC6FB-2EFD-460F-9B63-799B3C1082FC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4d97fa53aa51.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Deskjet 3050A J611 series.exe_{C57CAAC8-E585-41BB-B398-9888A80E2599}.job => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HP Deskjet 3050A J611 series.exe
Task: C:\Windows\Tasks\Toolbox.exe_{606C1327-B5C1-4E89-B0B0-70DA20BD40CF}.job => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\Toolbox.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2009-03-30 08:32 - 2009-03-30 08:32 - 00032768 ____R () C:\Windows\DAODx.exe
2010-03-22 11:59 - 2010-03-22 11:59 - 00029696 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\_old_qgif4.dll
2010-03-22 11:59 - 2010-03-22 11:59 - 00155648 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\_old_qjpeg4.dll
2013-02-27 17:15 - 2013-10-31 23:36 - 00302056 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2013-02-27 17:15 - 2013-10-31 23:36 - 00320488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2013-02-27 17:15 - 2013-10-31 23:36 - 00565224 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-10-31 23:36 - 2013-10-31 23:36 - 00700904 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2013-08-11 20:51 - 2013-08-07 11:38 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2010-08-24 01:18 - 2010-02-08 17:19 - 00053248 _____ () C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
2010-08-24 01:18 - 2008-12-10 20:04 - 00253952 _____ () C:\Program Files\ASUS\TurboV EVO\pngio.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-08-24 01:18 - 2009-06-24 08:47 - 00061440 _____ () C:\Program Files\ASUS\TurboV EVO\flashobj.dll
2014-03-20 13:16 - 2014-04-22 00:55 - 00340480 _____ () C:\Users\Martin\Desktop\Spiele\Metro2033\libavresample-1.dll
2014-04-23 16:08 - 2014-04-22 00:55 - 00471552 _____ () C:\Users\Martin\Desktop\Spiele\Metro2033\libavutil-53.dll
2014-03-20 13:16 - 2014-04-01 00:09 - 00754688 _____ () C:\Users\Martin\Desktop\Spiele\Metro2033\SDL2.dll
2014-03-20 13:16 - 2014-04-22 01:42 - 01135808 _____ () C:\Users\Martin\Desktop\Spiele\Metro2033\bin\chromehtml.DLL
2014-03-20 13:16 - 2014-03-03 21:15 - 20626624 _____ () C:\Users\Martin\Desktop\Spiele\Metro2033\bin\libcef.dll
2014-03-20 13:16 - 2013-06-15 01:49 - 01100800 _____ () C:\Users\Martin\Desktop\Spiele\Metro2033\bin\avcodec-53.dll
2014-03-20 13:16 - 2013-06-15 01:49 - 00124416 _____ () C:\Users\Martin\Desktop\Spiele\Metro2033\bin\avutil-51.dll
2014-03-20 13:16 - 2013-06-15 01:49 - 00192000 _____ () C:\Users\Martin\Desktop\Spiele\Metro2033\bin\avformat-53.dll
2014-03-12 12:45 - 2014-03-12 12:45 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-11 00:44 - 2014-02-11 00:44 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Martin:gs5sys
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\ProgramData\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\Martin\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Martin\Cookies:gs5sys
AlternateDataStreams: C:\Users\Martin\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\Martin\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\Martin\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Martin\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Martin\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Martin\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Martin\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\Martin\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AsSysCtrlService => 2
MSCONFIG\Services: AVM WLAN Connection Service => 2
MSCONFIG\Services: BCUService => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
MSCONFIG\Services: CTAudSvcService => 2
MSCONFIG\Services: DvmMDES => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: KodakSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SProtection => 2
MSCONFIG\Services: SpyHunter 4 Service => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TunngleService => 2
MSCONFIG\Services: Update ResultsAlpha => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk => C:\Windows\pss\SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk => C:\Windows\pss\ctfmon.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVMWlanClient => C:\Program Files (x86)\avmwlanstick\wlangui.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BCU => "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Download Protect => C:\ProgramData\dlprotect.exe
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: Iminent => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
MSCONFIG\startupreg: Infium => "C:\Program Files\QIP 2010\qip.exe" /autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: QIP Internet Guardian => C:\Users\Martin\AppData\Roaming\QipGuard\QipGuard.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RGSC => C:\Users\Martin\Desktop\Spiele\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Six Engine => "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Spotify => "C:\Users\Martin\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Martin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Users\Martin\Desktop\Spiele\Metro2033\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UpgradeHelper => C:\Users\Martin\AppData\Roaming\vlc\{F9D4713E-ED27-444D-B9A0-304AEC284D25}\UpgradeHelper.exe
MSCONFIG\startupreg: Userinit => C:\Users\Administrator\AppData\Roaming\appConf32.exe
MSCONFIG\startupreg: VolPanel => "C:\Program Files (x86)\Creative\Sound Blaster Play\Volume Panel\VolPanlu.exe" /r

==================== Faulty Device Manager Devices =============

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/25/2014 05:53:01 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 10.11.15.0, Zeitstempel: 0x52a6776c
Name des fehlerhaften Moduls: nvspcap.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52a67618
Ausnahmecode: 0xc0000005
Fehleroffset: 0x100077e2
ID des fehlerhaften Prozesses: 0xa08
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3

Error: (04/25/2014 05:52:52 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 10.11.15.0, Zeitstempel: 0x52a6776c
Name des fehlerhaften Moduls: nvspcap.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52a67618
Ausnahmecode: 0xc0000005
Fehleroffset: 0x100be510
ID des fehlerhaften Prozesses: 0xa08
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3

Error: (04/24/2014 08:49:42 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (04/24/2014 08:49:42 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (04/22/2014 05:40:25 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/22/2014 02:42:24 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (04/16/2014 00:10:34 PM) (Source: Application Hang) (User: )
Description: Programm Steam.exe, Version 2.13.4.49 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1fbc

Startzeit: 01cf5925a8153326

Endzeit: 879

Anwendungspfad: C:\Users\Martin\Desktop\Spiele\Metro2033\Steam.exe

Berichts-ID: 3e9d1993-c54f-11e3-92ab-485b39cb382a

Error: (04/15/2014 08:40:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x52f977fe
Name des fehlerhaften Moduls: d3d9.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4ce7b7b3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x5bb86b34
ID des fehlerhaften Prozesses: 0x1424
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3

Error: (04/13/2014 06:02:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x52f977fe
Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1115
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000113a8
ID des fehlerhaften Prozesses: 0x1e64
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3

Error: (04/06/2014 08:44:24 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: DlProtectSvc.exe, Version: 0.0.0.0, Zeitstempel: 0x529d89c6
Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c92c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000d89e
ID des fehlerhaften Prozesses: 0x744
Startzeit der fehlerhaften Anwendung: 0xDlProtectSvc.exe0
Pfad der fehlerhaften Anwendung: DlProtectSvc.exe1
Pfad des fehlerhaften Moduls: DlProtectSvc.exe2
Berichtskennung: DlProtectSvc.exe3


System errors:
=============
Error: (04/24/2014 10:20:03 PM) (Source: Service Control Manager) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/24/2014 10:19:59 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Apple pcmcia TDPIPE" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/24/2014 08:48:50 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎24.‎04.‎2014 um 20:47:46 unerwartet heruntergefahren.

Error: (04/23/2014 07:44:19 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Apple pcmcia TDPIPE" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/23/2014 07:44:14 PM) (Source: Service Control Manager) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/22/2014 10:48:05 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.

Error: (04/22/2014 06:05:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/22/2014 06:05:15 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "KMService" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/22/2014 06:05:10 PM) (Source: Service Control Manager) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/22/2014 06:05:05 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Apple pcmcia TDPIPE" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (04/25/2014 05:53:01 AM) (Source: Application Error)(User: )
Description: NvBackend.exe10.11.15.052a6776cnvspcap.dll_unloaded0.0.0.052a67618c0000005100077e2a0801cf5fede7c43f6eC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvspcap.dll186b1ee5-cc2d-11e3-942c-485b39cb382a

Error: (04/25/2014 05:52:52 AM) (Source: Application Error)(User: )
Description: NvBackend.exe10.11.15.052a6776cnvspcap.dll_unloaded0.0.0.052a67618c0000005100be510a0801cf5fede7c43f6eC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvspcap.dll12d3005d-cc2d-11e3-942c-485b39cb382a

Error: (04/24/2014 08:49:42 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (04/24/2014 08:49:42 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (04/22/2014 05:40:25 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/22/2014 02:42:24 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Martin\Downloads\SoftonicDownloader_fuer_power-sound-editor.exe

Error: (04/16/2014 00:10:34 PM) (Source: Application Hang)(User: )
Description: Steam.exe2.13.4.491fbc01cf5925a8153326879C:\Users\Martin\Desktop\Spiele\Metro2033\Steam.exe3e9d1993-c54f-11e3-92ab-485b39cb382a

Error: (04/15/2014 08:40:04 PM) (Source: Application Error)(User: )
Description: csgo.exe0.0.0.052f977fed3d9.dll_unloaded0.0.0.04ce7b7b3c00000055bb86b34142401cf58d2d378a555C:\Users\Martin\Desktop\Spiele\Metro2033\steamapps\common\Counter-Strike Global Offensive\csgo.exed3d9.dll5b2862e3-c4cd-11e3-92ab-485b39cb382a

Error: (04/13/2014 06:02:02 PM) (Source: Application Error)(User: )
Description: csgo.exe0.0.0.052f977fekernel32.dll6.1.7601.1822951fb1115c0000005000113a81e6401cf572387fa8703C:\Users\Martin\Desktop\Spiele\Metro2033\steamapps\common\Counter-Strike Global Offensive\csgo.exeC:\Windows\syswow64\kernel32.dllf2c1c46b-c324-11e3-92ab-485b39cb382a

Error: (04/06/2014 08:44:24 PM) (Source: Application Error)(User: )
Description: DlProtectSvc.exe0.0.0.0529d89c6ole32.dll6.1.7601.175144ce7c92cc0000005000000000000d89e74401cf4d30f30eb226C:\Windows\System32\DlProtectSvc.exeC:\Windows\system32\ole32.dll78adfb1f-bdbb-11e3-aa48-485b39cb382a


CodeIntegrity Errors:
===================================
  Date: 2010-08-24 19:23:45.222
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Martin\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-08-24 19:23:45.218
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Martin\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-08-24 19:23:44.789
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-08-24 19:23:44.785
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 55%
Total physical RAM: 3326.18 MB
Available physical RAM: 1479.47 MB
Total Pagefile: 6650.54 MB
Available Pagefile: 3517.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:80.82 GB) NTFS
Drive d: (HP DJ3050A_J611) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A632BB87)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
============================

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-04-2014 01
Ran by Martin (administrator) on LARTINN-PC on 25-04-2014 20:03:35
Running from C:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Windows\DAODx.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Valve Corporation) C:\Users\Martin\Desktop\Spiele\Metro2033\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\javaw.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [TurboV EVO] => C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [9919104 2010-04-07] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760 2014-03-12] (Razer Inc.)
HKLM-x32\...\Runonce: [TURBO_BOOST_SETTING] -  [X]
HKLM-x32\...\runonceex: [] - 
HKU\S-1-5-21-205120009-107262540-2640116156-1000\...\MountPoints2: {002a62d1-afc5-11df-a687-485b39cb382a} - F:\setup.exe
HKU\S-1-5-21-205120009-107262540-2640116156-1000\...\MountPoints2: {497776b3-ee23-11e2-a925-485b39cb382a} - 1
HKU\S-1-5-21-205120009-107262540-2640116156-1000\...\MountPoints2: {497776b4-ee23-11e2-a925-485b39cb382a} - 1
HKU\S-1-5-21-205120009-107262540-2640116156-1000\...\MountPoints2: {92533a2d-6492-11e1-875b-485b39cb382a} - 1
HKU\S-1-5-21-205120009-107262540-2640116156-1000\...\MountPoints2: {a30e7ee7-af0d-11df-a97e-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-21-205120009-107262540-2640116156-1000\...\MountPoints2: {bf0ac322-af09-11df-877f-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-205120009-107262540-2640116156-1000\...\MountPoints2: {e0d7eb90-245f-11e2-9479-485b39cb382a} - G:\pushinst.exe
HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {002a62d1-afc5-11df-a687-485b39cb382a} - F:\setup.exe
HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {497776b3-ee23-11e2-a925-485b39cb382a} - 1
HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {497776b4-ee23-11e2-a925-485b39cb382a} - 1
HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {92533a2d-6492-11e1-875b-485b39cb382a} - 1
HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a30e7ee7-af0d-11df-a97e-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bf0ac322-af09-11df-877f-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e0d7eb90-245f-11e2-9479-485b39cb382a} - G:\pushinst.exe
HKU\S-1-5-21-205120009-107262540-2640116156-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-12] ()
HKU\S-1-5-21-205120009-107262540-2640116156-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Users\Martin\Desktop\Spiele\Metro2033\Steam.exe [1826496 2014-04-22] (Valve Corporation)
HKU\S-1-5-21-205120009-107262540-2640116156-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [UpgradeHelper] => C:\Users\Administrator\AppData\Roaming\vlc\{F9D4713E-ED27-444D-B9A0-304AEC284D25}\UpgradeHelper.exe
HKU\S-1-5-21-205120009-107262540-2640116156-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {002a62d1-afc5-11df-a687-485b39cb382a} - F:\SETUP.EXE
HKU\S-1-5-21-205120009-107262540-2640116156-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a30e7ee7-af0d-11df-a97e-806e6f6e6963} - D:\CTRun\Start.EXE
HKU\S-1-5-21-205120009-107262540-2640116156-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bf0ac322-af09-11df-877f-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA2A121A5A148CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
URLSearchHook: HKCU - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKCU - QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.)
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
SearchScopes: HKLM-x32 - DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM-x32 - Yandex URL = hxxp://yandex.ru/yandsearch?clid=48578&text={searchTerms}
SearchScopes: HKLM-x32 - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - DefaultScope {4DFF49FF-10AA-4058-B6E2-17C512E682A3} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - Moikrug URL = hxxp://moikrug.ru/persons/?clid=48578&charset=utf-8&keywords={searchTerms}&submitted=1
SearchScopes: HKCU - Yandex URL = hxxp://yandex.ru/yandsearch?clid=48578&text={searchTerms}
SearchScopes: HKCU - {4DFF49FF-10AA-4058-B6E2-17C512E682A3} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {C0683A28-5232-428c-A305-CCCB8DCCEF32} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: QipLI Class - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll (TODO: <Company name>)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\8hgco8ec.default
FF user.js: detected! => C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\8hgco8ec.default\user.js
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/vbp;version=0.9.17 - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.17 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.17 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=1.1.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npWebLaunch.dll ( )
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\8hgco8ec.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Battlefield Heroes Updater - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\8hgco8ec.default\Extensions\battlefieldheroespatcher@ea.com [2014-04-14]
FF Extension: TVU Web Player - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\8hgco8ec.default\Extensions\firefox@tvunetworks.com [2010-09-25]
FF Extension: vShare Plugin - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\8hgco8ec.default\Extensions\vshare@toolbar [2010-09-25]
FF Extension: DVDVideoSoft Menu - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\8hgco8ec.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011-06-26]
FF Extension: Adblock Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\8hgco8ec.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-22]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-03-12]
FF HKLM-x32\...\Firefox\Extensions: [{1716C58A-4AA1-42A6-A460-28084167C07C}] - C:\Windows\Installer\{A01AC19F-949C-42CB-97CE-6EF5D517FD1B}\{1716C58A-4AA1-42A6-A460-28084167C07C}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{A01AC19F-949C-42CB-97CE-6EF5D517FD1B}\{1716C58A-4AA1-42A6-A460-28084167C07C}.xpi [2014-04-22]
FF HKCU\...\Firefox\Extensions: [{33044118-6597-4D2F-ABEA-7974BB185379}] - C:\Users\Martin\AppData\Roaming\01001.096
FF Extension: Java Link Helper - C:\Users\Martin\AppData\Roaming\01001.096 [2012-10-30]

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-30]
CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-30]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-30]
CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-30]
CHR Extension: (No Name) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkeieaieohnceanbhdeijclgemgjjkf [2014-03-15]
CHR Extension: (AdBlock) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-30]
CHR Extension: (ProxMate - Improve your Internet!) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-05-30]
CHR Extension: (Download Protect) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idcjijfnpneodhefkkmbjhplpeegjolk [2014-03-18]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
S2 dialer64; C:\Windows\system32\dot3hc64.exe [118784 2014-03-15] ()
S4 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-10-16] (DeviceVM, Inc.)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
S4 KodakSvc; C:\Program Files (x86)\Kodak\printer\center\KodakSvc.exe [18944 2008-02-15] (Eastman Kodak Company)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3819912 2010-06-06] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-04-14] ()
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [99048 2010-08-09] (SANDBOXIE L.T.D)
S4 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1021888 2012-10-10] (Enigma Software Group USA, LLC.)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [741224 2011-08-09] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-09-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-09-02] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 OAfilt; C:\Windows\System32\drivers\OAfilt.sys [23552 2011-07-15] (Creative Technology Ltd.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2013-11-15] (Razer Inc)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [143464 2010-08-09] (SANDBOXIE L.T.D)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-08-24] ()
R3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [77608 2007-05-18] (silex technology, Inc.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2012-09-28] (Creative Technology Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
U3 aj8vws8x; C:\Windows\System32\Drivers\aj8vws8x.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-25 20:03 - 2014-04-25 20:03 - 00000000 ____D () C:\FRST
2014-04-24 15:56 - 2014-04-24 15:56 - 00000845 _____ () C:\Users\Public\Desktop\osu!.lnk
2014-04-24 15:56 - 2014-04-24 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
2014-04-24 15:55 - 2014-04-24 21:06 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-04-22 21:47 - 2014-04-25 19:51 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 21:46 - 2014-04-22 21:46 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-22 21:46 - 2014-04-22 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-22 21:46 - 2014-04-22 21:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-22 21:46 - 2014-04-22 21:46 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-22 21:46 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-22 21:46 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-22 21:46 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-22 17:08 - 2014-04-22 17:13 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Wise Registry Cleaner
2014-04-22 17:08 - 2014-04-22 17:08 - 00001187 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-04-22 17:08 - 2014-04-22 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-04-22 17:08 - 2014-04-22 17:08 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-04-14 05:08 - 2014-04-14 05:14 - 00000000 ____D () C:\Users\Martin\Documents\Battlefield Heroes
2014-04-14 05:07 - 2014-04-14 05:07 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
2014-04-14 05:03 - 2014-04-14 05:03 - 00000000 ____D () C:\Program Files (x86)\EA Games
2014-04-13 19:29 - 2014-04-13 19:30 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-04-13 19:29 - 2014-04-13 19:29 - 00001117 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-04-13 19:29 - 2014-04-13 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-04-09 04:44 - 2014-04-09 04:44 - 00000796 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-04-09 04:44 - 2014-04-09 04:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2014-04-09 04:44 - 2014-04-09 04:44 - 00000000 ____D () C:\Program Files\Speccy
2014-04-09 04:43 - 2014-04-09 04:43 - 04845384 _____ (Piriform Ltd) C:\Users\Martin\Downloads\spsetup125.exe
2014-04-01 12:48 - 2014-04-01 12:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4d97fa53aa51.job
2014-03-30 21:34 - 2014-03-30 21:34 - 00001207 _____ () C:\Users\Martin\Desktop\The Elder Scrolls Online.lnk
2014-03-30 21:34 - 2014-03-30 21:34 - 00000000 ____D () C:\Windows\jre
2014-03-30 21:34 - 2014-03-30 21:34 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
2014-03-30 21:33 - 2014-03-30 21:35 - 00000000 ____D () C:\Program Files (x86)\Zenimax Online
2014-03-30 21:33 - 2014-03-30 21:34 - 00000000 ___HD () C:\Program Files (x86)\Zero G Registry
2014-03-30 21:33 - 2014-03-30 21:33 - 00000000 ___HD () C:\Users\Martin\InstallAnywhere
2014-03-27 18:53 - 2014-03-27 18:53 - 00000234 _____ () C:\Users\Martin\Desktop\PlanetSide 2.url
2014-03-26 15:44 - 2014-04-22 17:53 - 00000306 __RSH () C:\ProgramData\ntuser.pol

==================== One Month Modified Files and Folders =======

2014-04-25 20:03 - 2014-04-25 20:03 - 00000000 ____D () C:\FRST
2014-04-25 19:51 - 2014-04-22 21:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-25 19:48 - 2013-05-30 19:32 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-25 19:38 - 2013-02-07 21:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-25 16:39 - 2010-08-24 01:05 - 01066899 _____ () C:\Windows\WindowsUpdate.log
2014-04-25 16:02 - 2013-08-17 16:21 - 00085363 _____ () C:\Windows\setupact.log
2014-04-25 16:02 - 2010-08-27 17:55 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\TS3Client
2014-04-25 05:53 - 2010-08-24 05:21 - 00000000 ____D () C:\Users\Martin\AppData\Local\CrashDumps
2014-04-24 21:06 - 2014-04-24 15:55 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-04-24 20:58 - 2009-07-14 06:45 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-24 20:58 - 2009-07-14 06:45 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-24 20:55 - 2009-07-14 19:58 - 00702342 _____ () C:\Windows\system32\perfh007.dat
2014-04-24 20:55 - 2009-07-14 19:58 - 00150714 _____ () C:\Windows\system32\perfc007.dat
2014-04-24 20:55 - 2009-07-14 07:13 - 01629180 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-24 20:48 - 2010-08-24 01:36 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-24 20:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-24 15:56 - 2014-04-24 15:56 - 00000845 _____ () C:\Users\Public\Desktop\osu!.lnk
2014-04-24 15:56 - 2014-04-24 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
2014-04-23 03:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-22 22:22 - 2013-08-17 16:21 - 00222542 _____ () C:\Windows\PFRO.log
2014-04-22 22:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2014-04-22 22:19 - 2013-12-17 06:44 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Iminent
2014-04-22 22:19 - 2013-12-17 06:44 - 00000000 ____D () C:\ProgramData\Iminent
2014-04-22 22:19 - 2012-07-13 18:30 - 00000000 ____D () C:\ProgramData\YTD YouTube Downloader & Converter
2014-04-22 22:19 - 2011-06-26 16:41 - 00000000 ____D () C:\ProgramData\YouTube Downloader
2014-04-22 21:46 - 2014-04-22 21:46 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-22 21:46 - 2014-04-22 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-22 21:46 - 2014-04-22 21:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-22 21:46 - 2014-04-22 21:46 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-22 17:53 - 2014-03-26 15:44 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-22 17:41 - 2013-02-07 21:41 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-22 17:41 - 2009-07-14 06:45 - 00444608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-22 17:20 - 2010-08-24 03:52 - 00110512 _____ () C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-22 17:13 - 2014-04-22 17:08 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Wise Registry Cleaner
2014-04-22 17:08 - 2014-04-22 17:08 - 00001187 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2014-04-22 17:08 - 2014-04-22 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-04-22 17:08 - 2014-04-22 17:08 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-04-22 17:01 - 2010-08-24 19:55 - 00000000 ____D () C:\Windows\pss
2014-04-16 05:34 - 2014-03-15 09:23 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\BupSystem
2014-04-14 05:14 - 2014-04-14 05:08 - 00000000 ____D () C:\Users\Martin\Documents\Battlefield Heroes
2014-04-14 05:09 - 2011-05-23 00:11 - 00270240 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-04-14 05:09 - 2011-03-26 23:28 - 00270240 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-04-14 05:07 - 2014-04-14 05:07 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
2014-04-14 05:07 - 2011-03-26 23:28 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-04-14 05:07 - 2011-03-26 23:28 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-04-14 05:03 - 2014-04-14 05:03 - 00000000 ____D () C:\Program Files (x86)\EA Games
2014-04-13 19:46 - 2014-01-15 11:28 - 00000000 ____D () C:\Users\Martin\AppData\Local\Battle.net
2014-04-13 19:30 - 2014-04-13 19:29 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-04-13 19:29 - 2014-04-13 19:29 - 00001117 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-04-13 19:29 - 2014-04-13 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-04-13 19:28 - 2014-01-15 11:27 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-10 16:40 - 2011-10-05 19:04 - 00000000 ____D () C:\Users\Martin\Downloads\Music2
2014-04-10 07:18 - 2013-05-30 19:33 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-09 04:44 - 2014-04-09 04:44 - 00000796 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-04-09 04:44 - 2014-04-09 04:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2014-04-09 04:44 - 2014-04-09 04:44 - 00000000 ____D () C:\Program Files\Speccy
2014-04-09 04:44 - 2010-10-07 09:26 - 00000000 ____D () C:\Users\Administrator
2014-04-09 04:43 - 2014-04-09 04:43 - 04845384 _____ (Piriform Ltd) C:\Users\Martin\Downloads\spsetup125.exe
2014-04-07 20:57 - 2014-02-07 17:51 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Awesomium
2014-04-03 09:51 - 2014-04-22 21:46 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-22 21:46 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-22 21:46 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 12:48 - 2014-04-01 12:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf4d97fa53aa51.job
2014-03-31 09:35 - 2013-08-08 06:00 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-30 22:52 - 2014-02-07 17:47 - 00000000 ____D () C:\Users\Martin\Documents\Elder Scrolls Online
2014-03-30 22:52 - 2014-02-07 17:47 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-03-30 21:35 - 2014-03-30 21:33 - 00000000 ____D () C:\Program Files (x86)\Zenimax Online
2014-03-30 21:34 - 2014-03-30 21:34 - 00001207 _____ () C:\Users\Martin\Desktop\The Elder Scrolls Online.lnk
2014-03-30 21:34 - 2014-03-30 21:34 - 00000000 ____D () C:\Windows\jre
2014-03-30 21:34 - 2014-03-30 21:34 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
2014-03-30 21:34 - 2014-03-30 21:33 - 00000000 ___HD () C:\Program Files (x86)\Zero G Registry
2014-03-30 21:34 - 2010-08-24 01:05 - 00000000 ____D () C:\Users\Martin
2014-03-30 21:33 - 2014-03-30 21:33 - 00000000 ___HD () C:\Users\Martin\InstallAnywhere
2014-03-28 01:02 - 2013-10-18 04:39 - 00089076 _____ () C:\Windows\DirectX.log
2014-03-27 18:56 - 2010-08-24 03:46 - 00000000 ____D () C:\Users\Martin\Desktop\Spiele
2014-03-27 18:53 - 2014-03-27 18:53 - 00000234 _____ () C:\Users\Martin\Desktop\PlanetSide 2.url
2014-03-27 18:53 - 2012-08-04 12:07 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-26 15:44 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

Files to move or delete:
====================
C:\Users\Martin\AppData\Roaming\cache.ini
C:\ProgramData\dlprotect.exe
C:\Users\Martin\jagex_cl_runescape_LIVE.dat
C:\Users\Martin\jagex_cl_runescape_LIVE1.dat
C:\Users\Martin\jagex_runescape_preferences.dat
C:\Users\Martin\jagex_runescape_preferences2.dat
C:\Users\Martin\random.dat


Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\AskSLib.dll
C:\Users\Administrator\AppData\Local\Temp\SHSetup.exe
C:\Users\Martin\AppData\Local\Temp\avgnt.exe
C:\Users\Martin\AppData\Local\Temp\CTPBSeq.exe
C:\Users\Martin\AppData\Local\Temp\ose00000.exe
C:\Users\Martin\AppData\Local\Temp\ose00001.exe
C:\Users\Martin\AppData\Local\Temp\rootsupd.exe
C:\Users\Martin\AppData\Local\Temp\Wise_SETUP.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-23 03:22

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________

Alt 25.04.2014, 22:53   #4
Martin1234
 
Windows 7: Webseiten werden auf Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Werbung umgeleitet.



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 22.04.2014
Scan Time: 22:15:25
Logfile: maleware.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.22.05
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Martin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 294858
Time Elapsed: 27 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
RiskWare.Tool.CK, C:\Windows\KMService.exe, 1812, Delete-on-Reboot, [67f6cc610f6cf93dab3094126e937b85]

Modules: 0
(No malicious items detected)

Registry Keys: 148
Adware.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DlProtectSvc, Quarantined, [6af3111cf18aa59174960d4b45bcae52], 
Adware.Agent, HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{132401a7-2006-4342-b43c-ccf5f02c2b01}, Delete-on-Reboot, [6af3111cf18aa59174960d4b45bcae52], 
PUP.Optional.Iminent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SProtection, Quarantined, [5b027ab3d2a9a98d1eecf60d827fb24e], 
PUP.Optional.ResultsAlpha.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update ResultsAlpha, Quarantined, [0f4e65c8cfacfd39c9ba311da160df21], 
PUP.Optional.ResultsAlpha.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util ResultsAlpha, Quarantined, [5d00be6f55261224552e81cdbd449769], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [62fb71bcc7b4bb7b3463fb5215ed7c84], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [62fb71bcc7b4bb7b3463fb5215ed7c84], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C58D664A-3DBC-4925-AE74-0382007DF113}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C58D664A-3DBC-4925-AE74-0382007DF113}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\IminentWebBooster.ScriptExtender.1, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\IminentWebBooster.ScriptExtender, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.ScriptExtender, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.ScriptExtender.1, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\IminentWebBooster.BrowserHelperObject.1, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\IminentWebBooster.BrowserHelperObject, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.BrowserHelperObject, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.BrowserHelperObject.1, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\INPROCSERVER32, Quarantined, [7ce162cbc1bacc6a677d99b3996937c9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}, Quarantined, [c79633fa8af18aac8a1178d50df50000], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand, Quarantined, [c79633fa8af18aac8a1178d50df50000], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand, Quarantined, [c79633fa8af18aac8a1178d50df50000], 
PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{cbab673a-a480-4050-bd2b-5de24a7a0282}, Quarantined, [6cf17eaf82f978befb13b06ae9199e62], 
PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F631E34D-23D3-4ED2-8942-631B8AAF9EA4}, Quarantined, [6cf17eaf82f978befb13b06ae9199e62], 
PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B01A1DA4-813F-44BD-B544-77E5DA7EB5A8}, Quarantined, [6cf17eaf82f978befb13b06ae9199e62], 
PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B01A1DA4-813F-44BD-B544-77E5DA7EB5A8}, Quarantined, [6cf17eaf82f978befb13b06ae9199e62], 
PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F631E34D-23D3-4ED2-8942-631B8AAF9EA4}, Quarantined, [6cf17eaf82f978befb13b06ae9199e62], 
PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{CBAB673A-A480-4050-BD2B-5DE24A7A0282}, Quarantined, [6cf17eaf82f978befb13b06ae9199e62], 
Trojan.Banker, HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C0F1636E-13A8-4C84-BB11-774BE45E1F83}, Delete-on-Reboot, [b0ad1419cfac70c65ea246db50b236ca], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0af350d9-3916-454b-ac53-0b0b65f41301}, Quarantined, [025b939af08b37ffc0fcdc71b1511fe1], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [e37ab974433889ad49741e2fca38fd03], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [71eca786582393a34b73c98435cd2ad6], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], 
PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ResultsAlpha, Quarantined, [f26b4be25f1c54e2d0b0e9bd729116ea], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, Quarantined, [2736cf5ecdaec274f626f48e4ab84eb2], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\iminent, Quarantined, [97c640ed90ebb38334695d4f5aa9f50b], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Business.Tinyfying.DownloadArgs, Quarantined, [f4692904215a181e0f49ccccbc47847c], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Business.Tinyfying.LinkToPromoteArgs, Quarantined, [213c2904d4a7c4721a3e395f26dd3bc5], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Business.Tinyfying.RawDataArgs, Quarantined, [8ad3d8552259f73fadab03956b986c94], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Business.Tinyfying.TinyUrlArgs, Quarantined, [f568a08dcead9c9a292f9bfdab58b848], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Business.Tinyfying.ViralLinkArgs, Quarantined, [a2bb2eff56250036f1670098739016ea], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.ClientCallback, Quarantined, [233a61cc116a62d43e71bfd5768dea16], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.ContractBase, Quarantined, [1d40ba73cbb0e94d228d0e86bd465fa1], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand, Quarantined, [3627c26b2c4fde58436ce9abfe05a15f], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand, Quarantined, [8ecf37f6cbb0c571f7b8c9cb6f948b75], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand, Quarantined, [6cf183aa691269cdf7b87222bc47d12f], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GameOverCallback, Quarantined, [4815b6771368ef47e7c8cdc70bf85aa6], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetCreditCommand, Quarantined, [84d9a18c49328aac03ac3c58d1329967], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand, Quarantined, [045946e7c6b55cda7c33464e669dca36], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand, Quarantined, [38256fbe5922171fbff08d07a063b749], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult, Quarantined, [104dd8551a610036951a7d1771921be5], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetVariableCommand, Quarantined, [0c5153da6f0c9e98a00ff2a2c1427e82], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetVariableResult, Quarantined, [2f2eda53daa1df57129d6d27ea192ed2], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.InstallationContextResult, Quarantined, [a4b91e0f46351b1be6c924703ac9a65a], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoadContentCommand, Quarantined, [5eff99941f5cb581a50af99b659e946c], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult, Quarantined, [4815f835f784ca6cc5ea3163f90ac23e], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoginCommand, Quarantined, [322b3fee8cef51e548674f453ac9c63a], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback, Quarantined, [74e9a38a76054beb06a9f59f37ccc739], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.LogoutCommand, Quarantined, [dc819499d0abdb5b901fa8ec34cfbb45], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand, Quarantined, [451871bcee8d24124c636232f70c5da3], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.MyAccountCommand, Quarantined, [bda09697f883b680d1dee4b0cf343cc4], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.PlayContentCommand, Quarantined, [bf9efd30daa16cca05aa96fe46bd0af6], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.PostContentCallback, Quarantined, [1a439d906714f04646694b49fc07be42], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand, Quarantined, [67f65ad35427c76fac037a1acd36bb45], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.SetVariableCommand, Quarantined, [3528fa33e09b1c1a614e4d47c1429b65], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand, Quarantined, [312c191445369c9af8b76c2807fc04fc], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand, Quarantined, [88d59f8e057691a59e1103919c67718f], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.TestContentCommand, Quarantined, [9dc0e449116aad8927880c88cb381ce4], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback, Quarantined, [3d2071bc7803c47298172f6540c3cd33], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback, Quarantined, [2c311e0f13684fe7a906286c6d968e72], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.WarmUpCommand, Quarantined, [b8a566c7d1aa8caa3e71742022e14fb1], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.WelcomeCommand, Quarantined, [a0bd56d72c4f96a000af623240c354ac], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.ServerCommand, Quarantined, [96c71e0f3942ad89a40bd8bc9d6655ab], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.ServerResult, Quarantined, [3f1e2b02a6d5eb4bbdf22c68897a4ab6], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.LightContent, Quarantined, [db826cc1abd020168c233460887bd828], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.LightUri, Quarantined, [114c83aa17640531e4cb702449ba27d9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.MediatorServiceProxy, Quarantined, [45189a93e3983303b7f89bf92ad98d73], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\APPID\Iminent.WebBooster.InternetExplorer.DLL, Quarantined, [35288da0f18a1b1b3d1a425e39cad828], 
PUP.Optional.AddPusHD.A, HKLM\SOFTWARE\WOW6432NODE\addplushd, Quarantined, [2e2fd05d08732b0bb2d6146019e97a86], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [bca1230aadceb482809c037fee1417e9], 
PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\WOW6432NODE\ResultsAlpha, Quarantined, [3b22b77694e766d0c9b87036fe05d42c], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iminent, Quarantined, [8cd130fd4b300b2b8a13e8c42dd6de22], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Business.Tinyfying.DownloadArgs, Quarantined, [da83f8352556d462be9a1583bf44ea16], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Business.Tinyfying.LinkToPromoteArgs, Quarantined, [cd90f33a0477fd391543d9bf7390c63a], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Business.Tinyfying.RawDataArgs, Quarantined, [1e3fe8458dee66d0e4740494e71cd927], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Business.Tinyfying.TinyUrlArgs, Quarantined, [0b5238f56e0dc86e094ffe9a5ea527d9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Business.Tinyfying.ViralLinkArgs, Quarantined, [0f4e5cd182f9fd39f563a5f3d62d5ba5], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.ClientCallback, Quarantined, [ce8fe647accf66d0ae01a7edeb18619f], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.ContractBase, Quarantined, [6df0fb327ffcb284d9d6daba53b0ed13], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand, Quarantined, [adb026075d1e37ff4a65deb656adfc04], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand, Quarantined, [6fee3fee295247efd6d9f59f26ddcd33], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand, Quarantined, [5c01a68784f7181e8827ace830d35ca4], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GameOverCallback, Quarantined, [1e3f78b5a4d77abc6f40039150b3a45c], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetCreditCommand, Quarantined, [ed706ebf04775cda119e7f15689b0ef2], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand, Quarantined, [79e4ce5f55260234347b395b2ed5758b], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand, Quarantined, [d18c65c88fec0630a9066331c83b14ec], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult, Quarantined, [f964bb72f4871d19cde2bfd5887b817f], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetVariableCommand, Quarantined, [09546fbe0a71c76f228d0d876f946d93], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetVariableResult, Quarantined, [24397db05a21e452efc0fa9abe45bc44], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.InstallationContextResult, Quarantined, [124b9d90215a86b0931c3a5a6f942cd4], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoadContentCommand, Quarantined, [4a13012c621976c04d62e2b2b25146ba], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult, Quarantined, [035adb52651681b5c9e6d8bce320946c], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoginCommand, Quarantined, [67f62b02e695fb3bf7b8efa5ad56e41c], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback, Quarantined, [2f2eb37a25563ef89a158a0aca3947b9], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.LogoutCommand, Quarantined, [0d5060cdcbb0a591a708326208fbc13f], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand, Quarantined, [ca9389a4205b10265d52623257ac0bf5], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.MyAccountCommand, Quarantined, [b8a5c06d1f5c87af9a1534607f84a65a], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.PlayContentCommand, Quarantined, [1548ad800378de581e91890b56ada55b], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.PostContentCallback, Quarantined, [382557d6d2a956e04b64c5cfee154fb1], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand, Quarantined, [5c019796a3d83df9d3dc247061a20ff1], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.SetVariableCommand, Quarantined, [90cd4de03e3d9f9727885044c1422bd5], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand, Quarantined, [67f6d5587308d36337786d27996a9b65], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand, Quarantined, [0d501c11087339fd6f400d8743c0f709], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.TestContentCommand, Quarantined, [c39a4fde4833ae8809a6692bed16b050], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback, Quarantined, [97c670bdb8c3ab8bebc4316350b356aa], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback, Quarantined, [025ba08d4734fa3c3976bcd8b84bae52], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.WarmUpCommand, Quarantined, [fb625fce3b40bd791897f59f62a1fb05], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.WelcomeCommand, Quarantined, [de7ff8358cefaa8c307f91039d6611ef], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.ServerCommand, Quarantined, [94c934f90f6ccf67fab51f7534cfc53b], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.ServerResult, Quarantined, [322bf637f7840135238c1c78d52e1ae6], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.LightContent, Quarantined, [6eef78b59ddec472713e603446bdff01], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.LightUri, Quarantined, [1e3f4ae31962e650149b108401028b75], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.MediatorServiceProxy, Quarantined, [9ac3d05dfa81c373317e5242768d718f], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\Iminent.WebBooster.InternetExplorer.DLL, Quarantined, [4a13bf6eb9c26cca93c4247ceb188c74], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\19979, Quarantined, [e57871bcfc7fae888dadaec628da8c74], 
PUP.Optional.Umbrella.A, HKLM\SOFTWARE\WOW6432NODE\UMBRELLA, Quarantined, [8ecf29047efddc5ac6295246e61d7f81], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, Delete-on-Reboot, [06572805c8b35bdb21fc651d8181659b], 
PUP.Optional.ResultsAlpha.A, HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ResultsAlpha, Delete-on-Reboot, [b5a8a6877efd6cca9ae802a4d330b44c], 
PUP.Optional.AddPusHD.A, HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\addplushd, Delete-on-Reboot, [3e1f80ad9cdfc175f592baba61a1ed13], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Delete-on-Reboot, [d786c469502b112574755e4d8182946c], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\19979, Delete-on-Reboot, [70ed48e52457e45295a6680c689a06fa], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\hdideo, Delete-on-Reboot, [a9b4e647790220162069d3a1ee14ec14], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-205120009-107262540-2640116156-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Delete-on-Reboot, [c49931fcfe7d3ef83816c1ae12f060a0], 
PUP.Optional.AddPusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110511291116}, Quarantined, [f469d4599fdc70c630e00067b84a3fc1], 
PUP.Optional.AddPusHD.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511291116}, Quarantined, [f469d4599fdc70c630e00067b84a3fc1], 
PUP.Optional.AddPusHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511291116}, Quarantined, [f469d4599fdc70c630e00067b84a3fc1], 
PUP.Optional.AddPusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220522292216}, Quarantined, [f469d4599fdc70c630e00067b84a3fc1], 
PUP.Optional.AddPusHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522292216}, Quarantined, [f469d4599fdc70c630e00067b84a3fc1], 
PUP.Optional.AddPusHD.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\addplushd, Quarantined, [f469d4599fdc70c630e00067b84a3fc1], 

Registry Values: 2
PUP.Optional.Umbrella.A, HKLM\SOFTWARE\WOW6432NODE\UMBRELLA|MUpdBlock, {
   "MASSUPDATE" : {
      "CHROME_MBAR" : {
         "Checked" : 1,
         "RetryIdx" : 0,
         "Version" : 1
      },
      "FIREFOX_MBAR" : {
         "Checked" : 1,
         "RetryIdx" : 0,
         "Version" : 1
      },
      "IEXPLORE_BHO" : {
         "Checked" : 1,
         "RetryIdx" : 0,
         "Version" : 4
      }
   }
}
, Quarantined, [8ecf29047efddc5ac6295246e61d7f81]
PUP.Optional.Iminent.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPROTECTION|ImagePath, C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe, Quarantined, [124b80adf78430060f8e3064fc07c23e]

Registry Data: 0
(No malicious items detected)

Folders: 58
PUP.Optional.Iminent.A, C:\Program Files (x86)\Iminent, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], 
PUP.Optional.Iminent.A, C:\Program Files (x86)\Iminent\de, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], 
PUP.Optional.Iminent.A, C:\Program Files (x86)\Iminent\en, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], 
PUP.Optional.Iminent.A, C:\Program Files (x86)\Iminent\es, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], 
PUP.Optional.Iminent.A, C:\Program Files (x86)\Iminent\fr, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], 
PUP.Optional.Iminent.A, C:\Program Files (x86)\Iminent\inst, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], 
PUP.Optional.Iminent.A, C:\Program Files (x86)\Iminent\inst\Bootstrapper, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], 
PUP.Optional.Iminent.A, C:\Program Files (x86)\Iminent\it, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], 
PUP.Optional.Iminent.A, C:\Program Files (x86)\Iminent\ro, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], 
PUP.Optional.Iminent.A, C:\Program Files (x86)\Iminent\tr, Quarantined, [9dc052dbcdaebb7b217fccc8d033946c], 
PUP.Optional.Iminent.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent, Quarantined, [afae1f0e176441f504f1d0c661a2b749], 
PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha, Quarantined, [f26b4be25f1c54e2d0b0e9bd729116ea], 
PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\bin, Quarantined, [f26b4be25f1c54e2d0b0e9bd729116ea], 
PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator, Quarantined, [66f779b495e69e98bf62c0a0d62c01ff], 
PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator\Datas, Quarantined, [66f779b495e69e98bf62c0a0d62c01ff], 
PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator\Datas\Cache, Quarantined, [66f779b495e69e98bf62c0a0d62c01ff], 
PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com, Quarantined, [66f779b495e69e98bf62c0a0d62c01ff], 
PUP.Optional.Iminent.A, C:\Users\Martin\AppData\Roaming\Iminent\Mediator, Quarantined, [431af934f78434023fe265fb43bfc13f], 
PUP.Optional.Iminent.A, C:\Users\Martin\AppData\Roaming\Iminent\Mediator\Datas, Quarantined, [431af934f78434023fe265fb43bfc13f], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\images, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\jquery, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\lib, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\adapters, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\content, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\content\fx2, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\content\fx2\off, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\content\fx2\on, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\content\images, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\content\images\bhp, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\content\images\emoji, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\content\images\ql, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\games, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\menu_page, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\scripts\minibar\services, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\_locales, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\_locales\de, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\_locales\en, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\_locales\es, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\_locales\fr, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\_locales\it, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\_locales\pt_BR, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.Conduit, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\7.48.1.1_0\_locales\tr, Quarantined, [72eb5fce681385b1b3702240c73bdd23], 
PUP.Optional.AddPusHD.A, C:\Program Files (x86)\addplushd, Quarantined, [f469d4599fdc70c630e00067b84a3fc1], 
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe, Quarantined, [d4891815cdaed56170a122454ab802fe], 
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.20_0, Quarantined, [d4891815cdaed56170a122454ab802fe], 
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.20_0\extensionData, Quarantined, [d4891815cdaed56170a122454ab802fe], 
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.20_0\extensionData\plugins, Quarantined, [d4891815cdaed56170a122454ab802fe], 
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.20_0\extensionData\userCode, Quarantined, [d4891815cdaed56170a122454ab802fe], 
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.20_0\icons, Quarantined, [d4891815cdaed56170a122454ab802fe], 
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.20_0\icons\actions, Quarantined, [d4891815cdaed56170a122454ab802fe], 
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.20_0\js, Quarantined, [d4891815cdaed56170a122454ab802fe], 
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.20_0\js\api, Quarantined, [d4891815cdaed56170a122454ab802fe], 
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.20_0\js\lib, Quarantined, [d4891815cdaed56170a122454ab802fe], 
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaipilfmheplbcghignccoiiebekkdhe\1.26.20_0\js\lib\popupResource, Quarantined, [d4891815cdaed56170a122454ab802fe],
         
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-25 20:33:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC38 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Martin\AppData\Local\Temp\pxdiafow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                                           fffff800035b9000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                                                                                           fffff800035b902f 23 bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text     C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload                                                                                                                                                                            fffff88011f52d8c 12 bytes {MOV RAX, 0xfffffa8003f802a0; JMP RAX}

---- User code sections - GMER 2.1 ----

.text     C:\Users\Martin\Desktop\Spiele\Metro2033\Steam.exe[2696] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                                                             0000000077461465 2 bytes [46, 77]
.text     C:\Users\Martin\Desktop\Spiele\Metro2033\Steam.exe[2696] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                                                            00000000774614bb 2 bytes [46, 77]
.text     ...                                                                                                                                                                                                                          * 2

---- Devices - GMER 2.1 ----

Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                                                                                                                                  fffffa80027a92c0
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                                                                                                                           fffffa80027a92c0
Device    \Driver\atapi \Device\Ide\IdePort1                                                                                                                                                                                           fffffa80027a92c0
Device    \Driver\atapi \Device\Ide\IdePort2                                                                                                                                                                                           fffffa80027a92c0
Device    \Driver\atapi \Device\Ide\IdePort3                                                                                                                                                                                           fffffa80027a92c0
Device    \Driver\aj8vws8x \Device\Scsi\aj8vws8x1                                                                                                                                                                                      fffffa80041812c0
Device    \Driver\aj8vws8x \Device\Scsi\aj8vws8x1Port5Path0Target1Lun0                                                                                                                                                                 fffffa80041812c0
Device    \Driver\aj8vws8x \Device\Scsi\aj8vws8x1Port5Path0Target0Lun0                                                                                                                                                                 fffffa80041812c0
Device    \Driver\aj8vws8x \Device\Scsi\aj8vws8x1Port5Path0Target3Lun0                                                                                                                                                                 fffffa80041812c0
Device    \Driver\aj8vws8x \Device\Scsi\aj8vws8x1Port5Path0Target2Lun0                                                                                                                                                                 fffffa80041812c0
Device    \FileSystem\Ntfs \Ntfs                                                                                                                                                                                                       fffffa80027ad2c0
Device    \Driver\usbohci \Device\USBPDO-5                                                                                                                                                                                             fffffa80040982c0
Device    \Driver\usbehci \Device\USBFDO-3                                                                                                                                                                                             fffffa800409a2c0
Device    \Driver\NetBT \Device\NetBT_Tcpip_{C12C0FE1-CD7B-4E57-9E25-434124CB3406}                                                                                                                                                     fffffa8003d982c0
Device    \Driver\usbehci \Device\USBPDO-1                                                                                                                                                                                             fffffa800409a2c0
Device    \Driver\cdrom \Device\CdRom0                                                                                                                                                                                                 fffffa8003dfb2c0
Device    \Driver\cdrom \Device\CdRom1                                                                                                                                                                                                 fffffa8003dfb2c0
Device    \Driver\cdrom \Device\CdRom2                                                                                                                                                                                                 fffffa8003dfb2c0
Device    \Driver\cdrom \Device\CdRom3                                                                                                                                                                                                 fffffa8003dfb2c0
Device    \Driver\cdrom \Device\CdRom4                                                                                                                                                                                                 fffffa8003dfb2c0
Device    \Driver\usbehci \Device\USBPDO-6                                                                                                                                                                                             fffffa800409a2c0
Device    \Driver\usbohci \Device\USBFDO-4                                                                                                                                                                                             fffffa80040982c0
Device    \Driver\usbohci \Device\USBPDO-2                                                                                                                                                                                             fffffa80040982c0
Device    \Driver\usbohci \Device\USBFDO-0                                                                                                                                                                                             fffffa80040982c0
Device    \Driver\usbohci \Device\USBFDO-5                                                                                                                                                                                             fffffa80040982c0
Device    \Driver\usbehci \Device\USBPDO-3                                                                                                                                                                                             fffffa800409a2c0
Device    \Driver\usbehci \Device\USBFDO-1                                                                                                                                                                                             fffffa800409a2c0
Device    \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                                                                       fffffa80027a52c0
Device    \Driver\volmgr \Device\FtControl                                                                                                                                                                                             fffffa80027a52c0
Device    \Driver\volmgr \Device\VolMgrControl                                                                                                                                                                                         fffffa80027a52c0
Device    \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                                                                       fffffa80027a52c0
Device    \Driver\NetBT \Device\NetBT_Tcpip_{13987129-3E56-4378-A3C8-6CE5BCA1EB34}                                                                                                                                                     fffffa8003d982c0
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                                                                                                      fffffa8003d982c0
Device    \Driver\usbehci \Device\USBFDO-6                                                                                                                                                                                             fffffa800409a2c0
Device    \Driver\NetBT \Device\NetBT_Tcpip_{4DB66B84-5481-4440-81C7-C3EDA3C911B5}                                                                                                                                                     fffffa8003d982c0
Device    \Driver\usbohci \Device\USBPDO-4                                                                                                                                                                                             fffffa80040982c0
Device    \Driver\usbohci \Device\USBFDO-2                                                                                                                                                                                             fffffa80040982c0
Device    \Driver\usbohci \Device\USBPDO-0                                                                                                                                                                                             fffffa80040982c0
Device    \Driver\atapi \Device\ScsiPort1                                                                                                                                                                                              fffffa80027a92c0
Device    \Driver\atapi \Device\ScsiPort2                                                                                                                                                                                              fffffa80027a92c0
Device    \Driver\atapi \Device\ScsiPort3                                                                                                                                                                                              fffffa80027a92c0
Device    \Driver\atapi \Device\ScsiPort4                                                                                                                                                                                              fffffa80027a92c0
Device    \Driver\aj8vws8x \Device\ScsiPort5                                                                                                                                                                                           fffffa80041812c0

---- Trace I/O - GMER 2.1 ----

Trace     ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80027a92c0]<< spye.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys                                                                                   fffffa80027a92c0
Trace     1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80037dd790]                                                                                                                                                              fffffa80037dd790
Trace     3 CLASSPNP.SYS[fffff88001a5743f] -> nt!IofCallDriver -> [0xfffffa8003759560]                                                                                                                                                 fffffa8003759560
Trace     5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800375b680]                                                                                                                        fffffa800375b680
Trace     \Driver\atapi[0xfffffa8002888e70] -> IRP_MJ_CREATE -> 0xfffffa80027a92c0                                                                                                                                                     fffffa80027a92c0

---- Modules - GMER 2.1 ----

Module    \SystemRoot\System32\Drivers\aj8vws8x.SYS                                                                                                                                                                                    fffff88011285000-fffff880112ca000 (282624 bytes)

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\svchost.exe [4776:4860]                                                                                                                                                                                  000007feefa59688
---- Processes - GMER 2.1 ----

Library   C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1740] (Dropbox Shell Extension/Dropbox, Inc.)(2011-02-18 05:12:20)                                           0000000010000000
Library   C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (*** suspicious ***) @ C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe [2244] (Dropbox Shell Extension/Dropbox, Inc.)(2011-02-18 05:12:20)           0000000003890000
Library   C:\Users\Martin\AppData\Roaming\Dropbox\bin\MSVCP71.dll (*** suspicious ***) @ C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe [2244] (Microsoft® C++ Runtime Library/Microsoft Corporation)(2011-02-18 05:12:24)  000000007c3a0000
Library   C:\Users\Martin\AppData\Roaming\Dropbox\bin\MSVCR71.dll (*** suspicious ***) @ C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe [2244] (Microsoft® C Runtime Library/Microsoft Corporation)(2008-03-04 00:34:38)    000000007c340000
Library   C:\ProgramData\Razer\Synapse\Devices\RazerConfigNative.dll (*** suspicious ***) @ C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [3032] (Razer Configurator/Razer Inc.)(2014-03-14 06:33:22)                             0000000054a30000
Library   C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (*** suspicious ***) @ C:\Program Files\Java\jre6\bin\javaw.exe [1428] (Dropbox Shell Extension/Dropbox, Inc.)(2011-02-18 05:12:20)                          0000000010000000
Library   C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (*** suspicious ***) @ C:\Windows\explorer.exe [424] (Dropbox Shell Extension/Dropbox, Inc.)(2011-02-18 05:12:20)                                            0000000010000000
Library   C:\Users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (*** suspicious ***) @ C:\Windows\system32\notepad.exe [6004] (Dropbox Shell Extension/Dropbox, Inc.)(2011-02-18 05:12:20)                                   0000000010000000

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                                                                                                                           771343423
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                                                                                                                           285507792
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                                                                                                                           1
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                                                                             
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                                          C:\Program Files\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                                          0x00 0x00 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                          0
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                                       0xCE 0x89 0xC4 0xDD ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                                                                                    
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                                                 0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                                              0xFD 0x76 0xD4 0x88 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                                                                               
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                                         0x43 0x3A 0x94 0x7E ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                                                                                                                               
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                                                                                                         0x31 0x19 0x10 0x3B ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2                                                                                                                               
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                                                                                                                         0x6B 0x2D 0x37 0x97 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3                                                                                                                               
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12                                                                                                                         0x4D 0xBF 0x4D 0x39 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                                                                         
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                                                              C:\Program Files\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                                                              0x00 0x00 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                                                              0
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                                                           0xCE 0x89 0xC4 0xDD ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                                                                                
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                                                                     0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                                                                  0xFD 0x76 0xD4 0x88 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                                                                           
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                                                                             0x43 0x3A 0x94 0x7E ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)                                                                                                           
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                                                                                                             0x31 0x19 0x10 0x3B ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)                                                                                                           
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                                                                                                                             0x6B 0x2D 0x37 0x97 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)                                                                                                           
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12                                                                                                                             0x4D 0xBF 0x4D 0x39 ...

---- EOF - GMER 2.1 ----
         

Alt 26.04.2014, 15:58   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Webseiten werden auf Werbung umgeleitet. - Standard

Windows 7: Webseiten werden auf Werbung umgeleitet.



Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7: Webseiten werden auf Werbung umgeleitet.
adware.agent, auf werbung umgeleitet, crossrider, komplett löschen, malewarebytes, programme, pup.optional.addpushd.a, pup.optional.browsefox.a, pup.optional.conduit, pup.optional.crossrider.a, pup.optional.iminent, pup.optional.iminent.a, pup.optional.resultsalpha.a, pup.optional.softonic.a, pup.optional.umbrella.a, riskware.tool.ck, spyhunter, spyhunter entfernen, trojan.banker, unerwünschte, webseiten, webseiten werden auf werbung umgeleitet., werbeseite, werbung, windows, windows 7



Ähnliche Themen: Windows 7: Webseiten werden auf Werbung umgeleitet.


  1. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 30.07.2015 (8)
  2. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 08.05.2015 (16)
  3. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 24.04.2015 (31)
  4. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 11.02.2015 (19)
  5. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 23.01.2015 (17)
  6. Windows 8.1: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 13.01.2015 (8)
  7. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 10.01.2015 (10)
  8. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Plagegeister aller Art und deren Bekämpfung - 25.11.2014 (9)
  9. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 11.09.2014 (13)
  10. Windows 8: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 01.08.2014 (5)
  11. Windows 7: Internet Explorer startet automatisch Werbung/ Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 27.07.2014 (7)
  12. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 19.05.2014 (15)
  13. Windows 7: Webseiten werden auf Werbung umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 16.02.2014 (9)
  14. Windows 7: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 07.01.2014 (6)
  15. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Log-Analyse und Auswertung - 30.11.2013 (12)
  16. Windows 7: Webseiten werden auf Werbung umgeleitet.
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (3)
  17. Windows 8: Webseiten werden auf Werbung umgeleitet
    Log-Analyse und Auswertung - 24.08.2013 (5)

Zum Thema Windows 7: Webseiten werden auf Werbung umgeleitet. - Hi, habe das Problem das mein firefox manchmal zuerst eine Werbeseite aufruft und nach jedem neustart adblock von meinem firefox entfernt wird. Das Problem hierfür ist wohl Adware/Crossrider.A.507 den mein - Windows 7: Webseiten werden auf Werbung umgeleitet....
Archiv
Du betrachtest: Windows 7: Webseiten werden auf Werbung umgeleitet. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.