Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mein yahoo email-account verschickt SPAM an meine Kontakte

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.06.2014, 16:10   #1
kebin
 
Mein yahoo email-account verschickt SPAM an meine Kontakte - Standard

Mein yahoo email-account verschickt SPAM an meine Kontakte



Seit gestern wurde ich mehrmals darauf hingewiesen, dass Personen von meiner email-Adresse aus Spam-Nachrichten erhalten haben.
In meinem Gesendet-Ordner sind keine emails zu sehen und es hat sich auch niemand anderes in meinen Account eingeloggt.

Ich habe gestern mein Passwort geändert und meine Kontakte gelöscht, jedoch wurden in der Nacht um 4 Uhr wieder Mails an gelöschte Kontakte verschickt. Jetzt weiß ich nicht mehr weiter, da sich in meinen Kontakten Lehrer und weitere Personen befunden haben. Das wäre sehr unangenehm, wenn diese von ständigen Spam-Mails überhäuft werden würden.

Hier sind die Logs vom FRST-Scan:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2014 01
Ran by kebin (administrator) on KEBIN-PC on 02-06-2014 17:02:21
Running from C:\Users\kebin\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\PnkBstrA.exe
(Realtek) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(SAMSUNG ELECTRONICS) C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9288296 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SMSTray] => C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [132624 2007-12-14] (SAMSUNG ELECTRONICS)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4330432 2014-02-15] (Emsisoft GmbH)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [] => [X]
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [Spotify Web Helper] => C:\Users\kebin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-16] (Spotify Ltd)
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [CPU_Control] => C:\Program Files\CPU-Control\CPU_Control.exe [1034240 2009-01-04] ()
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [DAEMON Tools Lite] => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {7c3722b3-bc8b-11e2-ae42-c93ad4f53fab} - I:\INSTALL.EXE
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {b34471aa-f51d-11e2-9a3c-6c626d8af7c3} - I:\setup.exe
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {d20c0b20-c6a5-11e2-b23d-aad8909b5fad} - I:\INSTALL.EXE
Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

ProxyServer: 95.211.129.32:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D2636C626D8AF7C3&affID=120517&tt=160713_9127&tsp=4945
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373373982
SearchScopes: HKLM - DefaultScope {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = 
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKCU - DefaultScope {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311268&CUI=UN14762058129427503&UM=2
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.enhanced-search.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
SearchScopes: HKCU - {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311268&CUI=UN14762058129427503&UM=2
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll [192512 2004-11-23] (MarkAny Cooperation.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{26A623EB-0DB5-4189-B290-E65C1726041A}: [NameServer]192.169.137.1

FireFox:
========
FF ProfilePath: C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311268&SearchSource=2&CUI=UN38072101937782320&UM=2&q=
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=2.3.0 - C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @esn/npbattlelog,version=2.3.2 - C:\Program Files\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\kebin\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-07-09]
FF Extension: FTdownloader V3.0 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader3@ftdownloader.com.xpi [2013-04-11]
FF Extension: Plus-HD-4.5 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com [2014-04-23]
FF Extension: WhiteSmoke New V6  - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\{da7f5ae1-3be3-43c0-8098-c1d183616e97} [2014-04-16]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3311268&SearchSource=48&CUI=UN29504919652995354&UM=2&UP=SP227CA280-2830-4C9A-BC80-F19CEDB88F74&SSPV=
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (ProxFlow) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2013-11-10]
CHR Extension: (Google Drive) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-09]
CHR Extension: (YouTube) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-09]
CHR Extension: (Google-Suche) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-09]
CHR Extension: (AdBlock) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-09]
CHR Extension: (Google Wallet) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-09]
CHR HKLM\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09]
CHR HKCU\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-05-09] ()
R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-01] (Avira Operations GmbH & Co. KG)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [22184 2013-10-29] (Audials AG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-09] (Avira GmbH)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-03-07] (RapidSolution Software AG)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-02 17:02 - 2014-06-02 17:02 - 00018551 _____ () C:\Users\kebin\Downloads\FRST.txt
2014-06-02 17:01 - 2014-06-02 17:02 - 00000000 ____D () C:\FRST
2014-06-02 17:01 - 2014-06-02 17:01 - 01058304 _____ (Farbar) C:\Users\kebin\Downloads\FRST.exe
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462.zip
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462 (1).zip
2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 16:51 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware
2014-06-02 15:31 - 2014-06-02 15:35 - 232891856 _____ (Emsisoft GmbH ) C:\Users\kebin\Downloads\EmsisoftAntiMalwareSetup.exe
2014-06-02 15:31 - 2014-06-02 15:31 - 00602112 _____ (OldTimer Tools) C:\Users\kebin\Downloads\OTL.exe
2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:00 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:00 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:00 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 17:33 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:33 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:32 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:32 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:32 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:32 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:32 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:32 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:32 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:32 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 17:32 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 17:32 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:32 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:32 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url
2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die
2014-05-11 12:59 - 2014-05-11 12:59 - 00208780 _____ () C:\Users\kebin\Downloads\USAIP (1).pbk
2014-05-11 11:04 - 2014-05-11 11:06 - 42001384 _____ () C:\Users\kebin\Downloads\1.5+MeineKraft+Honeyball.zip
2014-05-11 11:00 - 2014-05-11 11:00 - 00675988 _____ () C:\Users\kebin\Downloads\Minecraft (2).exe
2014-05-09 21:01 - 2014-05-09 21:01 - 03822544 _____ () C:\Users\kebin\Downloads\battlelog-web-plugins_2.3.2_134.exe
2014-05-06 21:48 - 2014-05-15 13:08 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-06-02 17:02 - 2014-06-02 17:02 - 00018551 _____ () C:\Users\kebin\Downloads\FRST.txt
2014-06-02 17:02 - 2014-06-02 17:01 - 00000000 ____D () C:\FRST
2014-06-02 17:02 - 2013-03-08 21:06 - 00000000 ____D () C:\Users\kebin\AppData\Local\Temp
2014-06-02 17:01 - 2014-06-02 17:01 - 01058304 _____ (Farbar) C:\Users\kebin\Downloads\FRST.exe
2014-06-02 16:54 - 2013-07-07 16:59 - 00000000 ____D () C:\Users\kebin\Desktop\SPIELE
2014-06-02 16:51 - 2014-06-02 15:36 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-02 16:42 - 2013-05-14 18:04 - 00000000 ____D () C:\Users\kebin\Documents\My Games
2014-06-02 16:41 - 2013-07-25 14:27 - 00000000 ____D () C:\Program Files\R.G. Mechanics
2014-06-02 16:40 - 2013-07-09 15:55 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 16:39 - 2014-04-27 16:09 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {4ABDC18F-3611-40F6-9256-60C9A1E18F9B}.job
2014-06-02 16:39 - 2013-07-16 16:40 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-06-02 16:39 - 2013-05-14 17:50 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\DVDVideoSoft
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462.zip
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462 (1).zip
2014-06-02 16:29 - 2013-11-13 18:56 - 00000000 ____D () C:\Users\kebin\Documents\W-Seminar
2014-06-02 16:01 - 2013-03-08 21:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware
2014-06-02 15:35 - 2014-06-02 15:31 - 232891856 _____ (Emsisoft GmbH ) C:\Users\kebin\Downloads\EmsisoftAntiMalwareSetup.exe
2014-06-02 15:31 - 2014-06-02 15:31 - 00602112 _____ (OldTimer Tools) C:\Users\kebin\Downloads\OTL.exe
2014-06-02 14:40 - 2013-03-08 21:01 - 01345542 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 14:04 - 2014-01-13 18:33 - 00000000 ____D () C:\Users\kebin\AppData\Local\PMB Files
2014-06-02 14:04 - 2014-01-13 18:33 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-02 13:40 - 2013-07-09 15:55 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 13:12 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 13:12 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 13:05 - 2013-07-07 09:34 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-02 13:04 - 2013-11-02 13:15 - 00028475 _____ () C:\Windows\setupact.log
2014-06-02 13:04 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 20:11 - 2013-12-08 15:31 - 00000000 ____D () C:\Users\kebin\Documents\Deutsch
2014-05-30 19:38 - 2014-01-16 21:45 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\TS3Client
2014-05-29 18:45 - 2013-10-22 18:12 - 00000000 ____D () C:\Users\kebin\Downloads\n01_019
2014-05-23 20:53 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Spotify
2014-05-23 19:08 - 2013-04-09 14:08 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Skype
2014-05-21 16:55 - 2013-07-09 15:55 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-16 22:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 18:46 - 2013-04-07 18:37 - 00000000 ____D () C:\Program Files\Steam
2014-05-15 13:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 13:08 - 2014-05-06 21:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 13:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 22:10 - 2013-08-14 19:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:03 - 2013-07-17 15:37 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 22:03 - 2013-04-11 20:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url
2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die
2014-05-11 12:59 - 2014-05-11 12:59 - 00208780 _____ () C:\Users\kebin\Downloads\USAIP (1).pbk
2014-05-11 12:18 - 2013-04-24 19:41 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\.minecraft
2014-05-11 11:06 - 2014-05-11 11:04 - 42001384 _____ () C:\Users\kebin\Downloads\1.5+MeineKraft+Honeyball.zip
2014-05-11 11:00 - 2014-05-11 11:00 - 00675988 _____ () C:\Users\kebin\Downloads\Minecraft (2).exe
2014-05-10 13:44 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Local\Spotify
2014-05-09 21:03 - 2013-06-30 15:00 - 00290184 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-05-09 21:03 - 2013-06-29 12:59 - 00290184 _____ () C:\Windows\system32\PnkBstrB.exe
2014-05-09 21:03 - 2013-06-29 12:59 - 00139032 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-05-09 21:02 - 2013-06-29 12:59 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-05-09 21:01 - 2014-05-09 21:01 - 03822544 _____ () C:\Users\kebin\Downloads\battlelog-web-plugins_2.3.2_134.exe
2014-05-09 21:01 - 2013-06-30 14:59 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-05-09 19:40 - 2013-06-29 12:59 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\ProgramData\Origin
2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\Program Files\Origin
2014-05-09 09:06 - 2014-05-14 17:33 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 17:33 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 16:38 - 2014-05-02 12:51 - 00000000 ____D () C:\Users\kebin\Documents\Sozialkunde
2014-05-08 13:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 17:35 - 2013-10-17 19:57 - 00000000 ____D () C:\Users\kebin\AppData\Local\Windows Live
2014-05-06 05:25 - 2014-05-14 22:00 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-14 22:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-14 22:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

Files to move or delete:
====================
C:\Users\kebin\AppData\Roaming\Camdata.ini
C:\Users\kebin\AppData\Roaming\CamLayout.ini
C:\Users\kebin\AppData\Roaming\CamShapes.ini


Some content of TEMP:
====================
C:\Users\Gast.kebin-PC\AppData\Local\Temp\avgnt.exe
C:\Users\kebin\AppData\Local\Temp\avgnt.exe
C:\Users\kebin\AppData\Local\Temp\i4jdel0.exe
C:\Users\kebin\AppData\Local\Temp\javagiac0.5293851001103334.dll
C:\Users\kebin\AppData\Local\Temp\nsk196A.exe
C:\Users\kebin\AppData\Local\Temp\nsk1F36.exe
C:\Users\kebin\AppData\Local\Temp\nskE4B0.exe
C:\Users\kebin\AppData\Local\Temp\nspE210.exe
C:\Users\kebin\AppData\Local\Temp\nstBEE7.exe
C:\Users\kebin\AppData\Local\Temp\nsu1C67.exe
C:\Users\kebin\AppData\Local\Temp\nszDF41.exe
C:\Users\kebin\AppData\Local\Temp\SIInvoker.exe
C:\Users\kebin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\kebin\AppData\Local\Temp\sonarinst.exe
C:\Users\kebin\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\kebin\AppData\Local\Temp\v-bates.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-01 22:11

==================== End Of Log ============================
         

--------------

Addition.txt

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-06-2014 01
Ran by kebin (administrator) on KEBIN-PC on 02-06-2014 17:02:21
Running from C:\Users\kebin\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\PnkBstrA.exe
(Realtek) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(SAMSUNG ELECTRONICS) C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9288296 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SMSTray] => C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [132624 2007-12-14] (SAMSUNG ELECTRONICS)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4330432 2014-02-15] (Emsisoft GmbH)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [] => [X]
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [Spotify Web Helper] => C:\Users\kebin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-16] (Spotify Ltd)
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [CPU_Control] => C:\Program Files\CPU-Control\CPU_Control.exe [1034240 2009-01-04] ()
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [DAEMON Tools Lite] => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {7c3722b3-bc8b-11e2-ae42-c93ad4f53fab} - I:\INSTALL.EXE
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {b34471aa-f51d-11e2-9a3c-6c626d8af7c3} - I:\setup.exe
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {d20c0b20-c6a5-11e2-b23d-aad8909b5fad} - I:\INSTALL.EXE
Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

ProxyServer: 95.211.129.32:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D2636C626D8AF7C3&affID=120517&tt=160713_9127&tsp=4945
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373373982
SearchScopes: HKLM - DefaultScope {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = 
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKCU - DefaultScope {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311268&CUI=UN14762058129427503&UM=2
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.enhanced-search.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
SearchScopes: HKCU - {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311268&CUI=UN14762058129427503&UM=2
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll [192512 2004-11-23] (MarkAny Cooperation.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{26A623EB-0DB5-4189-B290-E65C1726041A}: [NameServer]192.169.137.1

FireFox:
========
FF ProfilePath: C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311268&SearchSource=2&CUI=UN38072101937782320&UM=2&q=
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=2.3.0 - C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @esn/npbattlelog,version=2.3.2 - C:\Program Files\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\kebin\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-07-09]
FF Extension: FTdownloader V3.0 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader3@ftdownloader.com.xpi [2013-04-11]
FF Extension: Plus-HD-4.5 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com [2014-04-23]
FF Extension: WhiteSmoke New V6  - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\{da7f5ae1-3be3-43c0-8098-c1d183616e97} [2014-04-16]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3311268&SearchSource=48&CUI=UN29504919652995354&UM=2&UP=SP227CA280-2830-4C9A-BC80-F19CEDB88F74&SSPV=
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (ProxFlow) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2013-11-10]
CHR Extension: (Google Drive) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-09]
CHR Extension: (YouTube) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-09]
CHR Extension: (Google-Suche) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-09]
CHR Extension: (AdBlock) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-09]
CHR Extension: (Google Wallet) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-09]
CHR HKLM\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09]
CHR HKCU\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-05-09] ()
R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-01] (Avira Operations GmbH & Co. KG)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [22184 2013-10-29] (Audials AG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-09] (Avira GmbH)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-03-07] (RapidSolution Software AG)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-02 17:02 - 2014-06-02 17:02 - 00018551 _____ () C:\Users\kebin\Downloads\FRST.txt
2014-06-02 17:01 - 2014-06-02 17:02 - 00000000 ____D () C:\FRST
2014-06-02 17:01 - 2014-06-02 17:01 - 01058304 _____ (Farbar) C:\Users\kebin\Downloads\FRST.exe
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462.zip
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462 (1).zip
2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 16:51 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware
2014-06-02 15:31 - 2014-06-02 15:35 - 232891856 _____ (Emsisoft GmbH ) C:\Users\kebin\Downloads\EmsisoftAntiMalwareSetup.exe
2014-06-02 15:31 - 2014-06-02 15:31 - 00602112 _____ (OldTimer Tools) C:\Users\kebin\Downloads\OTL.exe
2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:00 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:00 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:00 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 17:33 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:33 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:32 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:32 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:32 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:32 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:32 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:32 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:32 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:32 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 17:32 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 17:32 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:32 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:32 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url
2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die
2014-05-11 12:59 - 2014-05-11 12:59 - 00208780 _____ () C:\Users\kebin\Downloads\USAIP (1).pbk
2014-05-11 11:04 - 2014-05-11 11:06 - 42001384 _____ () C:\Users\kebin\Downloads\1.5+MeineKraft+Honeyball.zip
2014-05-11 11:00 - 2014-05-11 11:00 - 00675988 _____ () C:\Users\kebin\Downloads\Minecraft (2).exe
2014-05-09 21:01 - 2014-05-09 21:01 - 03822544 _____ () C:\Users\kebin\Downloads\battlelog-web-plugins_2.3.2_134.exe
2014-05-06 21:48 - 2014-05-15 13:08 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-06-02 17:02 - 2014-06-02 17:02 - 00018551 _____ () C:\Users\kebin\Downloads\FRST.txt
2014-06-02 17:02 - 2014-06-02 17:01 - 00000000 ____D () C:\FRST
2014-06-02 17:02 - 2013-03-08 21:06 - 00000000 ____D () C:\Users\kebin\AppData\Local\Temp
2014-06-02 17:01 - 2014-06-02 17:01 - 01058304 _____ (Farbar) C:\Users\kebin\Downloads\FRST.exe
2014-06-02 16:54 - 2013-07-07 16:59 - 00000000 ____D () C:\Users\kebin\Desktop\SPIELE
2014-06-02 16:51 - 2014-06-02 15:36 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-02 16:42 - 2013-05-14 18:04 - 00000000 ____D () C:\Users\kebin\Documents\My Games
2014-06-02 16:41 - 2013-07-25 14:27 - 00000000 ____D () C:\Program Files\R.G. Mechanics
2014-06-02 16:40 - 2013-07-09 15:55 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 16:39 - 2014-04-27 16:09 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {4ABDC18F-3611-40F6-9256-60C9A1E18F9B}.job
2014-06-02 16:39 - 2013-07-16 16:40 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-06-02 16:39 - 2013-05-14 17:50 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\DVDVideoSoft
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462.zip
2014-06-02 16:30 - 2014-06-02 16:30 - 00429673 _____ () C:\Users\kebin\Downloads\Anhänge_201462 (1).zip
2014-06-02 16:29 - 2013-11-13 18:56 - 00000000 ____D () C:\Users\kebin\Documents\W-Seminar
2014-06-02 16:01 - 2013-03-08 21:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware
2014-06-02 15:35 - 2014-06-02 15:31 - 232891856 _____ (Emsisoft GmbH ) C:\Users\kebin\Downloads\EmsisoftAntiMalwareSetup.exe
2014-06-02 15:31 - 2014-06-02 15:31 - 00602112 _____ (OldTimer Tools) C:\Users\kebin\Downloads\OTL.exe
2014-06-02 14:40 - 2013-03-08 21:01 - 01345542 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 14:04 - 2014-01-13 18:33 - 00000000 ____D () C:\Users\kebin\AppData\Local\PMB Files
2014-06-02 14:04 - 2014-01-13 18:33 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-02 13:40 - 2013-07-09 15:55 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 13:12 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 13:12 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 13:05 - 2013-07-07 09:34 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-02 13:04 - 2013-11-02 13:15 - 00028475 _____ () C:\Windows\setupact.log
2014-06-02 13:04 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 20:11 - 2013-12-08 15:31 - 00000000 ____D () C:\Users\kebin\Documents\Deutsch
2014-05-30 19:38 - 2014-01-16 21:45 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\TS3Client
2014-05-29 18:45 - 2013-10-22 18:12 - 00000000 ____D () C:\Users\kebin\Downloads\n01_019
2014-05-23 20:53 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Spotify
2014-05-23 19:08 - 2013-04-09 14:08 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Skype
2014-05-21 16:55 - 2013-07-09 15:55 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-16 22:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 18:46 - 2013-04-07 18:37 - 00000000 ____D () C:\Program Files\Steam
2014-05-15 13:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 13:08 - 2014-05-06 21:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 13:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 22:10 - 2013-08-14 19:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:03 - 2013-07-17 15:37 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 22:03 - 2013-04-11 20:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url
2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die
2014-05-11 12:59 - 2014-05-11 12:59 - 00208780 _____ () C:\Users\kebin\Downloads\USAIP (1).pbk
2014-05-11 12:18 - 2013-04-24 19:41 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\.minecraft
2014-05-11 11:06 - 2014-05-11 11:04 - 42001384 _____ () C:\Users\kebin\Downloads\1.5+MeineKraft+Honeyball.zip
2014-05-11 11:00 - 2014-05-11 11:00 - 00675988 _____ () C:\Users\kebin\Downloads\Minecraft (2).exe
2014-05-10 13:44 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Local\Spotify
2014-05-09 21:03 - 2013-06-30 15:00 - 00290184 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-05-09 21:03 - 2013-06-29 12:59 - 00290184 _____ () C:\Windows\system32\PnkBstrB.exe
2014-05-09 21:03 - 2013-06-29 12:59 - 00139032 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-05-09 21:02 - 2013-06-29 12:59 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-05-09 21:01 - 2014-05-09 21:01 - 03822544 _____ () C:\Users\kebin\Downloads\battlelog-web-plugins_2.3.2_134.exe
2014-05-09 21:01 - 2013-06-30 14:59 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-05-09 19:40 - 2013-06-29 12:59 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\ProgramData\Origin
2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\Program Files\Origin
2014-05-09 09:06 - 2014-05-14 17:33 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 17:33 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 16:38 - 2014-05-02 12:51 - 00000000 ____D () C:\Users\kebin\Documents\Sozialkunde
2014-05-08 13:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 17:35 - 2013-10-17 19:57 - 00000000 ____D () C:\Users\kebin\AppData\Local\Windows Live
2014-05-06 05:25 - 2014-05-14 22:00 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-14 22:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-14 22:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

Files to move or delete:
====================
C:\Users\kebin\AppData\Roaming\Camdata.ini
C:\Users\kebin\AppData\Roaming\CamLayout.ini
C:\Users\kebin\AppData\Roaming\CamShapes.ini


Some content of TEMP:
====================
C:\Users\Gast.kebin-PC\AppData\Local\Temp\avgnt.exe
C:\Users\kebin\AppData\Local\Temp\avgnt.exe
C:\Users\kebin\AppData\Local\Temp\i4jdel0.exe
C:\Users\kebin\AppData\Local\Temp\javagiac0.5293851001103334.dll
C:\Users\kebin\AppData\Local\Temp\nsk196A.exe
C:\Users\kebin\AppData\Local\Temp\nsk1F36.exe
C:\Users\kebin\AppData\Local\Temp\nskE4B0.exe
C:\Users\kebin\AppData\Local\Temp\nspE210.exe
C:\Users\kebin\AppData\Local\Temp\nstBEE7.exe
C:\Users\kebin\AppData\Local\Temp\nsu1C67.exe
C:\Users\kebin\AppData\Local\Temp\nszDF41.exe
C:\Users\kebin\AppData\Local\Temp\SIInvoker.exe
C:\Users\kebin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\kebin\AppData\Local\Temp\sonarinst.exe
C:\Users\kebin\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\kebin\AppData\Local\Temp\v-bates.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-01 22:11

==================== End Of Log ============================
         

Alt 02.06.2014, 18:17   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Mein yahoo email-account verschickt SPAM an meine Kontakte - Standard

Mein yahoo email-account verschickt SPAM an meine Kontakte



hi,

Zitat:
ProxyServer: 95.211.129.32:3128
Der Proxy ist mit Absicht drin?

Additio.txt fehlt noch.
__________________

__________________

Alt 02.06.2014, 20:03   #3
kebin
 
Mein yahoo email-account verschickt SPAM an meine Kontakte - Standard

Mein yahoo email-account verschickt SPAM an meine Kontakte



Hab gar nicht mehr gewusst, dass ich einen Proxy drin habe, habe ihn jetzt mal entfernt.

Tut mir leid, anscheinend zweimal die FRST.txt kopiert.

Nochmal die FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014
Ran by kebin (administrator) on KEBIN-PC on 02-06-2014 21:16:47
Running from C:\Users\kebin\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\PnkBstrA.exe
(Realtek) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(SAMSUNG ELECTRONICS) C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9288296 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SMSTray] => C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [132624 2007-12-14] (SAMSUNG ELECTRONICS)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4330432 2014-02-15] (Emsisoft GmbH)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [] => [X]
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [Spotify Web Helper] => C:\Users\kebin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-16] (Spotify Ltd)
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [CPU_Control] => C:\Program Files\CPU-Control\CPU_Control.exe [1034240 2009-01-04] ()
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [DAEMON Tools Lite] => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {7c3722b3-bc8b-11e2-ae42-c93ad4f53fab} - I:\INSTALL.EXE
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {b34471aa-f51d-11e2-9a3c-6c626d8af7c3} - I:\setup.exe
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {d20c0b20-c6a5-11e2-b23d-aad8909b5fad} - I:\INSTALL.EXE
Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D2636C626D8AF7C3&affID=120517&tt=160713_9127&tsp=4945
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373373982
SearchScopes: HKLM - DefaultScope {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = 
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKCU - DefaultScope {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311268&CUI=UN14762058129427503&UM=2
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.enhanced-search.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
SearchScopes: HKCU - {6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311268&CUI=UN14762058129427503&UM=2
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll [192512 2004-11-23] (MarkAny Cooperation.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{26A623EB-0DB5-4189-B290-E65C1726041A}: [NameServer]192.169.137.1

FireFox:
========
FF ProfilePath: C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311268&SearchSource=2&CUI=UN38072101937782320&UM=2&q=
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=2.3.0 - C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @esn/npbattlelog,version=2.3.2 - C:\Program Files\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\kebin\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-07-09]
FF Extension: FTdownloader V3.0 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader3@ftdownloader.com.xpi [2013-04-11]
FF Extension: Plus-HD-4.5 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com [2014-04-23]
FF Extension: WhiteSmoke New V6  - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\{da7f5ae1-3be3-43c0-8098-c1d183616e97} [2014-04-16]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3311268&SearchSource=48&CUI=UN29504919652995354&UM=2&UP=SP227CA280-2830-4C9A-BC80-F19CEDB88F74&SSPV=
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Drive) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-09]
CHR Extension: (YouTube) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-09]
CHR Extension: (Google-Suche) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-09]
CHR Extension: (Google Wallet) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-09]
CHR HKLM\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09]
CHR HKCU\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-05-09] ()
R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-01] (Avira Operations GmbH & Co. KG)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [22184 2013-10-29] (Audials AG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-09] (Avira GmbH)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-03-07] (RapidSolution Software AG)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-02 21:16 - 2014-06-02 21:16 - 00017926 _____ () C:\Users\kebin\Desktop\FRST.txt
2014-06-02 20:58 - 2014-06-02 20:58 - 00000000 ____D () C:\Users\kebin\Desktop\FRST-OlderVersion
2014-06-02 17:01 - 2014-06-02 21:16 - 00000000 ____D () C:\FRST
2014-06-02 17:01 - 2014-06-02 20:58 - 01059840 _____ (Farbar) C:\Users\kebin\Desktop\FRST.exe
2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 21:01 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware
2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:00 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:00 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:00 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 17:33 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:33 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:32 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:32 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:32 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:32 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:32 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:32 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:32 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:32 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 17:32 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 17:32 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:32 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:32 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url
2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die
2014-05-06 21:48 - 2014-05-15 13:08 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-06-02 21:16 - 2014-06-02 21:16 - 00017926 _____ () C:\Users\kebin\Desktop\FRST.txt
2014-06-02 21:16 - 2014-06-02 17:01 - 00000000 ____D () C:\FRST
2014-06-02 21:16 - 2013-03-08 21:06 - 00000000 ____D () C:\Users\kebin\AppData\Local\Temp
2014-06-02 21:09 - 2014-04-27 16:09 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {4ABDC18F-3611-40F6-9256-60C9A1E18F9B}.job
2014-06-02 21:06 - 2013-03-19 16:19 - 00000000 ____D () C:\Program Files\Atari
2014-06-02 21:01 - 2014-06-02 15:36 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-02 20:58 - 2014-06-02 20:58 - 00000000 ____D () C:\Users\kebin\Desktop\FRST-OlderVersion
2014-06-02 20:58 - 2014-06-02 17:01 - 01059840 _____ (Farbar) C:\Users\kebin\Desktop\FRST.exe
2014-06-02 20:55 - 2013-03-08 21:01 - 01345910 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 20:54 - 2013-07-09 15:55 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 17:35 - 2013-10-04 12:41 - 00000000 ____D () C:\Program Files\Plus-HD-4.5
2014-06-02 16:54 - 2013-07-07 16:59 - 00000000 ____D () C:\Users\kebin\Desktop\SPIELE
2014-06-02 16:42 - 2013-05-14 18:04 - 00000000 ____D () C:\Users\kebin\Documents\My Games
2014-06-02 16:41 - 2013-07-25 14:27 - 00000000 ____D () C:\Program Files\R.G. Mechanics
2014-06-02 16:39 - 2013-07-16 16:40 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-06-02 16:39 - 2013-05-14 17:50 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\DVDVideoSoft
2014-06-02 16:29 - 2013-11-13 18:56 - 00000000 ____D () C:\Users\kebin\Documents\W-Seminar
2014-06-02 16:01 - 2013-03-08 21:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware
2014-06-02 14:04 - 2014-01-13 18:33 - 00000000 ____D () C:\Users\kebin\AppData\Local\PMB Files
2014-06-02 14:04 - 2014-01-13 18:33 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-02 13:40 - 2013-07-09 15:55 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 13:12 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 13:12 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 13:05 - 2013-07-07 09:34 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-02 13:04 - 2013-11-02 13:15 - 00028475 _____ () C:\Windows\setupact.log
2014-06-02 13:04 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 20:11 - 2013-12-08 15:31 - 00000000 ____D () C:\Users\kebin\Documents\Deutsch
2014-05-30 19:38 - 2014-01-16 21:45 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\TS3Client
2014-05-23 20:53 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Spotify
2014-05-23 19:08 - 2013-04-09 14:08 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Skype
2014-05-21 16:55 - 2013-07-09 15:55 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-16 22:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 18:46 - 2013-04-07 18:37 - 00000000 ____D () C:\Program Files\Steam
2014-05-15 13:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 13:08 - 2014-05-06 21:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 13:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 22:10 - 2013-08-14 19:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:03 - 2013-07-17 15:37 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 22:03 - 2013-04-11 20:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url
2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die
2014-05-11 12:18 - 2013-04-24 19:41 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\.minecraft
2014-05-10 13:44 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Local\Spotify
2014-05-09 21:03 - 2013-06-30 15:00 - 00290184 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-05-09 21:03 - 2013-06-29 12:59 - 00290184 _____ () C:\Windows\system32\PnkBstrB.exe
2014-05-09 21:03 - 2013-06-29 12:59 - 00139032 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-05-09 21:02 - 2013-06-29 12:59 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-05-09 21:01 - 2013-06-30 14:59 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-05-09 19:40 - 2013-06-29 12:59 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\ProgramData\Origin
2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\Program Files\Origin
2014-05-09 09:06 - 2014-05-14 17:33 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 17:33 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 16:38 - 2014-05-02 12:51 - 00000000 ____D () C:\Users\kebin\Documents\Sozialkunde
2014-05-08 13:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 17:35 - 2013-10-17 19:57 - 00000000 ____D () C:\Users\kebin\AppData\Local\Windows Live
2014-05-06 05:25 - 2014-05-14 22:00 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-14 22:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-14 22:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

Files to move or delete:
====================
C:\Users\kebin\AppData\Roaming\Camdata.ini
C:\Users\kebin\AppData\Roaming\CamLayout.ini
C:\Users\kebin\AppData\Roaming\CamShapes.ini


Some content of TEMP:
====================
C:\Users\Gast.kebin-PC\AppData\Local\Temp\avgnt.exe
C:\Users\kebin\AppData\Local\Temp\avgnt.exe
C:\Users\kebin\AppData\Local\Temp\i4jdel0.exe
C:\Users\kebin\AppData\Local\Temp\javagiac0.5293851001103334.dll
C:\Users\kebin\AppData\Local\Temp\nsk196A.exe
C:\Users\kebin\AppData\Local\Temp\nsk1F36.exe
C:\Users\kebin\AppData\Local\Temp\nskE4B0.exe
C:\Users\kebin\AppData\Local\Temp\nspE210.exe
C:\Users\kebin\AppData\Local\Temp\nstBEE7.exe
C:\Users\kebin\AppData\Local\Temp\nsu1C67.exe
C:\Users\kebin\AppData\Local\Temp\nszDF41.exe
C:\Users\kebin\AppData\Local\Temp\SIInvoker.exe
C:\Users\kebin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\kebin\AppData\Local\Temp\sonarinst.exe
C:\Users\kebin\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\kebin\AppData\Local\Temp\v-bates.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-01 22:11

==================== End Of Log ============================
         
--- --- ---


-----------------------------------

Und hier ist jetzt die Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-06-2014
Ran by kebin at 2014-06-02 21:17:08
Running from C:\Users\kebin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

==================== Installed Programs ======================

*tmx englisch (HKLM\...\{89286F5B-4B78-41DE-9982-B7AD010DE01B}) (Version: 5.00.0000 - *tmx communications)
7 Days to Die (HKLM\...\Steam App 251570) (Version:  - The Fun Pimps)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.6.602.171 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Advanced Archive Password Recovery (HKLM\...\{01011662-76A8-41E8-B1A8-4F8821570AC5}) (Version: 4.54.48.1338 - Elcomsoft Co. Ltd.)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - )
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{FF6A8312-0A62-3AC0-A49F-9CB7390AE5EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2203 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
Application Profiles (HKLM\...\{63059735-CA97-FDFB-0E7A-3B8D81572EFD}) (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Assassin’s Creed® III (HKLM\...\Steam App 208480) (Version:  - Ubisoft Montreal)
Audials (HKLM\...\{D37248E4-6C59-4F21-ACBF-E58FAD54F9DB}) (Version: 11.0.39402.200 - Audials AG)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BlueJ (HKLM\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.0 - BlueJ Team)
BPM Counter 1.6.0.0 (HKLM\...\BPM Counter_is1) (Version: 1.6.0.0 - AbyssMedia.com)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM\...\Steam App 10190) (Version:  - Infinity Ward)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CPU-Control (HKLM\...\CPU-Control_is1) (Version:  - Koma-Code)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dart2010 2.0.1 (HKLM\...\Dart2010) (Version: 2.0.1 - Klaus Sobieray)
DartPro 2.9.0.0 (HKLM\...\DartPro_is1) (Version:  - RuSyS)
DiRT 2 (HKLM\...\Steam App 12840) (Version:  - Codemasters Racing Studio)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKCU\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
Emsisoft Anti-Malware (HKLM\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
ESN Sonar (HKLM\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GeoGebra 4.2 (HKLM\...\GeoGebra 4.2) (Version: 4.2.57.0 - International GeoGebra Institute)
GeoGebra 5.0 (HKLM\...\GeoGebra 5.0) (Version: 4.9.248.0 - International GeoGebra Institute)
GIANTS Editor 5.0.1 (HKLM\...\giants_editor_5.0.1_is1) (Version: 5.0.1 - GIANTS Software GmbH)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HP Officejet 6100 - Grundlegende Software für das Gerät (HKLM\...\{28FE6C88-97EC-4FC5-8FF3-70E800F5C33E}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Officejet 6100 Hilfe (HKLM\...\{2033DC31-6C96-4E5B-BF51-6BFFDB3E6564}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
IL Shared Libraries (HKLM\...\IL Shared Libraries) (Version:  - Image-Line)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 21 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Kinovea (HKLM\...\Kinovea) (Version: 0.8.15 - Kinovea)
K-Lite Codec Pack 10.2.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
Lame ACM MP3 Codec (HKLM\...\Lame MP3 Codec (for the ACM)) (Version:  - )
Landwirtschafts Simulator 2011 (HKLM\...\FarmingSimulator2011DE_is1) (Version: 1.0 - GIANTS Software)
Langenscheidt Vokabeltrainer 6.0 Demoversion (HKLM\...\{B2F9A670-BA19-4B2C-8CB9-97801C488C02}) (Version: 6.0.16 - Langenscheidt)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Magic The Gathering - Duels of the Planeswalkers 2013 (HKLM\...\Magic The Gathering - Duels of the Planeswalkers 2013_is1) (Version:  - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word 2007 (HKLM\...\WORD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (HKLM\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)
Nokia Suite (Version: 3.7.22.0 - Nokia) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 18.0.1284.63 (HKLM\...\Opera 18.0.1284.63) (Version: 18.0.1284.63 - Opera Software ASA)
Origin (HKLM\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41417}) (Version: 3.61.0 - dotPDN LLC)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PC Connectivity Solution (HKLM\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PokerTH (HKLM\...\PokerTH 1.0.1) (Version: 1.0.1 - www.pokerth.net)
PokerTH (HKLM\...\PokerTH 1.1) (Version: 1.1 - www.pokerth.net)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Rapture3D 2.3.26 Game (HKLM\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}) (Version: 1.00.0129 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
RollerCoaster Tycoon 3 (HKLM\...\RollerCoaster Tycoon 3_is1) (Version:  - Atari)
Samsung Media Studio (HKLM\...\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}) (Version: 5 - Samsung)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.8.0 - SAMSUNG Electronics Co., Ltd.)
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Lord of the Rings: War in the North (HKLM\...\Steam App 32800) (Version:  - Snowblind Studios)
TmNationsForever (HKLM\...\TmNationsForever_is1) (Version:  - Nadeo)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_WORD_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_WORD_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_WORD_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Uplay (HKLM\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XviD MPEG-4 Video Codec (HKLM\...\XviD_is1) (Version: XviD-1.0.3-20122004 - XviD Team (Koepi))

==================== Restore Points  =========================

14-05-2014 19:58:52 Windows Update
24-05-2014 17:02:01 Geplanter Prüfpunkt
01-06-2014 20:18:34 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02D9C747-3DE4-4EA9-B314-9D7507BF3C85} - System32\Tasks\{29138DB8-65F5-41A1-AD3D-D24659EE651F} => C:\Program Files\DDS Converter 2\DDS Converter 2.exe
Task: {11428800-BABD-4EC0-8DF7-F9B0014941F9} - System32\Tasks\Dealply => C:\Users\kebin\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {82AEEE4E-A795-4597-BD04-EABC0A8FF318} - System32\Tasks\EPUpdater => C:\Users\kebin\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: {9B9DEAEB-AD03-4D29-A527-F088816D3486} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-24] (Piriform Ltd)
Task: {ACDACEA7-2EE0-4613-8F30-114192EB9520} - \Express FilesUpdate No Task File <==== ATTENTION
Task: {BFFA05F7-DD6B-4BF9-8A71-6456135F7285} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-09] (Google Inc.)
Task: {CA556849-99B3-49F1-A0AC-42D0BA1DC656} - System32\Tasks\FF Watcher {4ABDC18F-3611-40F6-9256-60C9A1E18F9B} => C:\Program Files\V-bates\PrefHelper.exe
Task: {D06FACCC-0160-487B-B897-151B08EF4CEC} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files\Desk 365\desk365.exe <==== ATTENTION
Task: {F0616216-E5D1-48B5-B0EE-CC3753EBEA07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-09] (Google Inc.)
Task: C:\Windows\Tasks\Dealply.job => C:\Users\kebin\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\FF Watcher {4ABDC18F-3611-40F6-9256-60C9A1E18F9B}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-07-09 16:07 - 2013-07-09 16:06 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2013-06-29 12:59 - 2014-05-09 19:40 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2013-07-22 20:10 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll
2014-05-21 16:55 - 2014-05-14 01:40 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-21 16:55 - 2014-05-14 01:40 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-21 16:55 - 2014-05-14 01:40 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-21 16:55 - 2014-05-14 01:40 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-21 16:55 - 2014-05-14 01:40 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-05-21 16:55 - 2014-05-14 01:40 - 13695816 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Application errors:
==================
Error: (05/13/2014 05:43:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002181e
ID des fehlerhaften Prozesses: 0x15c
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3

Error: (05/12/2014 09:16:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {48d14729-e79d-4fdb-be73-2efe5d33eaff}

Error: (05/12/2014 09:15:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002181e
ID des fehlerhaften Prozesses: 0x1524
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3

Error: (05/07/2014 05:07:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a00

Startzeit: 01cf6a05f6fad44e

Endzeit: 3

Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

Berichts-ID: 3b5191ca-d5f9-11e3-a131-6c626d8af7c3

Error: (04/27/2014 06:54:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 15b0

Startzeit: 01cf6239670a735d

Endzeit: 3

Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

Berichts-ID: a8439d55-ce2c-11e3-9fab-6c626d8af7c3

Error: (04/27/2014 06:09:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AC3SP.exe, Version: 0.0.0.0, Zeitstempel: 0x5155b7ef
Name des fehlerhaften Moduls: ubiorbitapi_r2.dll, Version: 4.4.1.2822, Zeitstempel: 0x535a50f6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00009024
ID des fehlerhaften Prozesses: 0xa68
Startzeit der fehlerhaften Anwendung: 0xAC3SP.exe0
Pfad der fehlerhaften Anwendung: AC3SP.exe1
Pfad des fehlerhaften Moduls: AC3SP.exe2
Berichtskennung: AC3SP.exe3

Error: (04/27/2014 11:00:48 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall

Error: (04/27/2014 10:59:17 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall

Error: (04/26/2014 06:43:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1418

Startzeit: 01cf616ea2e75868

Endzeit: 29

Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

Berichts-ID: eb44577c-cd61-11e3-8632-6c626d8af7c3

Error: (04/25/2014 00:32:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 350

Startzeit: 01cf6071af1442ce

Endzeit: 1

Anwendungspfad: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

Berichts-ID: f0f1a987-cc64-11e3-984b-6c626d8af7c3


System errors:
=============
Error: (06/02/2014 08:55:23 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/02/2014 08:55:18 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (06/02/2014 02:41:56 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/02/2014 02:40:56 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/02/2014 02:40:51 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (06/02/2014 02:40:49 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (06/02/2014 01:19:44 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/01/2014 06:03:52 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/01/2014 06:03:48 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/01/2014 06:03:43 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 3063.11 MB
Available physical RAM: 1657.73 MB
Total Pagefile: 6124.52 MB
Available Pagefile: 3656.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1356.17 GB) (Free:1193.33 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:1.57 GB) NTFS
Drive j: () (Removable) (Total:1.86 GB) (Free:1.72 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-742852132864) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 4 (Size: 2 GB) (Disk ID: 00887956)
Partition 1: (Active) - (Size=2 GB) - (Type=0E)

==================== End Of Log ============================
         
__________________

Geändert von kebin (02.06.2014 um 20:19 Uhr)

Alt 03.06.2014, 18:41   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Mein yahoo email-account verschickt SPAM an meine Kontakte - Standard

Mein yahoo email-account verschickt SPAM an meine Kontakte



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.06.2014, 20:58   #5
kebin
 
Mein yahoo email-account verschickt SPAM an meine Kontakte - Standard

Mein yahoo email-account verschickt SPAM an meine Kontakte



Danke für deine schnelle Hilfe.

mbam.txt

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 03.06.2014
Suchlauf-Zeit: 18:39:05
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.03.05
Rootkit Datenbank: v2014.06.02.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: kebin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 309763
Verstrichene Zeit: 2 Std, 44 Min, 49 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 6
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, In Quarantäne, [3dd4a7cd6714ed49d6149f9950b2d32d], 
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, In Quarantäne, [3dd4a7cd6714ed49d6149f9950b2d32d], 
PUP.Optional.Zwangi, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF}, Löschen bei Neustart, [020f21531e5d4fe7e540b588758d06fa], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\Plus-HD-4.5, In Quarantäne, [37da7df7d7a47cba4a65b204bd454ab6], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Löschen bei Neustart, [eb26b5bf3d3e71c53934d509ed1648b8], 
PUP.Optional.FilesFrog.A, HKU\S-1-5-21-3919152501-1714073753-3578707811-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BI, Löschen bei Neustart, [7c95571ddc9f0d292058953a000321df], 

Registrierungswerte: 8
PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, In Quarantäne, [db3680f4bbc09f97e90fb88131d1e818], 
PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, In Quarantäne, [db3680f4bbc09f97e90fb88131d1e818]
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, In Quarantäne, [db3680f4bbc09f97e90fb88131d1e818]
PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, In Quarantäne, [e42d373d304bde581edac6736c969a66], 
PUP.BProtector, HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=D2636C626D8AF7C3&affID=120517&tt=160713_9127&tsp=4945, Löschen bei Neustart, [0b06c6ae9fdc181ea82818b1986be917]
PUP.BProtector, HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Löschen bei Neustart, [ef226c08b8c3092defe29039838043bd]
PUP.Optional.Wajam.A, HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}, C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi, Löschen bei Neustart, [a869d59fc4b7e452372e4851dd258f71]
PUP.Optional.FilesFrog.A, HKU\S-1-5-21-3919152501-1714073753-3578707811-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BI|ui_path_filesfrog, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker, Löschen bei Neustart, [7c95571ddc9f0d292058953a000321df]

Registrierungsdaten: 10
PUP.Optional.Qvo6.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373373982, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373373982),Ersetzt,[49c8b0c4cab154e28685bfa96d97926e]
Hijack.StartPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527),Ersetzt,[f0219fd5f3889c9a24ee6502ab5948b8]
Hijack.StartPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527),Ersetzt,[52bfd4a05c1fad89e729481f887c7987]
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970),Ersetzt,[18f921537803072ff881fe5faf5519e7]
PUP.Optional.Snapdo, HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970),Löschen bei Neustart,[6da41a5a1f5cc3733ea1442234d053ad]
PUP.Optional.Snapdo, HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970),Löschen bei Neustart,[5eb3f381f08b989e9d411b4b30d443bd]
Hijack.StartPage, HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.qvo6.com/?utm_source=b&utm_medium=vtt&from=vtt&uid=WDCXWD15EARS-00MVWB0_WD-WMAZA083549035490&ts=1373376527),Löschen bei Neustart,[e22f353f245765d1e52c3235fe062dd3]
PUP.Optional.Snapdo, HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970),Löschen bei Neustart,[ad64db99a9d287af04dd85e107fd3bc5]
PUP.Optional.Snapdo, HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970),Löschen bei Neustart,[947d056f017a3bfb6b772d39cb3926da]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970),Löschen bei Neustart,[7998571dbfbc092d3b3f8ecfa36126da]

Ordner: 18
PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Local\Temp\ct3288691, In Quarantäne, [2be6f57fd3a8c27400e4522e7b87b54b], 
PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Local\Temp\ct3297265, In Quarantäne, [5eb33341631845f140a4433d966c38c8], 
PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Local\Temp\ct3297861, In Quarantäne, [f1206b094c2fb581ba2a651bc83a55ab], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Local\Updater21058, In Quarantäne, [4dc45f15ec8f9e98ee6e7310ba48837d], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\defaults, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\defaults\preferences, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\userCode, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\locale, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\locale\en-US, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.PlusHD.A, C:\Program Files\Plus-HD-4.5, In Quarantäne, [35dccba94a31dc5ae96807804eb4bb45], 

Dateien: 139
PUP.Optional.E7, C:\Users\kebin\AppData\Roaming\eIntaller\24A49A9502EA478b890445B08B958055\Desk365.exe, In Quarantäne, [cb4681f38eed8aac3669db430cf455ab], 
PUP.Optional.E7, C:\Users\kebin\AppData\Roaming\eIntaller\A27FA4BE44DE4315AC0ECEF4B05FF221\Desk365.exe, In Quarantäne, [b25fb9bbe59694a29c03ce50837d4cb4], 
PUP.Optional.SearchProtect.A, C:\Users\kebin\AppData\Local\Temp\nsk196A.exe, In Quarantäne, [20f1d0a493e8f44243b09d8dc0410af6], 
PUP.Optional.SearchProtect.A, C:\Users\kebin\AppData\Local\Temp\nsk1F36.exe, In Quarantäne, [dd34096b17643204ad465bcf58a9a65a], 
PUP.Optional.SearchProtect.A, C:\Users\kebin\AppData\Local\Temp\nskE4B0.exe, In Quarantäne, [37dafa7a16659c9a53a045e5669b26da], 
PUP.Optional.SearchProtect.A, C:\Users\kebin\AppData\Local\Temp\nspE210.exe, In Quarantäne, [3bd60b697803ce685e95e644e918946c], 
PUP.Optional.SearchProtect.A, C:\Users\kebin\AppData\Local\Temp\nstBEE7.exe, In Quarantäne, [a8693f357ffc62d4589b7ab00cf59b65], 
PUP.Optional.SearchProtect.A, C:\Users\kebin\AppData\Local\Temp\nsu1C67.exe, In Quarantäne, [809173013a419d99ca298aa0c33e9868], 
PUP.Optional.SearchProtect.A, C:\Users\kebin\AppData\Local\Temp\nszDF41.exe, In Quarantäne, [9e73e490cab1979f1fd48d9dd52c30d0], 
PUP.Optional.VBates.A, C:\Users\kebin\AppData\Local\Temp\v-bates.exe, In Quarantäne, [b65b096b780362d47a109aabef11ed13], 
PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Local\Temp\nszAA3C\SpSetup.exe, In Quarantäne, [7c955420b1cae45207dc53cc14ed25db], 
PUP.Optional.Superfish.A, C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, In Quarantäne, [fd14e68ee398fd3936d3cecd1ee4a957], 
PUP.Optional.Superfish.A, C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [6da48ee63942e0562ddc4b50c0421ce4], 
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot.exe, In Quarantäne, [cb46571de7940f27de0ef8d2729118e8], 
PUP.Optional.BProtector.A, C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences, In Quarantäne, [937e6113b6c551e537f24e7fe71cbd43], 
PUP.Optional.PricePeep.A, C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage, In Quarantäne, [61b0cca8d0abcd698bb8d0182fd45ea2], 
PUP.Optional.PricePeep.A, C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage-journal, In Quarantäne, [957c581c5625ed49a0a32abefb08956b], 
PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Local\Temp\ct3288691\chromeid.txt, In Quarantäne, [2be6f57fd3a8c27400e4522e7b87b54b], 
PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Local\Temp\ct3288691\setup.ini.txt, In Quarantäne, [2be6f57fd3a8c27400e4522e7b87b54b], 
PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Local\Temp\ct3297265\ism.exe, In Quarantäne, [5eb33341631845f140a4433d966c38c8], 
PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Local\Temp\ct3297861\chromeid.txt, In Quarantäne, [f1206b094c2fb581ba2a651bc83a55ab], 
PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Local\Temp\ct3297861\setup.ini.txt, In Quarantäne, [f1206b094c2fb581ba2a651bc83a55ab], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome.manifest, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\install.rdf, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\background.html, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\baseObject.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\browser.xul, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\dialog.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\ffCoreFilesIndex.txt, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\main.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\options.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\options.xul, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\platformVersion.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\search_dialog.xul, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\asyncDB.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\background.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\browserAction.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\contextMenu.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\dbManager.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\dom_bg.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\fileManager.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\firefox.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\firefoxNotifications.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\firefoxOmnibox.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\message.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\pageAction.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\request.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\tabs.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\webRequest.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\api\windowsMessagingHandler.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\addressBarChangeObserver.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\console.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\consts.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\delegate.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\extensionDataStore.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\folderIOWrapper.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\httpObserver.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\IDBWrapper.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\installer.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\logFile.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\prefs.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\progressListenerObserver.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\registry.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\reloadObserver.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\reports.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\requestObject.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\searchSettings.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\uninstallObserver.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\updateManager.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\utils.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\chrome\content\core\xhr.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\defaults\preferences\prefs.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\manifest.xml, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins.json, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\207.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\1.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\102.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\103.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\104.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\119.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\123.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\13.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\14.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\158.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\16.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\17.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\177.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\178.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\179.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\180.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\182.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\183.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\184.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\190.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\195.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\21.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\217.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\22.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\220.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\221.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\223.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\226.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\242.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\246.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\28.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\4.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\47.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\64.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\7.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\72.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\78.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\9.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\91.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\93.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\plugins\98.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\userCode\background.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\extensionData\userCode\extension.js, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\locale\en-US\translations.dtd, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\button1.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\button2.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\button3.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\button4.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\button5.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\crossrider_statusbar.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\icon128.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\icon16.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\icon24.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\icon48.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\panelarrow-up.png, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\popup.html, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\skin.css, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\extensions\a892fa08-2d07-49e8-adce-f650222629ca@82592752-c212-4885-b999-cb2a1d2f9d09.com\skin\update.css, In Quarantäne, [45cce09493e8e84ee71e572f48ba0af6], 
PUP.Optional.PlusHD.A, C:\Program Files\Plus-HD-4.5\39678.xpi, In Quarantäne, [35dccba94a31dc5ae96807804eb4bb45], 
PUP.Optional.Snapdo.A, C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (,"homepage": "hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=hp&installDate=01/01/1970","homepage_is_newtabpage": false), Ersetzt,[41d0551fbac10234c35e7c1806fe6c94]
PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (   "homepage": "hxxp://search.conduit.com/?ctid=CT3311268&SearchSource=48&CUI=UN29504919652995354&UM=2&UP=SP227CA280-2830-4C9A-BC80-F19CEDB88F74&SSPV=",), Ersetzt,[de33d79d6e0d74c230de1b7af90b55ab]
PUP.Optional.CrossRider.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "1418316622e2637b4c9a4508775cbe3c");), Ersetzt,[7c9583f1611a4aec601ceea6ab5905fb]
PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311268&SearchSource=2&CUI=UN38072101937782320&UM=2&q=");), Ersetzt,[98793b39d7a40f27a23a148063a1a55b]
PUP.Optional.Conduit.A, C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311268&CUI=UN38072101937782320&UM=2&SearchSource=3&q={searchTerms}");), Ersetzt,[bc5502726219d165549d256f40c443bd]

Physische Sektoren: 0
(No malicious items detected)


(end)
         
---------------------

AdwCleaner.txt

Code:
ATTFilter
# AdwCleaner v3.211 - Bericht erstellt am 03/06/2014 um 21:37:04
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : kebin - KEBIN-PC
# Gestartet von : C:\Users\kebin\Desktop\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files\Omiga Plus
Ordner Gelöscht : C:\Program Files\Uninstaller
Ordner Gelöscht : C:\Program Files\V-bates
Ordner Gelöscht : C:\Program Files\WinZipper
Ordner Gelöscht : C:\Users\kebin\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\kebin\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\kebin\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\kebin\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\kebin\AppData\Roaming\337
Ordner Gelöscht : C:\Users\kebin\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\kebin\AppData\Roaming\ExpressFiles
Ordner Gelöscht : C:\Users\kebin\AppData\Roaming\Omiga Plus
Ordner Gelöscht : C:\Users\kebin\AppData\Roaming\WinZipper
Ordner Gelöscht : C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\CT3311268
Ordner Gelöscht : C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\{da7f5ae1-3be3-43c0-8098-c1d183616e97}
Ordner Gelöscht : C:\Users\Gast.kebin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmibnagodajacnnbifpamhggcohblip
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
Datei Gelöscht : C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\user.js
Datei Gelöscht : C:\Windows\Tasks\Dealply.job
Datei Gelöscht : C:\Windows\System32\Tasks\Dealply
Datei Gelöscht : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
Datei Gelöscht : C:\Windows\System32\Tasks\EPUpdater

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Verknüpfung Desinfiziert : C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11428800-BABD-4EC0-8DF7-F9B0014941F9}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11428800-BABD-4EC0-8DF7-F9B0014941F9}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D06FACCC-0160-487B-B897-151B08EF4CEC}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D06FACCC-0160-487B-B897-151B08EF4CEC}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82AEEE4E-A795-4597-BD04-EABC0A8FF318}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82AEEE4E-A795-4597-BD04-EABC0A8FF318}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ACDACEA7-2EE0-4613-8F30-114192EB9520}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACDACEA7-2EE0-4613-8F30-114192EB9520}
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKCU\Software\f4d8dae73fb946
Schlüssel Gelöscht : HKLM\SOFTWARE\f4d8dae73fb946
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3311268
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\Software\hdcode
Schlüssel Gelöscht : HKLM\Software\Software
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]


[ Datei : C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\prefs.js ]

Zeile gelöscht : user_pref("CT3311268.FF19Solved", "true");
Zeile gelöscht : user_pref("CT3311268.UserID", "UN38072101937782320");
Zeile gelöscht : user_pref("CT3311268.browser.search.defaultthis.engineName", "true");
Zeile gelöscht : user_pref("CT3311268.fullUserID", "UN38072101937782320.IN.20130927212443");
Zeile gelöscht : user_pref("CT3311268.installDate", "27/09/2013 21:24:50");
Zeile gelöscht : user_pref("CT3311268.installSessionId", "{191DD0B7-8CC8-486F-92AF-07A25DA7B4F0}");
Zeile gelöscht : user_pref("CT3311268.installSp", "false");
Zeile gelöscht : user_pref("CT3311268.installerVersion", "1.7.1.4");
Zeile gelöscht : user_pref("CT3311268.keyword", "true");
Zeile gelöscht : user_pref("CT3311268.originalHomepage", "about:home");
Zeile gelöscht : user_pref("CT3311268.originalSearchAddressUrl", "");
Zeile gelöscht : user_pref("CT3311268.originalSearchEngine", "");
Zeile gelöscht : user_pref("CT3311268.originalSearchEngineName", "");
Zeile gelöscht : user_pref("CT3311268.searchRevert", "true");
Zeile gelöscht : user_pref("CT3311268.searchUserMode", "2");
Zeile gelöscht : user_pref("CT3311268.smartbar.homepage", "true");
Zeile gelöscht : user_pref("CT3311268.versionFromInstaller", "10.20.1.8");
Zeile gelöscht : user_pref("CT3311268.xpeMode", "0");
Zeile gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Conduit Search");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New V6 Customized Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Conduit Search");
Zeile gelöscht : user_pref("extensions.aa892fa082d0749e8adcef650222629ca82592752c2124885b999cb2a1d2f9d09com39678.39678.internaldb.cache/3518e1eac042730aa1274618984462b3_DE.value", "%22var%20cat_3518e1eac042730aa127461[...]
Zeile gelöscht : user_pref("extensions.aa892fa082d0749e8adcef650222629ca82592752c2124885b999cb2a1d2f9d09com39678.39678.internaldb.cache/5cdf8a7ef2ec84abac286c67587b78d9.value", "%22function%20tcmMarkWindow%28a%29%7Bva[...]
Zeile gelöscht : user_pref("extensions.aa892fa082d0749e8adcef650222629ca82592752c2124885b999cb2a1d2f9d09com39678.39678.internaldb.cache/d5baae4ef839769f8eb7e9f9d82d8a40_DE.value", "%22var%20cat_d5baae4ef839769f8eb7e9f[...]
Zeile gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT3311268");
Zeile gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3311268&CUI=UN38072101937782320&UM=2&SearchSource=13");
Zeile gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311268&SearchSource=2&CUI=UN38072101937782320&UM=2&q=");
Zeile gelöscht : user_pref("smartbar.defaultSearchOwnerCTID", "CT3311268");
Zeile gelöscht : user_pref("smartbar.homePageOwnerCTID", "CT3311268");
Zeile gelöscht : user_pref("smartbar.machineId", "KBVU9/UPX+4MGX6MKJ+YUECUQP866N/S2DSUQA019M5UH9ACGQBMQZUDEGDTRO+QCVKJ/RW+LOD3FX+CWTLVNA");

-\\ Google Chrome v35.0.1916.114

[ Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=DE&userid=67df9fbc-4fcc-49d5-9d21-2130fbe62346&searchtype=ds&q={searchTerms}&installDate=01/01/1970
Gelöscht [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Gelöscht [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Gelöscht [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Gelöscht [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Gelöscht [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Gelöscht [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

[ Datei : C:\Users\Gast.kebin-PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : ljmibnagodajacnnbifpamhggcohblip

[ Datei : C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Homepage] : hxxp://search.conduit.com/?ctid=CT3311268&SearchSource=48&CUI=UN29504919652995354&UM=2&UP=SP227CA280-2830-4C9A-BC80-F19CEDB88F74&SSPV=
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
Gelöscht [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp

*************************

AdwCleaner[R0].txt - [11644 octets] - [03/06/2014 21:34:27]
AdwCleaner[S0].txt - [10953 octets] - [03/06/2014 21:37:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11014 octets] ##########
         
--------------


JRT.txt

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by kebin on 03.06.2014 at 21:46:11,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3919152501-1714073753-3578707811-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3919152501-1714073753-3578707811-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211101158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211101158}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6EE4760F-2013-4BA5-BC1C-AC5D33C65EFA}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"



~~~ FireFox

Successfully deleted the following from C:\Users\kebin\AppData\Roaming\mozilla\firefox\profiles\olbrdq18.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=D2636C626D8AF7C3&affID=121564&tt=160713_9127&tsp=4946");
user_pref("extensions.aa892fa082d0749e8adcef650222629ca82592752c2124885b999cb2a1d2f9d09com39678.39678.cookie.previous_page.value", "%22hxxp%3A//www.golsearch.com/%3Fbabsrc%3DH
user_pref("extensions.aa892fa082d0749e8adcef650222629ca82592752c2124885b999cb2a1d2f9d09com39678.39678.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe
user_pref("extensions.aa892fa082d0749e8adcef650222629ca82592752c2124885b999cb2a1d2f9d09com39678.39678.internaldb.cache/833447eaff04548ccb80787286a7cad9_DE.value", "%22var%20ca
Emptied folder: C:\Users\kebin\AppData\Roaming\mozilla\firefox\profiles\olbrdq18.default\minidumps [23 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.06.2014 at 21:52:29,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


Alt 04.06.2014, 18:39   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Mein yahoo email-account verschickt SPAM an meine Kontakte - Standard

Mein yahoo email-account verschickt SPAM an meine Kontakte




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Mein yahoo email-account verschickt SPAM an meine Kontakte

Alt 05.06.2014, 18:19   #7
kebin
 
Mein yahoo email-account verschickt SPAM an meine Kontakte - Standard

Mein yahoo email-account verschickt SPAM an meine Kontakte



ESET

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=aae67c6b316a9a439f6df99dae202626
# engine=18558
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-05 12:25:45
# local_time=2014-06-05 02:25:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 39225 28549178 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 28299180 153559136 0 0
# scanned=285027
# found=27
# cleaned=0
# scan_time=18054
sh=1658A2A3C75D44161B2D1A185447A88D7F656E37 ft=1 fh=67c324132214aaee vn="MSIL/DomaIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kebin\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=5257A2E56E63C2D8ABCCD9E574C8955FA76904E3 ft=1 fh=d9acd49d716b774a vn="Win32/InstallMonetizer.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kebin\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\67279ab16a958c594d1b312907cc0cdc\gbooks23.exe.vir"
sh=06187AA602DA70C0A079670280BF9B2C283AFF1E ft=1 fh=c9111abb25988d45 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default\Extensions\{da7f5ae1-3be3-43c0-8098-c1d183616e97}\Plugins\npFirefoxPlugin.dll.vir"
sh=19FBBAFE304BC57D46392A7FB96044B968A58FFB ft=1 fh=5858bad25e82c667 vn="Win32/Verti.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGBJ14LG\MediaPlayerClassic_RocketFuelInstaller.exe"
sh=FEC19241949864DE766A2D193BC81E3366E379E4 ft=1 fh=ac6e9bcd558de938 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGBJ14LG\SPSetup[1].exe"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KNQSQW85\sp-downloader[1].exe"
sh=9FAE98C3ABEA706F0A40BF64A01113EC91A606A5 ft=1 fh=076524552ae7c00f vn="Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KNQSQW85\v-bates[1].exe"
sh=918AC853BEAD5D6AAE0BCD5D200CCB12FB490BB8 ft=1 fh=05a48abc09a5595b vn="Win32/Verti.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM5QMBQ3\7zip_RocketFuelInstaller.exe"
sh=B09166ED1B1E138E78F807E6E7B4A19E0934E5A5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\1\E3\479B0d01"
sh=76383B8DE33E6BBFB98D545DEA12B018A0A8F2C8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\3\10\37904d01"
sh=8F41043A0C0F743CCCE9B7CD76394E9774A7E29D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\5\35\23476d01"
sh=6CB576025EF95F1FFDBEB877E91C99B131673D06 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\5\F4\8685Dd01"
sh=6F7594C9F585188C288BD98D8D94FA7CFB7EFB52 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\6\96\603EFd01"
sh=735CC619CF5A1EC40682C50985BB816C9AB1BEEF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\7\84\9068Fd01"
sh=8049BA4B533E2429B7931AD0E4D31901A37DF860 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\9\B1\66E97d01"
sh=67530A9DFBB32849426EB31F67EBCDA24A8070C3 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\B\DA\55A0Fd01"
sh=98E43199E579EB6F35C724FC41BAFC335F776877 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\C\0F\F4FF3d01"
sh=CE163FD3855C7BAE704D7B2CFE058049F7593574 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\C\5A\74BA5d01"
sh=E6ACD81D83325C8FDB6CCF9BDE50056D78F8AF97 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\C\F8\A9FA1d01"
sh=0873B32D1D554533AF9A22B0B4F8705F809768B4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\D\7D\6FDF0d01"
sh=8C65267C1AADD4AB670D6D979C4A686D16A86869 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\D\B0\73F3Dd01"
sh=D5BF3BEAF19D898EB32267722392039A56C90C28 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kebin\AppData\Local\Mozilla\Firefox\Profiles\olbrdq18.default\Cache\F\99\7B861d01"
sh=1A989D3EC64BCA0D23EEFF96634F255FBB16C3C4 ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="D:\KEVINH\Backup Set 2011-07-17 190155\Backup Files 2011-07-17 190155\Backup files 11.zip"
sh=A4A018E0591923D465CC7BA16D96B2797A6D938F ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\KEVINH\Backup Set 2011-07-17 190155\Backup Files 2011-07-17 190155\Backup files 6.zip"
sh=FFEB8C4ABB26E104A3919DA0E863BC08A033DDCB ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="D:\KEVINH\Backup Set 2011-07-17 190155\Backup Files 2011-07-24 202244\Backup files 3.zip"
sh=47DC1127D84CFB79632F24B20CB16C50E0766DEC ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.C evtl. unerwünschte Anwendung" ac=I fn="D:\KEVINH\Backup Set 2011-10-09 202246\Backup Files 2011-10-09 202246\Backup files 7.zip"
         
-------------------------------------------

Security Check

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop           
Emsisoft Anti-Malware   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 7 Update 21  
 Java SE Development Kit 7 Update 21 
 Java version out of Date! 
  Adobe Flash Player 	11.9.900.117 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (26.0) 
 Google Chrome 34.0.1847.137  
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Emsisoft Anti-Malware a2service.exe   
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

------------------------------------------------


FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014
Ran by kebin (administrator) on KEBIN-PC on 05-06-2014 19:13:42
Running from C:\Users\kebin\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Windows\System32\PnkBstrA.exe
(Realtek) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(SAMSUNG ELECTRONICS) C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9288296 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SMSTray] => C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [132624 2007-12-14] (SAMSUNG ELECTRONICS)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [4330432 2014-02-15] (Emsisoft GmbH)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [] => [X]
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [Spotify Web Helper] => C:\Users\kebin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-03] (Spotify Ltd)
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [CPU_Control] => C:\Program Files\CPU-Control\CPU_Control.exe [1034240 2009-01-04] ()
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\Run: [DAEMON Tools Lite] => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {7c3722b3-bc8b-11e2-ae42-c93ad4f53fab} - I:\INSTALL.EXE
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {b34471aa-f51d-11e2-9a3c-6c626d8af7c3} - I:\setup.exe
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000\...\MountPoints2: {d20c0b20-c6a5-11e2-b23d-aad8909b5fad} - I:\INSTALL.EXE
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => [X]
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\kebin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-03] (Spotify Ltd)
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CPU_Control] => C:\Program Files\CPU-Control\CPU_Control.exe [1034240 2009-01-04] ()
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: I - I:\Setup.exe
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7c3722b3-bc8b-11e2-ae42-c93ad4f53fab} - I:\INSTALL.EXE
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b34471aa-f51d-11e2-9a3c-6c626d8af7c3} - I:\setup.exe
HKU\S-1-5-21-3919152501-1714073753-3578707811-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d20c0b20-c6a5-11e2-b23d-aad8909b5fad} - I:\INSTALL.EXE
Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\kebin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll [192512 2004-11-23] (MarkAny Cooperation.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{26A623EB-0DB5-4189-B290-E65C1726041A}: [NameServer]192.169.137.1

FireFox:
========
FF ProfilePath: C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\Profiles\olbrdq18.default
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @esn.me/esnsonar,version=0.70.4 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin: @esn/esnlaunch,version=2.3.0 - C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin: @esn/npbattlelog,version=2.3.2 - C:\Program Files\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\kebin\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-07-09]
FF Extension: FTdownloader V3.0 - C:\Users\kebin\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader3@ftdownloader.com.xpi [2013-04-11]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Drive) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-09]
CHR Extension: (YouTube) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-09]
CHR Extension: (Adblock Plus) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-03]
CHR Extension: (Google-Suche) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-09]
CHR Extension: (Google Wallet) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\kebin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-09]
CHR HKLM\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09]
CHR HKCU\...\Chrome\Extension: [ibcgjcbeckcdemelifnledhihpaighfk] - C:\Users\kebin\AppData\Local\CRE\ibcgjcbeckcdemelifnledhihpaighfk.crx [2013-07-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-05-09] ()
R2 Realtek11nSU; C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek)

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-01] (Avira Operations GmbH & Co. KG)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [64904 2010-04-27] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [146568 2010-04-27] (Renesas Electronics Corporation)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [22184 2013-10-29] (Audials AG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-09] (Avira GmbH)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-03-07] (RapidSolution Software AG)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 19:03 - 2014-06-05 19:03 - 00854367 _____ () C:\Users\kebin\Desktop\SecurityCheck.exe
2014-06-04 21:22 - 2014-06-04 21:22 - 00000000 ____D () C:\Program Files\ESET
2014-06-04 21:21 - 2014-06-04 21:22 - 02347384 _____ (ESET) C:\Users\kebin\Downloads\esetsmartinstaller_deu (1).exe
2014-06-03 21:55 - 2014-06-03 21:56 - 00048540 _____ () C:\Users\kebin\Desktop\mbam.txt
2014-06-03 21:52 - 2014-06-03 21:52 - 00003011 _____ () C:\Users\kebin\Desktop\JRT.txt
2014-06-03 21:46 - 2014-06-03 21:46 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 21:42 - 2014-06-03 21:42 - 00011095 _____ () C:\Users\kebin\Desktop\AdwCleaner[S0].txt
2014-06-03 21:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-06-03 21:25 - 2014-06-03 21:38 - 00000000 ____D () C:\AdwCleaner
2014-06-03 18:37 - 2014-06-05 05:37 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-03 18:36 - 2014-06-03 18:36 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-03 18:36 - 2014-06-03 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-03 18:36 - 2014-06-03 18:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 18:36 - 2014-06-03 18:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-03 18:36 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-03 18:36 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-03 18:36 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-03 18:35 - 2014-06-03 18:35 - 02347384 _____ (ESET) C:\Users\kebin\Downloads\esetsmartinstaller_deu.exe
2014-06-03 18:35 - 2014-06-03 18:35 - 01016261 _____ (Thisisu) C:\Users\kebin\Desktop\JRT.exe
2014-06-03 18:34 - 2014-06-03 18:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\kebin\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 18:34 - 2014-06-03 18:34 - 01327971 _____ () C:\Users\kebin\Desktop\adwcleaner_3.211.exe
2014-06-02 21:17 - 2014-06-02 21:17 - 00033748 _____ () C:\Users\kebin\Desktop\Addition.txt
2014-06-02 21:16 - 2014-06-05 19:14 - 00016137 _____ () C:\Users\kebin\Desktop\FRST.txt
2014-06-02 20:58 - 2014-06-02 20:58 - 00000000 ____D () C:\Users\kebin\Desktop\FRST-OlderVersion
2014-06-02 17:01 - 2014-06-05 19:13 - 00000000 ____D () C:\FRST
2014-06-02 17:01 - 2014-06-02 20:58 - 01059840 _____ (Farbar) C:\Users\kebin\Desktop\FRST.exe
2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-05 19:05 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware
2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:00 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:00 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:00 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 17:33 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 17:33 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 17:32 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 17:32 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 17:32 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 17:32 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 17:32 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 17:32 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 17:32 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 17:32 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 17:32 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 17:32 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 17:32 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 17:32 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 17:32 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url
2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die
2014-05-06 21:48 - 2014-05-15 13:08 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-06-05 19:14 - 2014-06-02 21:16 - 00016137 _____ () C:\Users\kebin\Desktop\FRST.txt
2014-06-05 19:13 - 2014-06-02 17:01 - 00000000 ____D () C:\FRST
2014-06-05 19:13 - 2014-01-13 18:33 - 00000000 ____D () C:\Users\kebin\AppData\Local\PMB Files
2014-06-05 19:13 - 2014-01-13 18:33 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-05 19:13 - 2013-03-08 21:06 - 00000000 ____D () C:\Users\kebin\AppData\Local\Temp
2014-06-05 19:09 - 2014-04-27 16:09 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {4ABDC18F-3611-40F6-9256-60C9A1E18F9B}.job
2014-06-05 19:05 - 2014-06-02 15:36 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-06-05 19:03 - 2014-06-05 19:03 - 00854367 _____ () C:\Users\kebin\Desktop\SecurityCheck.exe
2014-06-05 18:41 - 2013-03-08 21:01 - 01419147 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 18:40 - 2013-07-09 15:55 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 18:38 - 2013-07-09 15:55 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 05:37 - 2014-06-03 18:37 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-04 21:22 - 2014-06-04 21:22 - 00000000 ____D () C:\Program Files\ESET
2014-06-04 21:22 - 2014-06-04 21:21 - 02347384 _____ (ESET) C:\Users\kebin\Downloads\esetsmartinstaller_deu (1).exe
2014-06-04 15:35 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-04 15:35 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-04 15:26 - 2013-11-02 13:15 - 00028755 _____ () C:\Windows\setupact.log
2014-06-04 15:26 - 2013-07-07 09:34 - 00000436 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-04 15:26 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-03 21:56 - 2014-06-03 21:55 - 00048540 _____ () C:\Users\kebin\Desktop\mbam.txt
2014-06-03 21:52 - 2014-06-03 21:52 - 00003011 _____ () C:\Users\kebin\Desktop\JRT.txt
2014-06-03 21:46 - 2014-06-03 21:46 - 00000000 ____D () C:\Windows\ERUNT
2014-06-03 21:42 - 2014-06-03 21:42 - 00011095 _____ () C:\Users\kebin\Desktop\AdwCleaner[S0].txt
2014-06-03 21:39 - 2013-11-08 12:26 - 00092658 _____ () C:\Windows\PFRO.log
2014-06-03 21:38 - 2014-06-03 21:25 - 00000000 ____D () C:\AdwCleaner
2014-06-03 21:37 - 2013-03-09 16:50 - 00000937 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-06-03 21:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-06-03 21:27 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Spotify
2014-06-03 18:36 - 2014-06-03 18:36 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-03 18:36 - 2014-06-03 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-03 18:36 - 2014-06-03 18:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-03 18:36 - 2014-06-03 18:36 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-03 18:35 - 2014-06-03 18:35 - 02347384 _____ (ESET) C:\Users\kebin\Downloads\esetsmartinstaller_deu.exe
2014-06-03 18:35 - 2014-06-03 18:35 - 01016261 _____ (Thisisu) C:\Users\kebin\Desktop\JRT.exe
2014-06-03 18:34 - 2014-06-03 18:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\kebin\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-03 18:34 - 2014-06-03 18:34 - 01327971 _____ () C:\Users\kebin\Desktop\adwcleaner_3.211.exe
2014-06-03 18:13 - 2013-03-09 13:44 - 00000000 ____D () C:\Users\kebin\AppData\Local\Spotify
2014-06-03 16:27 - 2014-01-16 21:45 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\TS3Client
2014-06-03 15:37 - 2013-07-09 16:07 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-03 15:37 - 2013-07-09 16:07 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-02 21:17 - 2014-06-02 21:17 - 00033748 _____ () C:\Users\kebin\Desktop\Addition.txt
2014-06-02 21:06 - 2013-03-19 16:19 - 00000000 ____D () C:\Program Files\Atari
2014-06-02 20:58 - 2014-06-02 20:58 - 00000000 ____D () C:\Users\kebin\Desktop\FRST-OlderVersion
2014-06-02 20:58 - 2014-06-02 17:01 - 01059840 _____ (Farbar) C:\Users\kebin\Desktop\FRST.exe
2014-06-02 16:54 - 2013-07-07 16:59 - 00000000 ____D () C:\Users\kebin\Desktop\SPIELE
2014-06-02 16:42 - 2013-05-14 18:04 - 00000000 ____D () C:\Users\kebin\Documents\My Games
2014-06-02 16:41 - 2013-07-25 14:27 - 00000000 ____D () C:\Program Files\R.G. Mechanics
2014-06-02 16:39 - 2013-07-16 16:40 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-06-02 16:39 - 2013-05-14 17:50 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\DVDVideoSoft
2014-06-02 16:29 - 2013-11-13 18:56 - 00000000 ____D () C:\Users\kebin\Documents\W-Seminar
2014-06-02 16:01 - 2013-03-08 21:11 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 15:38 - 2014-06-02 15:38 - 00001053 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-06-02 15:38 - 2014-06-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-06-02 15:36 - 2014-06-02 15:36 - 00000000 ____D () C:\Users\kebin\Documents\Anti-Malware
2014-05-31 20:11 - 2013-12-08 15:31 - 00000000 ____D () C:\Users\kebin\Documents\Deutsch
2014-05-23 19:08 - 2013-04-09 14:08 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\Skype
2014-05-21 16:55 - 2013-07-09 15:55 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-16 22:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 18:46 - 2013-04-07 18:37 - 00000000 ____D () C:\Program Files\Steam
2014-05-15 13:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 13:08 - 2014-05-06 21:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 13:08 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 22:10 - 2013-08-14 19:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:03 - 2014-05-14 22:03 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:03 - 2013-07-17 15:37 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 22:03 - 2013-04-11 20:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-12 17:39 - 2014-05-12 17:39 - 00000213 _____ () C:\Users\kebin\Desktop\Counter-Strike Global Offensive.url
2014-05-12 07:26 - 2014-06-03 18:36 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-03 18:36 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-06-03 18:36 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 18:33 - 2014-05-11 18:33 - 00000000 ____D () C:\Users\kebin\Documents\7 Days To Die
2014-05-11 12:18 - 2013-04-24 19:41 - 00000000 ____D () C:\Users\kebin\AppData\Roaming\.minecraft
2014-05-09 21:03 - 2013-06-30 15:00 - 00290184 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-05-09 21:03 - 2013-06-29 12:59 - 00290184 _____ () C:\Windows\system32\PnkBstrB.exe
2014-05-09 21:03 - 2013-06-29 12:59 - 00139032 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-05-09 21:02 - 2013-06-29 12:59 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-05-09 21:01 - 2013-06-30 14:59 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-05-09 19:40 - 2013-06-29 12:59 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\ProgramData\Origin
2014-05-09 19:36 - 2013-06-29 12:09 - 00000000 ____D () C:\Program Files\Origin
2014-05-09 09:06 - 2014-05-14 17:33 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 17:33 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 16:38 - 2014-05-02 12:51 - 00000000 ____D () C:\Users\kebin\Documents\Sozialkunde
2014-05-08 13:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 17:35 - 2013-10-17 19:57 - 00000000 ____D () C:\Users\kebin\AppData\Local\Windows Live
2014-05-06 05:25 - 2014-05-14 22:00 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-14 22:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-14 22:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

Files to move or delete:
====================
C:\Users\kebin\AppData\Roaming\Camdata.ini
C:\Users\kebin\AppData\Roaming\CamLayout.ini
C:\Users\kebin\AppData\Roaming\CamShapes.ini


Some content of TEMP:
====================
C:\Users\Gast.kebin-PC\AppData\Local\Temp\avgnt.exe
C:\Users\kebin\AppData\Local\Temp\avgnt.exe
C:\Users\kebin\AppData\Local\Temp\i4jdel0.exe
C:\Users\kebin\AppData\Local\Temp\javagiac0.5293851001103334.dll
C:\Users\kebin\AppData\Local\Temp\Quarantine.exe
C:\Users\kebin\AppData\Local\Temp\SIInvoker.exe
C:\Users\kebin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\kebin\AppData\Local\Temp\sonarinst.exe
C:\Users\kebin\AppData\Local\Temp\swt-win32-3349.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-01 22:11

==================== End Of Log ============================
         
--- --- ---



-------------------------------------

Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-06-2014
Ran by kebin at 2014-06-05 19:14:13
Running from C:\Users\kebin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

==================== Installed Programs ======================

*tmx englisch (HKLM\...\{89286F5B-4B78-41DE-9982-B7AD010DE01B}) (Version: 5.00.0000 - *tmx communications)
7 Days to Die (HKLM\...\Steam App 251570) (Version:  - The Fun Pimps)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.6.602.171 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Advanced Archive Password Recovery (HKLM\...\{01011662-76A8-41E8-B1A8-4F8821570AC5}) (Version: 4.54.48.1338 - Elcomsoft Co. Ltd.)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - )
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{FF6A8312-0A62-3AC0-A49F-9CB7390AE5EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2203 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
Application Profiles (HKLM\...\{63059735-CA97-FDFB-0E7A-3B8D81572EFD}) (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Assassin’s Creed® III (HKLM\...\Steam App 208480) (Version:  - Ubisoft Montreal)
Audials (HKLM\...\{D37248E4-6C59-4F21-ACBF-E58FAD54F9DB}) (Version: 11.0.39402.200 - Audials AG)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BlueJ (HKLM\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.0 - BlueJ Team)
BPM Counter 1.6.0.0 (HKLM\...\BPM Counter_is1) (Version: 1.6.0.0 - AbyssMedia.com)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM\...\Steam App 10190) (Version:  - Infinity Ward)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CPU-Control (HKLM\...\CPU-Control_is1) (Version:  - Koma-Code)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dart2010 2.0.1 (HKLM\...\Dart2010) (Version: 2.0.1 - Klaus Sobieray)
DartPro 2.9.0.0 (HKLM\...\DartPro_is1) (Version:  - RuSyS)
DiRT 2 (HKLM\...\Steam App 12840) (Version:  - Codemasters Racing Studio)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKCU\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
Emsisoft Anti-Malware (HKLM\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
ESN Sonar (HKLM\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GeoGebra 4.2 (HKLM\...\GeoGebra 4.2) (Version: 4.2.57.0 - International GeoGebra Institute)
GeoGebra 5.0 (HKLM\...\GeoGebra 5.0) (Version: 4.9.248.0 - International GeoGebra Institute)
GIANTS Editor 5.0.1 (HKLM\...\giants_editor_5.0.1_is1) (Version: 5.0.1 - GIANTS Software GmbH)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
HP Officejet 6100 - Grundlegende Software für das Gerät (HKLM\...\{28FE6C88-97EC-4FC5-8FF3-70E800F5C33E}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Officejet 6100 Hilfe (HKLM\...\{2033DC31-6C96-4E5B-BF51-6BFFDB3E6564}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
IL Shared Libraries (HKLM\...\IL Shared Libraries) (Version:  - Image-Line)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 21 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Kinovea (HKLM\...\Kinovea) (Version: 0.8.15 - Kinovea)
K-Lite Codec Pack 10.2.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
Lame ACM MP3 Codec (HKLM\...\Lame MP3 Codec (for the ACM)) (Version:  - )
Landwirtschafts Simulator 2011 (HKLM\...\FarmingSimulator2011DE_is1) (Version: 1.0 - GIANTS Software)
Langenscheidt Vokabeltrainer 6.0 Demoversion (HKLM\...\{B2F9A670-BA19-4B2C-8CB9-97801C488C02}) (Version: 6.0.16 - Langenscheidt)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Magic The Gathering - Duels of the Planeswalkers 2013 (HKLM\...\Magic The Gathering - Duels of the Planeswalkers 2013_is1) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word 2007 (HKLM\...\WORD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (HKLM\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}) (Version: 7.1.101.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.7.22.0 - Nokia)
Nokia Suite (Version: 3.7.22.0 - Nokia) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 18.0.1284.63 (HKLM\...\Opera 18.0.1284.63) (Version: 18.0.1284.63 - Opera Software ASA)
Origin (HKLM\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41417}) (Version: 3.61.0 - dotPDN LLC)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PC Connectivity Solution (HKLM\...\{6B722793-E77B-41F5-BAB3-6C9832274E75}) (Version: 12.0.76.0 - Nokia)
Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PokerTH (HKLM\...\PokerTH 1.0.1) (Version: 1.0.1 - www.pokerth.net)
PokerTH (HKLM\...\PokerTH 1.1) (Version: 1.1 - www.pokerth.net)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Rapture3D 2.3.26 Game (HKLM\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}) (Version: 1.00.0129 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
RollerCoaster Tycoon 3 (HKLM\...\RollerCoaster Tycoon 3_is1) (Version:  - Atari)
Samsung Media Studio (HKLM\...\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}) (Version: 5 - Samsung)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.8.0 - SAMSUNG Electronics Co., Ltd.)
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Lord of the Rings: War in the North (HKLM\...\Steam App 32800) (Version:  - Snowblind Studios)
TmNationsForever (HKLM\...\TmNationsForever_is1) (Version:  - Nadeo)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_WORD_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_WORD_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_WORD_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Uplay (HKLM\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XviD MPEG-4 Video Codec (HKLM\...\XviD_is1) (Version: XviD-1.0.3-20122004 - XviD Team (Koepi))

==================== Restore Points  =========================

14-05-2014 19:58:52 Windows Update
24-05-2014 17:02:01 Geplanter Prüfpunkt
01-06-2014 20:18:34 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02D9C747-3DE4-4EA9-B314-9D7507BF3C85} - System32\Tasks\{29138DB8-65F5-41A1-AD3D-D24659EE651F} => C:\Program Files\DDS Converter 2\DDS Converter 2.exe
Task: {9B9DEAEB-AD03-4D29-A527-F088816D3486} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-24] (Piriform Ltd)
Task: {BFFA05F7-DD6B-4BF9-8A71-6456135F7285} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-09] (Google Inc.)
Task: {CA556849-99B3-49F1-A0AC-42D0BA1DC656} - System32\Tasks\FF Watcher {4ABDC18F-3611-40F6-9256-60C9A1E18F9B} => C:\Program Files\V-bates\PrefHelper.exe
Task: {F0616216-E5D1-48B5-B0EE-CC3753EBEA07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-09] (Google Inc.)
Task: C:\Windows\Tasks\FF Watcher {4ABDC18F-3611-40F6-9256-60C9A1E18F9B}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-29 12:59 - 2014-05-09 19:40 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2013-07-22 20:10 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (06/05/2014 06:30:06 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/05/2014 06:29:59 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (06/05/2014 03:31:45 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (06/04/2014 08:03:03 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/04/2014 08:01:55 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (06/04/2014 06:19:36 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (06/04/2014 06:19:30 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (06/04/2014 03:32:54 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 38%
Total physical RAM: 3063.11 MB
Available physical RAM: 1874.52 MB
Total Pagefile: 6124.52 MB
Available Pagefile: 3970.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1356.17 GB) (Free:1186.79 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:1.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-742852132864) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
         


Es sind keine weiteren Probleme aufgetreten.
Ich bedanke recht herzlich bei dir für deine schnelle und zuverlässige Hilfe.

MfG Kevin

Alt 06.06.2014, 11:52   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Mein yahoo email-account verschickt SPAM an meine Kontakte - Standard

Mein yahoo email-account verschickt SPAM an meine Kontakte



Java udn Flash updaten.

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
ProxyEnable: Internet Explorer proxy is enabled.
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.06.2014, 15:33   #9
kebin
 
Mein yahoo email-account verschickt SPAM an meine Kontakte - Standard

Mein yahoo email-account verschickt SPAM an meine Kontakte



Fixlog.txt

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:06-06-2014
Ran by kebin at 2014-06-07 16:28:27 Run:1
Running from C:\Users\kebin\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
ProxyEnable: Internet Explorer proxy is enabled.
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
         
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.

==== End of Fixlog ====
         
Ich habe alles wie beschrieben ausgeführt. Danke für die tolle Hilfe.

Alt 08.06.2014, 09:46   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Mein yahoo email-account verschickt SPAM an meine Kontakte - Standard

Mein yahoo email-account verschickt SPAM an meine Kontakte



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Mein yahoo email-account verschickt SPAM an meine Kontakte
conduit search, conduit search entfernen, conduitsearch, conduitsearch entfernen, hijack.startpage, launch, newtab, pup.bprotector, pup.optional.bprotector.a, pup.optional.conduit.a, pup.optional.crossrider.a, pup.optional.e7, pup.optional.filesfrog.a, pup.optional.outbrowse, pup.optional.pcperformer.a, pup.optional.plushd.a, pup.optional.pricepeep.a, pup.optional.qvo6.a, pup.optional.searchprotect.a, pup.optional.snapdo, pup.optional.snapdo.a, pup.optional.superfish.a, pup.optional.vbates, pup.optional.vbates.a, pup.optional.wajam.a, pup.optional.zwangi, spotify web helper



Ähnliche Themen: Mein yahoo email-account verschickt SPAM an meine Kontakte


  1. Email Account gehackt: Email Versand an meine Kontakte mit meinem Namen, aber anderer Email Adresse.
    Log-Analyse und Auswertung - 29.07.2015 (3)
  2. Mein GMX-Account versendet Spam an alle meine Kontakte
    Log-Analyse und Auswertung - 10.12.2014 (10)
  3. AOL Email gehackt, geklaut? Spam an Kontakte verschickt!
    Überwachung, Datenschutz und Spam - 12.09.2014 (1)
  4. Yahoo-Mail Account verschickt Spam, hinterlässt keine Spuren im Verschickt-Ordner Win8
    Plagegeister aller Art und deren Bekämpfung - 16.07.2014 (11)
  5. Anknüpfung Sassi1988 - Yahoo Mail verschickt Spam Mails an Kontakte
    Plagegeister aller Art und deren Bekämpfung - 17.06.2014 (3)
  6. Yahoo-Mail verschickt Mails an meine Kontakte, aber alle Security Scans behaupten der Rechner sei sicher
    Plagegeister aller Art und deren Bekämpfung - 12.06.2014 (1)
  7. Hotmail-Account verschickt Spam an alle Kontakte
    Plagegeister aller Art und deren Bekämpfung - 08.06.2014 (7)
  8. Mein Email Account verschickt Spam Mails mit Internetlinks
    Plagegeister aller Art und deren Bekämpfung - 31.10.2013 (11)
  9. Hotmail-Account verschickt eigenständig Spam-Mails an Kontakte
    Log-Analyse und Auswertung - 29.04.2013 (13)
  10. Email-Account verschickt selbstständig emails an Kontakte
    Log-Analyse und Auswertung - 31.03.2013 (2)
  11. Yahoo Mail Acc verschickt Spam Mails an persönliche Kontakte
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (37)
  12. E-Mail Account bei gmx.de verschickt Mails an alle meine Kontakte
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (3)
  13. Mein yahoo mail account verschickt spam emails an alle Kontakte
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (1)
  14. AOL-Account verschickt Spam an alle Kontakte
    Plagegeister aller Art und deren Bekämpfung - 24.03.2012 (1)
  15. Yahoo-Mail-Account versendet Spam-Mails an Kontakte aus meinem Adressbuch
    Plagegeister aller Art und deren Bekämpfung - 24.03.2012 (3)
  16. mein Email Account verschickt Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 27.12.2010 (1)
  17. Malware verschickt Spam an komplettes Email-kontakte Kontingent
    Plagegeister aller Art und deren Bekämpfung - 05.04.2010 (1)

Zum Thema Mein yahoo email-account verschickt SPAM an meine Kontakte - Seit gestern wurde ich mehrmals darauf hingewiesen, dass Personen von meiner email-Adresse aus Spam-Nachrichten erhalten haben. In meinem Gesendet-Ordner sind keine emails zu sehen und es hat sich auch niemand - Mein yahoo email-account verschickt SPAM an meine Kontakte...
Archiv
Du betrachtest: Mein yahoo email-account verschickt SPAM an meine Kontakte auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.