Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Fehler beim Laden des Moduls RegSvr32

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.06.2014, 19:53   #1
-NiNa-
 
Fehler beim Laden des Moduls RegSvr32 - Standard

Fehler beim Laden des Moduls RegSvr32



halli hallo
hab schwere probleme mit meinem pc seit ein paar tagen ... mein antivirus war abgelaufen ... hab verlänfert etc und naturlich voller scheiss gewesehn hatte ein programm namens fileparade bundle installer den ich nur schwer wegbekommen habe aber habs geschafft und jetzt kommt beim nachm hochfahren "Fehler beim Laden des Moduls RegSvr32" bla bla bla.
hab jetzt hier mal rumgestöbert und mir den adw cleaner runtergeladen kann mir jemand helfen ????

lg -NiNa-

# AdwCleaner v3.212 - Bericht erstellt am 05/06/2014 um 20:37:46
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Nina - NINA-PC
# Gestartet von : C:\Users\Nina\Downloads\adwcleaner_3.212.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\WebSearch.xml
Datei Gefunden : C:\Users\Nina\AppData\Roaming\LiveSupport.exe_log.txt
Datei Gefunden : C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gefunden : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\invalidprefs.js
Datei Gefunden : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js
Datei Gefunden : C:\Users\Nina\AppData\Roaming\regsvr32.exe_log.txt
Datei Gefunden : C:\Windows\System32\Tasks\Driver Booster Update
Datei Gefunden : C:\Windows\System32\Tasks\paretologic registration3
Datei Gefunden : C:\Windows\System32\Tasks\paretologic update version3
Datei Gefunden : C:\Windows\System32\Tasks\PC Health Advisor
Datei Gefunden : C:\Windows\System32\Tasks\PC Health Advisor Defrag
Datei Gefunden : C:\Windows\Tasks\paretologic registration3.job
Datei Gefunden : C:\Windows\Tasks\paretologic update version3.job
Datei Gefunden : C:\Windows\Tasks\PC Health Advisor Defrag.job
Datei Gefunden : C:\Windows\Tasks\PC Health Advisor.job
Ordner Gefunden : C:\Program Files (x86)\Common Files\ParetoLogic
Ordner Gefunden : C:\Program Files (x86)\melondrea
Ordner Gefunden : C:\Program Files (x86)\ParetoLogic
Ordner Gefunden : C:\Program Files (x86)\Search-NuEwTaB
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\ParetoLogic
Ordner Gefunden : C:\ProgramData\Search-NuEwTaB
Ordner Gefunden : C:\ProgramData\Trymedia
Ordner Gefunden : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gefunden : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke
Ordner Gefunden : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad
Ordner Gefunden : C:\Users\Administrator\AppData\Local\torch
Ordner Gefunden : C:\Users\Einhorn-Pegasus\AppData\Local\Chromatic Browser
Ordner Gefunden : C:\Users\Einhorn-Pegasus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke
Ordner Gefunden : C:\Users\Einhorn-Pegasus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad
Ordner Gefunden : C:\Users\Einhorn-Pegasus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg
Ordner Gefunden : C:\Users\Einhorn-Pegasus\AppData\Local\torch
Ordner Gefunden : C:\Users\Gast\AppData\Local\Chromatic Browser
Ordner Gefunden : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke
Ordner Gefunden : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad
Ordner Gefunden : C:\Users\Gast\AppData\Local\torch
Ordner Gefunden : C:\Users\Nina\AppData\Local\Chromatic Browser
Ordner Gefunden : C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke
Ordner Gefunden : C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad
Ordner Gefunden : C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg
Ordner Gefunden : C:\Users\Nina\AppData\Local\Temp\hotspot shield
Ordner Gefunden : C:\Users\Nina\AppData\Local\torch
Ordner Gefunden : C:\Users\Nina\AppData\Roaming\DriverCure
Ordner Gefunden : C:\Users\Nina\AppData\Roaming\EZDownloader
Ordner Gefunden : C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Ordner Gefunden : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\adsremoval@adsremoval.net
Ordner Gefunden : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\ebuyya@zxzgadhg.net
Ordner Gefunden : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\fkia@chjqmws.co.uk
Ordner Gefunden : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\sparpilot@sparpilot.com
Ordner Gefunden : C:\Users\Nina\AppData\Roaming\ParetoLogic
Ordner Gefunden : C:\Users\Nina\AppData\Roaming\Systweak

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\anchorfree
Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gefunden : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gefunden : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\distromatic
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKCU\Software\ParetoLogic
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\systweak
Schlüssel Gefunden : HKCU64\Software\anchorfree
Schlüssel Gefunden : HKCU64\Software\Conduit
Schlüssel Gefunden : HKCU64\Software\distromatic
Schlüssel Gefunden : HKCU64\Software\IM
Schlüssel Gefunden : HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Schlüssel Gefunden : HKCU64\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}
Schlüssel Gefunden : HKCU64\Software\ParetoLogic
Schlüssel Gefunden : HKCU64\Software\Softonic
Schlüssel Gefunden : HKCU64\Software\systweak
Schlüssel Gefunden : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gefunden : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gefunden : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gefunden : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-698646803
Schlüssel Gefunden : HKLM\Software\ParetoLogic
Schlüssel Gefunden : HKLM\Software\systweak
Schlüssel Gefunden : HKLM\Software\Trymedia Systems
Schlüssel Gefunden : HKLM64\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM64\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Schlüssel Gefunden : HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Einhorn-Pegasus\AppData\Roaming\Mozilla\Firefox\Profiles\91ev68is.default\prefs.js ]


[ Datei : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js ]

Zeile gefunden : user_pref("browser.search.defaultenginename", "WebSearch");
Zeile gefunden : user_pref("browser.search.defaultenginename,S", "WebSearch");
Zeile gefunden : user_pref("browser.search.defaulturl", "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q=");
Zeile gefunden : user_pref("browser.search.order.1", "WebSearch");
Zeile gefunden : user_pref("browser.search.order.1,S", "WebSearch");
Zeile gefunden : user_pref("browser.search.selectedEngine", "WebSearch");
Zeile gefunden : user_pref("browser.search.selectedEngine,S", "WebSearch");
Zeile gefunden : user_pref("extensions.4oCX02XMHU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
Zeile gefunden : user_pref("extensions.AGUp1mNe.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
Zeile gefunden : user_pref("extensions.av5Jq.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...]
Zeile gefunden : user_pref("extensions.buenosearch.admin", false);
Zeile gefunden : user_pref("extensions.buenosearch.aflt", "babsst");
Zeile gefunden : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Zeile gefunden : user_pref("extensions.buenosearch.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.buenosearch.bbDpng", "12");
Zeile gefunden : user_pref("extensions.buenosearch.cntry", "DE");
Zeile gefunden : user_pref("extensions.buenosearch.dfltLng", "en");
Zeile gefunden : user_pref("extensions.buenosearch.excTlbr", false);
Zeile gefunden : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Zeile gefunden : user_pref("extensions.buenosearch.hdrMd5", "A41CDBE30F583C45BA374C3DF5C7CA58");
Zeile gefunden : user_pref("extensions.buenosearch.id", "142775060000000000003085a9acd151");
Zeile gefunden : user_pref("extensions.buenosearch.instlDay", "16174");
Zeile gefunden : user_pref("extensions.buenosearch.instlRef", "sst");
Zeile gefunden : user_pref("extensions.buenosearch.lastB", "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=14273085A9ACD151&affID=127690&tsp=5184");
Zeile gefunden : user_pref("extensions.buenosearch.lastVrsnTs", "1.8.28.716:50:14");
Zeile gefunden : user_pref("extensions.buenosearch.newTab", false);
Zeile gefunden : user_pref("extensions.buenosearch.prdct", "buenosearch");
Zeile gefunden : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Zeile gefunden : user_pref("extensions.buenosearch.rvrt", "false");
Zeile gefunden : user_pref("extensions.buenosearch.sg", "azb");
Zeile gefunden : user_pref("extensions.buenosearch.smplGrp", "none");
Zeile gefunden : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=14273085A9ACD151&affID=128492&tsp=5217");
Zeile gefunden : user_pref("extensions.buenosearch.tlbrId", "base");
Zeile gefunden : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=14273085A9ACD151&affID=128492&tsp=5217");
Zeile gefunden : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Zeile gefunden : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.717:05:11");
Zeile gefunden : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
Zeile gefunden : user_pref("extensions.crossrider.bic", "144d129de192be5fa1be2b4f2a441b6c");
Zeile gefunden : user_pref("extensions.iminent.admin", false);
Zeile gefunden : user_pref("extensions.iminent.aflt", "orgnl");
Zeile gefunden : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Zeile gefunden : user_pref("extensions.iminent.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.iminent.dfltLng", "");
Zeile gefunden : user_pref("extensions.iminent.excTlbr", false);
Zeile gefunden : user_pref("extensions.iminent.ffxUnstlRst", false);
Zeile gefunden : user_pref("extensions.iminent.id", "142775060000000000003085a9acd151");
Zeile gefunden : user_pref("extensions.iminent.instlDay", "16146");
Zeile gefunden : user_pref("extensions.iminent.instlRef", "");
Zeile gefunden : user_pref("extensions.iminent.newTab", false);
Zeile gefunden : user_pref("extensions.iminent.prdct", "iminent");
Zeile gefunden : user_pref("extensions.iminent.prtnrId", "iminent");
Zeile gefunden : user_pref("extensions.iminent.rvrt", "false");
Zeile gefunden : user_pref("extensions.iminent.smplGrp", "none");
Zeile gefunden : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Zeile gefunden : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Zeile gefunden : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Zeile gefunden : user_pref("extensions.iminent.vrsnTs", "1.8.28.318:48:27");
Zeile gefunden : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Zeile gefunden : user_pref("keyword.URL", "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q=");

-\\ Google Chrome v35.0.1916.114




((Hoffe das ist so richtig))

Alt 05.06.2014, 20:04   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fehler beim Laden des Moduls RegSvr32 - Standard

Fehler beim Laden des Moduls RegSvr32



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 05.06.2014, 20:27   #3
-NiNa-
 
Fehler beim Laden des Moduls RegSvr32 - Standard

Fehler beim Laden des Moduls RegSvr32



Code:
ATTFilter
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/06/05 20:15:04 +0200</date>
<logfile>mbam-log-2014-06-05 (20-15-04).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.06.05.11</malware-database>
<rootkit-database>v2014.06.02.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Nina</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>311026</objects>
<time>392</time>
<processes>0</processes>
<modules>0</modules>
<keys>40</keys>
<values>6</values>
<datas>1</datas>
<folders>19</folders>
<files>105</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\CLASSES\APPID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}</path><vendor>PUP.Optional.PricePeep.A</vendor><action>success</action><hash>9649cca8aecd95a1ba2c89e66a9816ea</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}</path><vendor>PUP.Optional.PricePeep.A</vendor><action>success</action><hash>9649cca8aecd95a1ba2c89e66a9816ea</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}</path><vendor>PUP.Optional.WebSteroids.A</vendor><action>success</action><hash>9f40155f1e5d2e08ee5f63d8b34f8779</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}</path><vendor>PUP.Optional.WebSteroids.A</vendor><action>success</action><hash>9f40155f1e5d2e08ee5f63d8b34f8779</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}</path><vendor>PUP.Optional.DynConIE.A</vendor><action>success</action><hash>d6097df79be0ab8b0e0dee4dfa08ff01</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}</path><vendor>PUP.Optional.DynConIE.A</vendor><action>success</action><hash>d6097df79be0ab8b0e0dee4dfa08ff01</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}</path><vendor>Adware.Agent</vendor><action>success</action><hash>548b324295e6ff377ee6003ebc468878</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}</path><vendor>Adware.Agent</vendor><action>success</action><hash>548b324295e6ff377ee6003ebc468878</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B}</path><vendor>Adware.Agent</vendor><action>success</action><hash>548b324295e6ff377ee6003ebc468878</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}</path><vendor>Adware.Agent</vendor><action>success</action><hash>548b324295e6ff377ee6003ebc468878</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{75BF416E-4326-45B5-8A2D-AE32D05B930B}</path><vendor>Adware.Agent</vendor><action>success</action><hash>548b324295e6ff377ee6003ebc468878</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}</path><vendor>Adware.Agent</vendor><action>success</action><hash>548b324295e6ff377ee6003ebc468878</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>38a7d0a42d4e191db702f877748edd23</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>c718cca8ee8d2313ceec046b02003fc1</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>825db3c18fec1e182e202d42f60c619f</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PricePeep.PricePeepBho</path><vendor>PUP.Optional.PricePeep.A</vendor><action>success</action><hash>716ef08474079e98665cb8b6af537b85</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\PricePeep.PricePeepBho.1</path><vendor>PUP.Optional.PricePeep.A</vendor><action>success</action><hash>9f4072021e5dcd69ebd71856a55d1ae6</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PricePeep.PricePeepBho</path><vendor>PUP.Optional.PricePeep.A</vendor><action>success</action><hash>9f4072021e5dcd69ebd71856a55d1ae6</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\PricePeep.PricePeepBho.1</path><vendor>PUP.Optional.PricePeep.A</vendor><action>success</action><hash>9f4072021e5dcd69ebd71856a55d1ae6</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Websteroids</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></key>
<key><path>HKLM\SOFTWARE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>4996f67e5625d85edf6d774157ab2bd5</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>b12e82f2f8835ed8424e09d934cf9f61</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\APPID\PricePeep.DLL</path><vendor>PUP.Optional.PricePeep.A</vendor><action>success</action><hash>06d9f57fb5c60a2cde174f7f3ac942be</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>78674d27bac16fc7a3a93d7bd42e4db3</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>a23deb892a5163d3b0e00bd742c13cc4</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\PricePeep.DLL</path><vendor>PUP.Optional.PricePeep.A</vendor><action>success</action><hash>e4fbde964e2d49ed1ed78846a55e05fb</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SWEETIM</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>9748cfa54f2c4de9450c5e7054afa957</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update melondrea</path><vendor>PUP.Optional.Melondrea.A</vendor><action>success</action><hash>5f804f251467fe38a01a5f52e121d729</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Websteroids</path><vendor>PUP.OPtional.Websteroids</vendor><action>success</action><hash>e2fd13611d5eff373512584f7b8705fb</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\hdtotal1.2</path><vendor>PUP.Optional.HDTotal.A</vendor><action>success</action><hash>edf2afc58eedd5611f6c5c8bec17ac54</hash></key>
<key><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>f0efcaaabfbca78f2ab33ba6be45c838</hash></key>
<key><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE</path><vendor>PUP.Optional.MultiIE.A</vendor><action>success</action><hash>be214e2617643bfb27049a5126ddf20e</hash></key>
<key><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DISTROMATIC\Toolbars</path><vendor>PUP.Optional.AlexaTB.A</vendor><action>success</action><hash>06d9e78d0477ab8bab497e55a1624fb1</hash></key>
<key><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>a03fbeb6f68505310c49f0c7f111ac54</hash></key>
<key><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>cb14056f9edd0432b1b222abb54e38c8</hash></key>
<key><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}</path><vendor>PUP.Optional.WebSearchInfo</vendor><action>success</action><hash>677890e4a0db2412862f419a669d4cb4</hash></key>
<key><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader</path><vendor>PUP.Optional.Softonic.A</vendor><action>success</action><hash>37a875ff8fec66d06e8b4a5b1ee411ef</hash></key>
<key><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>3fa0d69ede9db97d94bcb31b05feb749</hash></key>
<key><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\VB AND VBA PROGRAM SETTINGS\SrvID</path><vendor>Malware.Trace</vendor><action>success</action><hash>5a85f4802a513df9162ce54c976cb24e</hash></key>
<key><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader</path><vendor>PUP.Optional.Softonic.A</vendor><action>success</action><hash>eaf5afc55d1ef73fa554ffa69270dc24</hash></key>
<value><path>HKLM\SOFTWARE\WOW6432NODE\SWEETIM</path><valuename>simapp_id</valuename><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><valuedata>1605756196006826384</valuedata><hash>9748cfa54f2c4de9450c5e7054afa957</hash></value>
<value><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><valuename>tb</valuename><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><valuedata>0J1B1O1M1N0U1O1N2T</valuedata><hash>cb14056f9edd0432b1b222abb54e38c8</hash></value>
<value><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>Firewall Windows</valuename><vendor>Trojan.Agent</vendor><action>success</action><valuedata>C:\Users\Nina\AppData\Roaming\Windows Firewall\csrss.exe</valuedata><hash>637c0f655f1c8da968cd2da53ec46997</hash></value>
<value><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>LiveSupport</valuename><vendor>PUP.Optional.LiveSupport</vendor><action>success</action><valuedata>&quot;C:\Program Files (x86)\LiveSupport\LiveSupport.exe&quot; /noshow /log</valuedata><hash>c718ef852d4e46f0b9479416788aa858</hash></value>
<value><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>{86D4318C-5447-5CE6-632A-7FF902854152}</valuename><vendor>Trojan.ZbotR.Gen</vendor><action>success</action><valuedata>C:\Users\Nina\AppData\Roaming\Vaowav\qarot.exe</valuedata><hash>3ba4f77d85f6ac8a7ae4b7d040c3ba46</hash></value>
<value><path>HKU\S-1-5-21-1228840033-2895351102-1459622301-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM</path><valuename>simapp_id</valuename><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><valuedata>1605756196006826384</valuedata><hash>3fa0d69ede9db97d94bcb31b05feb749</hash></value>
<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.WebSearchInfo</vendor><action>replaced</action><valuedata>hxxp://websearch.eazytosearch.info/?pid=724&amp;r=2014/06/01&amp;hid=13168029659258047577&amp;lg=EN&amp;cc=DE</valuedata><baddata>hxxp://websearch.eazytosearch.info/?pid=724&amp;r=2014/06/01&amp;hid=13168029659258047577&amp;lg=EN&amp;cc=DE</baddata><gooddata>hxxp://www.google.com</gooddata><hash>06d9195b08732b0b07a51b463acac43c</hash></data>
<folder><path>C:\Users\Einhorn-Pegasus\AppData\Local\Websteroids</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>3da280f46318cf6755f67f2044be4cb4</hash></folder>
<folder><path>C:\Users\Nina\AppData\Local\Websteroids</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>a03fcaaa29526dc90a41b8e77191659b</hash></folder>
<folder><path>C:\ProgramData\Websteroids</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></folder>
<folder><path>C:\ProgramData\Websteroids\up</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></folder>
<folder><path>C:\ProgramData\Websteroids\up\2.6.80</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></folder>
<folder><path>C:\Users\Nina\AppData\Roaming\14277506</path><vendor>Rogue.Multiple</vendor><action>success</action><hash>8a5596de0b7037ff2ba295dde31f1ae6</hash></folder>
<folder><path>C:\Users\Nina\AppData\Local\Temp\Iminent</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>607fc4b0dba08fa735594240e71ba45c</hash></folder>
<folder><path>C:\Users\Nina\AppData\Local\Temp\CT3325809</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>3ea10c68b0cbfb3b6785a7db659dc040</hash></folder>
<folder><path>C:\Users\Nina\AppData\Roaming\IminentToolbar</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>3aa5066e314aab8b0a339de7659d6b95</hash></folder>
<folder><path>C:\ProgramData\YoutubeAdblocker</path><vendor>PUP.Optional.YoutubeAdblocker.A</vendor><action>success</action><hash>3da2f67ee299fb3b53476f17986a8e72</hash></folder>
<folder><path>C:\Users\Nina\AppData\Roaming\SimilarSites</path><vendor>PUP.Optional.SimilarSites.A</vendor><action>success</action><hash>984770041a6173c31a57880214eee11f</hash></folder>
<folder><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></folder>
<folder><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></folder>
<folder><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\content</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></folder>
<folder><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\locale</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></folder>
<folder><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\locale\en-US</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></folder>
<folder><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\skin</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></folder>
<folder><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></folder>
<folder><path>C:\ProgramData\savE on</path><vendor>PUP.Optional.SaveOn.A</vendor><action>success</action><hash>eff0caaa9be0270f5b8e7f1521e158a8</hash></folder>
<file><path>C:\Users\Nina\AppData\Local\Temp\nsd1D0A.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>39a6e88c0e6d61d5d9955ecde51c9b65</hash></file>
<file><path>C:\Users\Nina\AppData\Local\Temp\nsdC018.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>c619621288f3ec4afe70919a02ff1de3</hash></file>
<file><path>C:\Users\Nina\AppData\Local\Temp\nsi1B54.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>eef1254f8fec0234640a2dfe3fc2619f</hash></file>
<file><path>C:\Users\Nina\AppData\Local\Temp\Umbrella.exeb35d6e</path><vendor>PUP.Optional.Iminent</vendor><action>success</action><hash>14cb24506f0ccf675e77000945bc48b8</hash></file>
<file><path>C:\Users\Nina\AppData\Local\Temp\nsnBE33.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>1ac55e162b50b086531bf3382fd245bb</hash></file>
<file><path>C:\Users\Nina\AppData\Local\Temp\nsjA547.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>e4fb7103f9823501393588a32dd46b95</hash></file>
<file><path>C:\Users\Nina\AppData\Local\Temp\n4095\melondrea_0702-81cfb2ef.exe</path><vendor>PUP.Optional.Melondrea.A</vendor><action>success</action><hash>825d2b49a7d4cd695bd28bb761a3669a</hash></file>
<file><path>C:\Users\Nina\AppData\Local\Temp\n4095\s4095.exe</path><vendor>PUP.Optional.Rapiddown</vendor><action>success</action><hash>47987df75e1d79bd722575eead54619f</hash></file>
<file><path>C:\Users\Nina\AppData\Local\Temp\is1242154493\2424856_stp\MegaBrowseSetup.exe</path><vendor>PUP.Optional.MegaBrowse.A</vendor><action>success</action><hash>fde22054b2c9db5b7dafbb8746be6898</hash></file>
<file><path>C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage</path><vendor>PUP.Optional.Superfish.A</vendor><action>success</action><hash>706f284c6b1089adb5c9148a7989d22e</hash></file>
<file><path>C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal</path><vendor>PUP.Optional.Superfish.A</vendor><action>success</action><hash>4f901c5890eb8da9a9d5099544be9769</hash></file>
<file><path>C:\Users\Einhorn-Pegasus\AppData\Local\Websteroids\data2.dat</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>3da280f46318cf6755f67f2044be4cb4</hash></file>
<file><path>C:\Users\Nina\AppData\Local\Websteroids\data2.dat</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>a03fcaaa29526dc90a41b8e77191659b</hash></file>
<file><path>C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>5b847df7c5b658de5bf01090ed150cf4</hash></file>
<file><path>C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d.websteroidsapp.com_0.localstorage</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>14cbf57faad12610484c91180bf7f60a</hash></file>
<file><path>C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d.websteroidsapp.com_0.localstorage-journal</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>e9f6d1a3e398e155454f5158f909f60a</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\searchplugins\buenosearch.xml</path><vendor>PUP.Optional.BuenoSearch.A</vendor><action>success</action><hash>8c5373018fec3df97aef1d8fa85a6b95</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\searchplugins\conduit-search.xml</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>9e4187ed661565d120568428837f54ac</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\searchplugins\iminent.xml</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>904fd4a0d5a64ee8595d4765828052ae</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\searchplugins\WebSearch.xml</path><vendor>PUP.Optional.WebSearch.A</vendor><action>success</action><hash>21be34400e6d55e162014d60f012a759</hash></file>
<file><path>C:\Windows\System32\roboot64.exe</path><vendor>PUP.Optional.PCPerformer.A</vendor><action>success</action><hash>1bc4bbb9027951e50739e3cec73b5da3</hash></file>
<file><path>C:\ProgramData\Websteroids\app.dat</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file>
<file><path>C:\ProgramData\Websteroids\data.dat</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file>
<file><path>C:\ProgramData\Websteroids\Uninstall.exe</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file>
<file><path>C:\ProgramData\Websteroids\Websteroids.exe.config</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file>
<file><path>C:\ProgramData\Websteroids\Websteroids.ico</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file>
<file><path>C:\ProgramData\Websteroids\Websteroids64.exe.config</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file>
<file><path>C:\ProgramData\Websteroids\WebsteroidsService.exe.config</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file>
<file><path>C:\ProgramData\Websteroids\up\2.6.80\Websteroids.exe.config</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file>
<file><path>C:\ProgramData\Websteroids\up\2.6.80\Websteroids64.exe.config</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file>
<file><path>C:\ProgramData\Websteroids\up\2.6.80\WebsteroidsService.exe.config</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file>
<file><path>C:\ProgramData\Websteroids\up\2.6.80\WebsteroidsUpdate.exe</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file>
<file><path>C:\ProgramData\Websteroids\up\2.6.80\WebsteroidsUpdate.exe.config</path><vendor>PUP.Optional.Websteroids.A</vendor><action>success</action><hash>df009dd77dfe171f15fee4d516ece11f</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Nina-wchelper.dll</path><vendor>Trojan.Agent.Gen</vendor><action>success</action><hash>38a773013e3db2848a0a85269e65ad53</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Windows Firewall\csrss.exe</path><vendor>Trojan.Agent</vendor><action>success</action><hash>637c0f655f1c8da968cd2da53ec46997</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\14277506\16-02-2014</path><vendor>Rogue.Multiple</vendor><action>success</action><hash>8a5596de0b7037ff2ba295dde31f1ae6</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\14277506\ak.tmp</path><vendor>Rogue.Multiple</vendor><action>success</action><hash>8a5596de0b7037ff2ba295dde31f1ae6</hash></file>
<file><path>C:\Users\Nina\AppData\Local\Temp\CT3325809\ddt.csf</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>3ea10c68b0cbfb3b6785a7db659dc040</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\IminentToolbar\sqlite3.dll</path><vendor>PUP.Optional.Iminent.A</vendor><action>success</action><hash>3aa5066e314aab8b0a339de7659d6b95</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome.manifest</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\install.rdf</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\content\aff.js</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\content\jquery-1.8.3.min.js</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\content\options.js</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\content\options.xul</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\content\overlay.js</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\content\overlay.xul</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\content\popup.html</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\content\popup.js</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\content\tabs_listener.js</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\locale\en-US\settings.dtd</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic\button.png</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic\icon.png</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic\main.css</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic\overlay.css</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic\sitefinder.css</path><vendor>PUP.Optional.SiteFinder.A</vendor><action>success</action><hash>d50a551f1b609e9820548ffb1be71ae6</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.crossrider.bic&quot;, &quot;144d129de192be5fa1be2b4f2a441b6c&quot;);</baddata><gooddata></gooddata><hash>39a64a2afc7f0630b5beb4e4fc08619f</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.admin&quot;, false);</baddata><gooddata></gooddata><hash>657a452f5b2053e305801a7f887cdb25</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.aflt&quot;, &quot;babsst&quot;);</baddata><gooddata></gooddata><hash>439c0470d7a40036661f267320e48f71</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.appId&quot;, &quot;{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}&quot;);</baddata><gooddata></gooddata><hash>c619acc8afcc0234cbba8514659f748c</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.autoRvrt&quot;, &quot;false&quot;);</baddata><gooddata></gooddata><hash>d30ce4904338cd69572e9405af557987</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.bbDpng&quot;, &quot;12&quot;);</baddata><gooddata></gooddata><hash>8659e39190eb181ed0b574255fa59e62</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.cntry&quot;, &quot;DE&quot;);</baddata><gooddata></gooddata><hash>845bf87caecdc472aed71d7c13f11ae6</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.dfltLng&quot;, &quot;en&quot;);</baddata><gooddata></gooddata><hash>ce111361d5a605315d28475210f4fd03</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.excTlbr&quot;, false);</baddata><gooddata></gooddata><hash>79665e1603785cda15702673f0144fb1</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.ffxUnstlRst&quot;, true);</baddata><gooddata></gooddata><hash>bd22d4a0552686b0f98caeebe61e57a9</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.hdrMd5&quot;, &quot;A41CDBE30F583C45BA374C3DF5C7CA58&quot;);</baddata><gooddata></gooddata><hash>4699106435465cda265fd5c4fb09639d</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.id&quot;, &quot;142775060000000000003085a9acd151&quot;);</baddata><gooddata></gooddata><hash>db047ef62358a492671ed4c56f958080</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.instlDay&quot;, &quot;16174&quot;);</baddata><gooddata></gooddata><hash>e6f98be93744a294fe87a8f12ada857b</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.instlRef&quot;, &quot;sst&quot;);</baddata><gooddata></gooddata><hash>5f801262780351e595f06b2ef90b2ad6</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.lastB&quot;, &quot;hxxp://www.buenosearch.com/?babsrc=HP_ss&amp;mntrId=14273085A9ACD151&amp;affID=127690&amp;tsp=5184&quot;);</baddata><gooddata></gooddata><hash>7c6376fe0f6c44f2fa8bd7c215efd62a</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.lastVrsnTs&quot;, &quot;1.8.28.716:50:14&quot;);</baddata><gooddata></gooddata><hash>00dfea8ae39884b23550b4e51de7ce32</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.newTab&quot;, false);</baddata><gooddata></gooddata><hash>a23d274d0279bb7b88fde5b48d7741bf</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.prdct&quot;, &quot;buenosearch&quot;);</baddata><gooddata></gooddata><hash>944bef8598e30135add88d0c25df7e82</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.prtnrId&quot;, &quot;buenosearch&quot;);</baddata><gooddata></gooddata><hash>637cd89c92e9fb3bc0c51782a4603cc4</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.rvrt&quot;, &quot;false&quot;);</baddata><gooddata></gooddata><hash>726d393b81fa31051e677e1b30d422de</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.sg&quot;, &quot;azb&quot;);</baddata><gooddata></gooddata><hash>538c64106f0c171ff49101984eb6a35d</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.smplGrp&quot;, &quot;none&quot;);</baddata><gooddata></gooddata><hash>6976b5bfd3a887af2d58a4f58e76ce32</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.tb_url&quot;, &quot;hxxp://www.buenosearch.com/?q={searchTerms}&amp;babsrc=TB_ss&amp;mntrId=14273085A9ACD151&amp;affID=128492&amp;tsp=5217&quot;);</baddata><gooddata></gooddata><hash>47989ed6502b52e4592c83166c987e82</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.tlbrId&quot;, &quot;base&quot;);</baddata><gooddata></gooddata><hash>7e610074601b171f5c294c4d778d14ec</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.tlbrSrchUrl&quot;, &quot;hxxp://www.buenosearch.com/?q={searchTerms}&amp;babsrc=TB_ss&amp;mntrId=14273085A9ACD151&amp;affID=128492&amp;tsp=5217&quot;);</baddata><gooddata></gooddata><hash>01de88ecc8b3bc7a6c190d8c3fc5e020</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.vrsn&quot;, &quot;1.8.28.7&quot;);</baddata><gooddata></gooddata><hash>6d72b8bc98e37abc592c0990f2129868</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.vrsnTs&quot;, &quot;1.8.28.717:05:11&quot;);</baddata><gooddata></gooddata><hash>6976294b4c2f38fe1c697425b0544fb1</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.vrsni&quot;, &quot;1.8.28.7&quot;);</baddata><gooddata></gooddata><hash>29b6c0b4671474c2ef965445ce36fd03</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.tlbrSrchUrl&quot;, &quot;hxxp://www.buenosearch.com/?q={searchTerms}&amp;babsrc=TB_ss&amp;mntrId=14273085A9ACD151&amp;affID=128492&amp;tsp=5217&quot;);</baddata><gooddata></gooddata><hash>9748a0d4b5c61f1798eeb7e16b993dc3</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch.A</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.tb_url&quot;, &quot;hxxp://www.buenosearch.com/?q={searchTerms}&amp;babsrc=TB_ss&amp;mntrId=14273085A9ACD151&amp;affID=128492&amp;tsp=5217&quot;);</baddata><gooddata></gooddata><hash>9e41205497e41422fb8b3266cc38a45c</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.id&quot;, &quot;142775060000000000003085a9acd151&quot;);</baddata><gooddata></gooddata><hash>bd22561e1b60db5b473d1485699b29d7</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.appId&quot;, &quot;{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}&quot;);</baddata><gooddata></gooddata><hash>9847db9983f82c0aacd87b1ec341ec14</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.instlDay&quot;, &quot;16174&quot;);</baddata><gooddata></gooddata><hash>d40bf38194e7b0868103fa9fdc28ce32</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.vrsn&quot;, &quot;1.8.28.7&quot;);</baddata><gooddata></gooddata><hash>617e88ec5c1f0d291e66e2b7976d946c</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.vrsni&quot;, &quot;1.8.28.7&quot;);</baddata><gooddata></gooddata><hash>6c73551f5b203ef8057f89108e7602fe</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.vrsnTs&quot;, &quot;1.8.28.717:05:11&quot;);</baddata><gooddata></gooddata><hash>746b0f650a71c96d9fe5d0c95ea6b947</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.prtnrId&quot;, &quot;buenosearch&quot;);</baddata><gooddata></gooddata><hash>08d7056f601b9e98e3a14158df25639d</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.prdct&quot;, &quot;buenosearch&quot;);</baddata><gooddata></gooddata><hash>459a413335463df9fa8adebb788ccc34</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.aflt&quot;, &quot;babsst&quot;);</baddata><gooddata></gooddata><hash>f1ee3b395c1f6dc98202bfdaee16b64a</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.smplGrp&quot;, &quot;none&quot;);</baddata><gooddata></gooddata><hash>2fb04133c9b2d95d2e56e8b1c53fcd33</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.tlbrId&quot;, &quot;base&quot;);</baddata><gooddata></gooddata><hash>6f7080f47902c670c1c3ff9aa95bb64a</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.instlRef&quot;, &quot;sst&quot;);</baddata><gooddata></gooddata><hash>2cb36e06b9c2092d24600b8e6b99dd23</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.dfltLng&quot;, &quot;en&quot;);</baddata><gooddata></gooddata><hash>f8e72c4854275adced97e0b9bf453fc1</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.excTlbr&quot;, false);</baddata><gooddata></gooddata><hash>19c6ed87bebd74c2097badec0bf935cb</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.ffxUnstlRst&quot;, true);</baddata><gooddata></gooddata><hash>1fc0d69e0378d95d097b9108bb49c53b</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.admin&quot;, false);</baddata><gooddata></gooddata><hash>8857f282502b4ee8374da7f2966e7f81</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.autoRvrt&quot;, &quot;false&quot;);</baddata><gooddata></gooddata><hash>35aa2153e9923cfaff859207bd470df3</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.rvrt&quot;, &quot;false&quot;);</baddata><gooddata></gooddata><hash>8659d69e9ae177bfe3a19504fb090000</hash></file>
<file><path>C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js</path><vendor>PUP.Optional.BuenoSearch</vendor><action>replaced</action><baddata>user_pref(&quot;extensions.buenosearch.newTab&quot;, false);</baddata><gooddata></gooddata><hash>6d72ec889be03ef8f78df3a6d430fb05</hash></file>
</items>
</mbam-log>
         


Code:
ATTFilter
<?xml version="1.0" encoding="UTF-8" ?>
<logs>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:12:25.969547+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="1e9b4cd7-2e4e-4416-959d-f6f75cb2df29" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:12:25.972547+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="7499c952-8eee-499b-bb62-51943d30a52c" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:12:25.986548+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="b7fa10c1-cfc8-4d6f-89ff-f50a8fa38f6f" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:13:04.367743+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="b3fef30e-65ea-4a15-8675-c0a9f03c602c" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="1" datetime="2014-06-05T20:14:30.866690+02:00" source="Manual" type="Update" username="SYSTEM" systemname="NINA-PC" fromVersion="2014.2.20.1" last_modified_tag="561c526d-87fc-42d9-9bbe-964cc7ae019d" name="Rootkit Database" toVersion="2014.6.2.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2014-06-05T20:14:35.562959+02:00" source="Manual" type="Update" username="SYSTEM" systemname="NINA-PC" fromVersion="2014.3.4.9" last_modified_tag="38f743d2-d1b1-4386-8686-e68331e9ba4b" name="Malware Database" toVersion="2014.6.5.11"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:39.286172+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="c0fea3a6-2884-417a-9937-d455b9063cec" result="Starting" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:39.288172+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="8a2a97bd-7cdd-4494-8e0c-0de986b02789" result="Stopping" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:39.299173+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="d7333ef2-990c-471c-ab94-9db3df71bf51" result="Stopped" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:41.695310+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="646fb251-011d-4522-94a5-f7a4f4de1009" result="Success" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:41.703310+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="cc17db88-81d7-435b-9c98-5869285404f2" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:41.846318+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="105c6c4f-ebf1-455e-832d-46dab894fbea" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:25:17.234663+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="65aef941-3109-4b5f-9feb-d48ae5c735e0" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:25:17.281463+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="65f05152-b488-4193-b25c-924b96bcc79f" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:25:17.281463+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="23ed683d-7f9c-4c15-bb19-654227f64af4" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:26:47.340421+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="77908a56-3daa-47f6-97f4-134b7ef73f01" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2014-06-05T21:15:49.643425+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="09ad03d7-1405-484f-b161-f92551b79ea9" subtype="Malicious Website Protection" direction="Outbound" domain="32d1d3b9c.se" ip="5.150.195.167" malwaretype="IP" port="54937"></record>
   <record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2014-06-05T21:15:49.677427+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="ab7e443d-e7fc-4619-adad-08d323a52e2c" subtype="Malicious Website Protection" direction="Outbound" domain="32d1d3b9c.se" ip="5.150.195.167" malwaretype="IP" port="54937"></record>
   <record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2014-06-05T21:15:49.691428+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="79d275ea-586a-4530-9451-44e05809273d" subtype="Malicious Website Protection" direction="Outbound" domain="32d1d3b9c.se" ip="5.150.195.167" malwaretype="IP" port="54938"></record>
   <record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2014-06-05T21:15:49.891439+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="98f57b7c-612a-439e-8325-23ce420acc00" subtype="Malicious Website Protection" direction="Outbound" domain="32d1d3b9c.se" ip="5.150.195.167" malwaretype="IP" port="54939"></record>
   <record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2014-06-05T21:15:49.906440+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="d16e80df-6e44-4b50-af8d-717eeae932b6" subtype="Malicious Website Protection" direction="Outbound" domain="32d1d3b9c.se" ip="5.150.195.167" malwaretype="IP" port="54940"></record>
   <record severity="debug" LoggingEventType="1" datetime="2014-06-05T21:20:10.781847+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="NINA-PC" fromVersion="2014.6.5.11" last_modified_tag="01653665-9a24-436c-a0bf-2d6f2234c92b" name="Malware Database" toVersion="2014.6.5.12"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:39.491889+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="6e35b863-226f-479f-86ce-d68bdb75701c" result="Starting" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:39.501889+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="e13b2ceb-3ad1-4c22-8666-724bc2f4c093" result="Stopping" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:39.511889+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="fc717549-5f62-4712-81da-6eefd74c9c3a" result="Stopped" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:41.911892+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="18be61f6-970e-4002-86fe-0f6dc080148b" result="Success" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:41.921892+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="a0847727-a693-4bde-9e4c-078c5657da02" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:42.061892+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="5db6d53f-ff88-4ad7-9904-374205ad365e" result="Started" subtype="Malicious Website Protection"></record>
</logs>
         




Code:
ATTFilter
<?xml version="1.0" encoding="UTF-8" ?>
<logs>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:12:25.969547+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="1e9b4cd7-2e4e-4416-959d-f6f75cb2df29" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:12:25.972547+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="7499c952-8eee-499b-bb62-51943d30a52c" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:12:25.986548+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="b7fa10c1-cfc8-4d6f-89ff-f50a8fa38f6f" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:13:04.367743+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="b3fef30e-65ea-4a15-8675-c0a9f03c602c" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="1" datetime="2014-06-05T20:14:30.866690+02:00" source="Manual" type="Update" username="SYSTEM" systemname="NINA-PC" fromVersion="2014.2.20.1" last_modified_tag="561c526d-87fc-42d9-9bbe-964cc7ae019d" name="Rootkit Database" toVersion="2014.6.2.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2014-06-05T20:14:35.562959+02:00" source="Manual" type="Update" username="SYSTEM" systemname="NINA-PC" fromVersion="2014.3.4.9" last_modified_tag="38f743d2-d1b1-4386-8686-e68331e9ba4b" name="Malware Database" toVersion="2014.6.5.11"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:39.286172+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="c0fea3a6-2884-417a-9937-d455b9063cec" result="Starting" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:39.288172+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="8a2a97bd-7cdd-4494-8e0c-0de986b02789" result="Stopping" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:39.299173+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="d7333ef2-990c-471c-ab94-9db3df71bf51" result="Stopped" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:41.695310+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="646fb251-011d-4522-94a5-f7a4f4de1009" result="Success" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:41.703310+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="cc17db88-81d7-435b-9c98-5869285404f2" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:14:41.846318+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="105c6c4f-ebf1-455e-832d-46dab894fbea" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:25:17.234663+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="65aef941-3109-4b5f-9feb-d48ae5c735e0" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:25:17.281463+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="65f05152-b488-4193-b25c-924b96bcc79f" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:25:17.281463+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="23ed683d-7f9c-4c15-bb19-654227f64af4" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T20:26:47.340421+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="77908a56-3daa-47f6-97f4-134b7ef73f01" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2014-06-05T21:15:49.643425+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="09ad03d7-1405-484f-b161-f92551b79ea9" subtype="Malicious Website Protection" direction="Outbound" domain="32d1d3b9c.se" ip="5.150.195.167" malwaretype="IP" port="54937"></record>
   <record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2014-06-05T21:15:49.677427+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="ab7e443d-e7fc-4619-adad-08d323a52e2c" subtype="Malicious Website Protection" direction="Outbound" domain="32d1d3b9c.se" ip="5.150.195.167" malwaretype="IP" port="54937"></record>
   <record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2014-06-05T21:15:49.691428+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="79d275ea-586a-4530-9451-44e05809273d" subtype="Malicious Website Protection" direction="Outbound" domain="32d1d3b9c.se" ip="5.150.195.167" malwaretype="IP" port="54938"></record>
   <record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2014-06-05T21:15:49.891439+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="98f57b7c-612a-439e-8325-23ce420acc00" subtype="Malicious Website Protection" direction="Outbound" domain="32d1d3b9c.se" ip="5.150.195.167" malwaretype="IP" port="54939"></record>
   <record severity="debug" process="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" LoggingEventType="0" datetime="2014-06-05T21:15:49.906440+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="d16e80df-6e44-4b50-af8d-717eeae932b6" subtype="Malicious Website Protection" direction="Outbound" domain="32d1d3b9c.se" ip="5.150.195.167" malwaretype="IP" port="54940"></record>
   <record severity="debug" LoggingEventType="1" datetime="2014-06-05T21:20:10.781847+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="NINA-PC" fromVersion="2014.6.5.11" last_modified_tag="01653665-9a24-436c-a0bf-2d6f2234c92b" name="Malware Database" toVersion="2014.6.5.12"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:39.491889+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="6e35b863-226f-479f-86ce-d68bdb75701c" result="Starting" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:39.501889+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="e13b2ceb-3ad1-4c22-8666-724bc2f4c093" result="Stopping" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:39.511889+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="fc717549-5f62-4712-81da-6eefd74c9c3a" result="Stopped" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:41.911892+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="18be61f6-970e-4002-86fe-0f6dc080148b" result="Success" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:41.921892+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="a0847727-a693-4bde-9e4c-078c5657da02" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2014-06-05T21:20:42.061892+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="NINA-PC" last_modified_tag="5db6d53f-ff88-4ad7-9904-374205ad365e" result="Started" subtype="Malicious Website Protection"></record>
</logs>
         


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Nina at 2014-06-05 21:25:14
Running from C:\Users\Nina\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Activision(R) (x32 Version: 1.00.0000 - Activision) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.3.1 - IObit)
Alamandi (HKLM-x32\...\Alamandi) (Version: 1.0.0.0 - INTENIUM GmbH)
Alice im Wunderland (HKLM-x32\...\{C6D7ABF3-3BE5-4A75-9638-7A770CB57B38}) (Version: 1.00.0000 - PurpleHills)
ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS)
BEWERBUNGSMASTER (C:\Program Files (x86)\BEWERBUNGSMASTER\) (HKLM-x32\...\ST6UNST #2) (Version:  - )
BEWERBUNGSMASTER (HKLM-x32\...\ST6UNST #1) (Version:  - )
Club Cooee (HKCU\...\ClubCooee) (Version: 1.6.15.0 - cooee GmbH)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Deutschland Spielt - Spiele Post (HKLM-x32\...\Deutschland Spielt - Spiele Post) (Version: 1.0.4.38 - INTENIUM GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.2.1.51 - INTENIUM GmbH)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 70er, 80er & 90er Accessoires (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Katy Perry Süße Welt (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Disney Prinzessin - Mein märchenhaftes Abenteuer  (HKLM-x32\...\{34647679-5D7E-455C-9DC6-618FA3B7FE1A}) (Version: 1.00.0000 - Disney Interactive Studios)
Disney Rapunzel (HKLM-x32\...\{AEAEA61F-ECE0-4528-AD7A-8A916F5F576E}) (Version: 1.00.0000 - Disney Interactive Studios)
Dragon Keeper 2 (HKLM-x32\...\Dragon Keeper 2) (Version: 1.0.0.0 - INTENIUM GmbH)
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.4 - IObit)
Ein Yankee unter Rittern (HKLM-x32\...\Ein Yankee unter Rittern) (Version: 1.0.0.0 - INTENIUM GmbH)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FormatFactory 3.3.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.1.0 - Format Factory)
Free YouTube to MP3 Converter version 3.12.29.304 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.29.304 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hidden Object Crosswords (HKLM-x32\...\Hidden Object Crosswords) (Version: 1.0.0.0 - INTENIUM GmbH)
Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version:  - Hammerpoint Interactive)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.10.2466 - IObit)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Jewel Legends – Tree of Life (HKLM-x32\...\Jewel Legends – Tree of Life) (Version: 1.0.0.0 - INTENIUM GmbH)
Kao - 2nd round (HKLM-x32\...\Kao - 2nd round) (Version: 1.0 - )
Madagascar 2(TM) (HKLM-x32\...\InstallShield_{F8C02517-4AC3-4026-8292-ACF23E98A7D7}) (Version: 1.00.0000 - Activision)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MySims™ (HKLM-x32\...\{68DC42FA-962C-4973-A306-D595D861FA1E}) (Version: 1.00.0000 - Electronic Arts)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Pharao (HKLM-x32\...\Pharao) (Version:  - )
Ponywelt 2 (HKLM-x32\...\Ponywelt 2) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wizard101(DE) (HKCU\...\Wizard101(DE)_is1) (Version:  - Gameforge 4D GmbH)

==================== Restore Points  =========================

05-06-2014 14:55:08 Installiert TheSims3EP6
05-06-2014 14:59:19 Installiert TheSims3EP8
05-06-2014 15:04:05 Installiert TheSims3EP7
05-06-2014 15:09:15 Installiert The Sims 3 World Adventures
05-06-2014 15:12:56 Installiert TheSims3EP9
05-06-2014 15:21:44 Installiert TheSims3SP8
05-06-2014 15:23:33 Installiert TheSims3SP6
05-06-2014 15:26:29 Installiert The Sims 3 Ambitions
05-06-2014 15:44:41 Installed Java 7 Update 60

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {34BB3A78-F9A1-4A89-8542-08DC0BF6F037} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-27] (Google Inc.)
Task: {3D2E82C4-86F1-4F87-911C-2D9BB0E0288E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-27] (Google Inc.)
Task: {6DDE4660-0328-4077-9228-42D7753F8409} - System32\Tasks\Driver Booster SkipUAC (Nina) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-05-09] (IObit)
Task: {7EF03E8B-18CC-48EE-9944-A5F983B7BFAB} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-05-09] (IObit)
Task: {7EF37D31-605A-490C-8443-51821A0D6040} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {8926940A-CCFC-494E-B0A2-988094BFC9E1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {92D70E35-AE65-4153-8322-796F674D5C14} - System32\Tasks\ASC7_SkipUac_Nina => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-05-29] (IObit)
Task: {B8A373A3-A94C-4498-8FC2-03E06DBDF40B} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-03-07] (IObit)
Task: {C04C8B46-4154-440A-A725-0707C77FFB4C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {C0B3ED5C-33BA-4CA7-BC33-D53F8AA37FED} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-05-09] (IObit)
Task: {C4041084-D91C-4253-ABCB-FAFB73252337} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit)
Task: {C51D95D0-C36C-4609-9497-56BB1AE146E5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-16 13:55 - 2013-12-19 20:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-16 22:43 - 2014-02-16 22:43 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-05 13:09 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2014-02-19 12:02 - 2014-02-19 12:02 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2014-02-16 13:26 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-02-16 13:24 - 2012-02-07 18:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-05-10 11:44 - 2014-05-10 11:44 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-14 20:32 - 2014-05-14 20:32 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/05/2014 11:23:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/05/2014 11:23:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/05/2014 11:20:53 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/05/2014 11:20:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/05/2014 11:00:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm PatchProgress.exe, Version 8.1.0.1556 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 16c8

Startzeit: 01cf809c7ed8218e

Endzeit: 1

Anwendungspfad: C:\PROGRA~2\ORIGIN\LEGACYPM\PatchProgress.exe

Berichts-ID: d2fd0452-ec8f-11e3-917b-3085a9acd151

Error: (06/04/2014 11:26:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: crashreporter.exe, Version: 29.0.1.5239, Zeitstempel: 0x536975cd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x6d284520
ID des fehlerhaften Prozesses: 0x1700
Startzeit der fehlerhaften Anwendung: 0xcrashreporter.exe0
Pfad der fehlerhaften Anwendung: crashreporter.exe1
Pfad des fehlerhaften Moduls: crashreporter.exe2
Berichtskennung: crashreporter.exe3

Error: (06/03/2014 00:32:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17041, Zeitstempel: 0x531807e4
Name des fehlerhaften Moduls: Flash32_13_0_0_214.ocx, Version: 13.0.0.214, Zeitstempel: 0x5359c422
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0020ca1d
ID des fehlerhaften Prozesses: 0x24a0
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (06/02/2014 03:25:29 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (06/02/2014 03:25:29 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (06/02/2014 03:25:29 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]


System errors:
=============
Error: (06/05/2014 05:50:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Websteroids" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/05/2014 05:50:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update melondrea" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/05/2014 05:41:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Websteroids" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/05/2014 05:41:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update melondrea" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/05/2014 05:32:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Websteroids" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/05/2014 05:32:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update melondrea" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/05/2014 05:02:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (06/05/2014 03:01:11 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (06/05/2014 02:40:46 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (06/05/2014 01:41:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Websteroids" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (06/05/2014 11:23:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nina\Downloads\esetsmartinstaller_deu.exe

Error: (06/05/2014 11:23:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nina\Downloads\esetsmartinstaller_deu.exe

Error: (06/05/2014 11:20:53 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nina\Downloads\esetsmartinstaller_deu.exe

Error: (06/05/2014 11:20:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nina\Downloads\esetsmartinstaller_deu.exe

Error: (06/05/2014 11:00:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: PatchProgress.exe8.1.0.155616c801cf809c7ed8218e1C:\PROGRA~2\ORIGIN\LEGACYPM\PatchProgress.exed2fd0452-ec8f-11e3-917b-3085a9acd151

Error: (06/04/2014 11:26:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: crashreporter.exe29.0.1.5239536975cdunknown0.0.0.000000000c00000056d284520170001cf7fd6fbab86efC:\Program Files (x86)\Mozilla Firefox\crashreporter.exeunknown3d2f2a21-ebca-11e3-8cdf-3085a9acd151

Error: (06/03/2014 00:32:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17041531807e4Flash32_13_0_0_214.ocx13.0.0.2145359c422c00000050020ca1d24a001cf7f0ff1549c16C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_214.ocx4d925366-eb0a-11e3-bd9a-3085a9acd151

Error: (06/02/2014 03:25:29 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (06/02/2014 03:25:29 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (06/02/2014 03:25:29 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]


==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 16326.67 MB
Available physical RAM: 13594.91 MB
Total Pagefile: 32651.52 MB
Available Pagefile: 29836.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.05 GB) (Free:30.71 GB) NTFS
Drive d: () (Fixed) (Total:74.43 GB) (Free:73.11 GB) NTFS
Drive e: () (Fixed) (Total:74.52 GB) (Free:51.42 GB) NTFS
Drive f: (Sims3EP11) (CDROM) (Total:6.15 GB) (Free:0 GB) UDF
Drive g: (Tangled) (CDROM) (Total:2.64 GB) (Free:0 GB) UDF
Drive h: (Volume) (Fixed) (Total:931.51 GB) (Free:488.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: F1BFF7A1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=75 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 149 GB) (Disk ID: 1CD81CD7)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: 66205247)
No partition Table on disk 2.

==================== End Of Log ============================
         






sowas?
__________________

Alt 05.06.2014, 20:31   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fehler beim Laden des Moduls RegSvr32 - Standard

Fehler beim Laden des Moduls RegSvr32



Das andere FRST Log fehlt
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.06.2014, 20:38   #5
-NiNa-
 
Fehler beim Laden des Moduls RegSvr32 - Standard

Fehler beim Laden des Moduls RegSvr32



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Nina (administrator) on NINA-PC on 05-06-2014 21:24:58
Running from C:\Users\Nina\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intenium) C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-10] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\.DEFAULT\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-02-18] (Microsoft Corporation)
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Run: [Spiele Post] => C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe [483400 2013-12-06] (Intenium)
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Run: [IQsoft] => regsvr32.exe C:\Users\Nina\AppData\Local\IQsoft\ASMdefm216A.dll <===== ATTENTION
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Run: [IQsoft Update] => regsvr32.exe C:\Users\Nina\AppData\Local\IQsoft\kyw7sr03.dll
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\MountPoints2: G - G:\DisneySplash.exe
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\MountPoints2: {07a0806c-9700-11e3-9fab-3085a9acd151} - G:\DisneySplash.exe
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\MountPoints2: {e3dc3a48-96fd-11e3-a1d5-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\MountPoints2: {f48ab14c-96f9-11e3-9b39-806e6f6e6963} - F:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
AppInit_DLLs-x32: c:\progra~2\amazon\amazon~1\\amazon~3.dll => "c:\progra~2\amazon\amazon~1\\amazon~3.dll" File Not Found
GroupPolicyUsers\S-1-5-21-1228840033-2895351102-1459622301-1002\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x352833F60A2BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM - DefaultScope {1CE79CC2-73FA-442F-A916-7B62D1A98476} URL = 
SearchScopes: HKLM - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.eazytosearch.info/?l=1&q={searchTerms}&pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.eazytosearch.info/?l=1&q={searchTerms}&pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE
SearchScopes: HKCU - DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP244E6CBF-8349-4F3A-8DFC-52A4E5111EB7&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=14273085A9ACD151&affID=128492&tsp=5217
SearchScopes: HKCU - {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: No Name - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} -  No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: WebSearch
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Nina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ads Removal - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\adsremoval@adsremoval.net [2014-06-05]
FF Extension: Amazon-Icon - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\amazon-icon@giga.de [2014-04-01]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\ascsurfingprotection@iobit.com [2014-06-05]
FF Extension: save on - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\auieoaa@y-.co.uk [2014-06-01]
FF Extension: Search-NuEwTaB - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\ebuyya@zxzgadhg.net [2014-06-01]
FF Extension: YoutubeAdblocker - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\fkia@chjqmws.co.uk [2014-06-01]
FF Extension: Star Stable Online - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\plugin@starstable.com [2014-02-18]
FF Extension: SparPilot - Gutscheine &amp; mehr... - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\sparpilot@sparpilot.com [2014-04-15]
FF Extension: System.Collections.CaseInsensitiveComparer - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{35CFE46B-1C5F-1AC2-DA02-9AA30B4F6DEE} [2014-05-10]
FF Extension: Popular Website Buddy - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\jid1-l6V8exwLVv1lBw@jetpack.xpi [2014-05-15]
FF Extension: FlashExtension - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{22916f38-7247-49e7-934c-c5bc815b8ea3}.xpi [2014-04-20]
FF Extension: {8f2053ad-6527-424f-9e64-1eca25d13d01} - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{8f2053ad-6527-424f-9e64-1eca25d13d01}.xpi [2014-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFF [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ []
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome: 
=======
CHR HomePage: hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE
CHR RestoreOnStartup: "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE"
CHR StartupUrls: "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE"
CHR Extension: (YoutubeAdblocker) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke [2014-06-01]
CHR Extension: (YouTube) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-08]
CHR Extension: (Google Search) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-08]
CHR Extension: (Enhance Browser) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2014-06-01]
CHR Extension: (Search-NuEwTaB) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad [2014-06-01]
CHR Extension: (save on) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjdbclcpegianmeojpmoddpgggpnploc [2014-06-01]
CHR Extension: (Amazon-Icon) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-05-27]
CHR Extension: (Norton Identity Protection) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-03-09]
CHR Extension: (Google Wallet) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-09]
CHR Extension: (Gmail) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-08]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-03-10]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Nina\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-04-01]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2014-02-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-16] ()

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-16] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-16] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20140604.001\IDSvia64.sys [525016 2014-06-04] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20140604.039\ENG64.SYS [126040 2014-06-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20140604.039\EX64.SYS [2099288 2014-06-05] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2014-02-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 21:24 - 2014-06-05 21:25 - 00023458 _____ () C:\Users\Nina\Downloads\FRST.txt
2014-06-05 21:16 - 2014-06-05 21:25 - 00000000 ____D () C:\FRST
2014-06-05 21:15 - 2014-06-05 21:15 - 02068992 _____ (Farbar) C:\Users\Nina\Downloads\FRST64.exe
2014-06-05 21:14 - 2014-06-05 21:15 - 01059840 _____ (Farbar) C:\Users\Nina\Downloads\FRST.exe
2014-06-05 20:39 - 2014-06-05 20:39 - 01333465 _____ () C:\Users\Nina\Downloads\adwcleaner_3.212.exe
2014-06-05 20:36 - 2014-06-05 20:37 - 00000000 ____D () C:\AdwCleaner
2014-06-05 20:12 - 2014-06-05 21:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 20:12 - 2014-06-05 20:12 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-05 20:12 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-05 20:12 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-05 20:12 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-05 20:11 - 2014-06-05 20:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nina\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-05 18:07 - 2014-06-05 18:07 - 00828216 _____ () C:\Users\Nina\Downloads\Setup.exe
2014-06-05 17:53 - 2014-06-05 20:55 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-06-05 17:53 - 2014-06-05 17:53 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\ParetoLogic
2014-06-05 17:53 - 2014-06-05 17:53 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\DriverCure
2014-06-05 17:52 - 2014-06-05 17:52 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Nina\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Sun
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-05 17:43 - 2014-06-05 17:43 - 29405096 _____ (Oracle Corporation) C:\Users\Nina\Downloads\jre-7u60-windows-i586.exe
2014-06-05 17:35 - 2014-06-05 17:35 - 00700783 ____R (Swearware) C:\Users\Nina\Downloads\dds+.exe
2014-06-05 16:27 - 2014-06-05 16:27 - 00000000 __RHD () C:\Users\Nina\AppData\Roaming\SecuROM
2014-06-05 14:08 - 2014-06-05 14:08 - 00002300 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk
2014-06-05 13:32 - 2014-06-05 13:32 - 00001001 _____ () C:\Users\Nina\Desktop\Origin.lnk
2014-06-05 13:12 - 2014-06-05 13:12 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Nina)
2014-06-05 13:11 - 2014-06-05 13:11 - 00002852 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Nina
2014-06-05 13:10 - 2014-06-05 13:10 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-06-05 13:10 - 2014-06-05 13:10 - 00001156 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\ProductData
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Apple Computer
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\ProductData
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-06-05 13:09 - 2014-06-05 13:11 - 00002133 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-06-05 13:09 - 2014-06-05 13:09 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-06-05 13:09 - 2014-06-05 13:09 - 00003164 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-06-05 13:09 - 2014-06-05 13:09 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-06-05 13:09 - 2014-06-05 13:09 - 00001098 _____ () C:\Users\Public\Desktop\Driver Booster.lnk
2014-06-05 13:09 - 2014-06-05 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-06-05 13:09 - 2014-06-05 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-06-05 13:08 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\IObit
2014-06-05 13:07 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\IObit
2014-06-05 13:07 - 2014-06-05 13:10 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-06-05 13:07 - 2014-06-05 13:07 - 26248320 _____ (IObit ) C:\Users\Nina\Downloads\imf-setup-2.4.1.15.exe
2014-06-05 12:38 - 2014-06-05 12:38 - 00000000 ____D () C:\Users\Nina\Documents\Symantec
2014-06-05 11:20 - 2014-06-05 11:20 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-05 11:19 - 2014-06-05 11:19 - 02347384 _____ (ESET) C:\Users\Nina\Downloads\esetsmartinstaller_deu.exe
2014-06-05 09:43 - 2014-06-05 09:43 - 00001348 __RSH () C:\Users\Einhorn-Pegasus\ntuser.pol
2014-06-05 09:43 - 2014-06-05 09:43 - 00000680 __RSH () C:\Users\Nina\ntuser.pol
2014-06-05 09:27 - 2014-06-05 13:14 - 00000000 ____D () C:\Users\Nina\Documents\Ein Mann hat 7 Tage lang den Himmel auf Teneriffa gefilmt. Was er sah, nimmt mir den Atem-Dateien
2014-06-04 12:58 - 2014-06-04 12:58 - 00003288 _____ () C:\Windows\System32\Tasks\{B6543D33-4196-4FF7-885A-7881AF67AB88}
2014-06-04 12:50 - 2014-06-04 12:50 - 00001861 _____ () C:\Users\Nina\Desktop\UseNeXT by Tangysoft.lnk
2014-06-01 15:35 - 2014-06-01 15:35 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\EZDownloader
2014-06-01 15:34 - 2014-06-05 13:40 - 00000000 ____D () C:\ProgramData\Search-NuEwTaB
2014-06-01 15:34 - 2014-06-05 12:12 - 00000000 ____D () C:\Program Files (x86)\Search-NuEwTaB
2014-06-01 15:34 - 2014-06-05 11:13 - 00000000 ____D () C:\ProgramData\9d268cc6c5d3588d
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Torch
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Packages
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Chromatic Browser
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Torch
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Chromatic Browser
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\TopApp soft
2014-06-01 15:33 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-25 17:53 - 2014-05-25 17:54 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\NVIDIA Corporation
2014-05-25 17:45 - 2014-04-30 20:29 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-05-25 17:45 - 2014-04-30 20:29 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-05-25 17:44 - 2014-05-25 17:45 - 00000000 ____D () C:\Users\Nina\AppData\Local\NVIDIA Corporation
2014-05-25 17:44 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-25 17:44 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft Games
2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Games
2014-05-23 21:34 - 2014-05-23 21:34 - 00001070 _____ () C:\Users\Nina\Documents\VLC media player.lnk
2014-05-16 18:31 - 2014-05-16 18:31 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-05-16 18:30 - 2014-05-16 18:30 - 00001279 _____ () C:\Users\Public\Desktop\Pflanzen gegen Zombies.lnk
2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-14 23:07 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 23:07 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 23:07 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 23:07 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 23:07 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 23:07 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 22:37 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 22:37 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 22:37 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 22:37 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 22:37 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 22:37 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 22:37 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 22:37 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 22:37 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 22:37 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 22:37 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 22:37 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 22:37 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 22:37 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 22:37 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 22:37 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 22:37 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 22:37 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 22:37 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 22:37 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 22:07 - 2014-06-05 13:15 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\tor
2014-05-13 22:07 - 2014-06-05 12:15 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Vaowav
2014-05-13 22:07 - 2014-05-14 08:28 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Xaok
2014-05-10 17:39 - 2014-06-05 12:13 - 00000000 ____D () C:\Users\Nina\AppData\Local\IQsoft
2014-05-10 15:46 - 2014-05-10 15:46 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(6).exe
2014-05-10 11:44 - 2014-05-10 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 11:32 - 2014-05-10 11:32 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(5).exe
2014-05-10 11:31 - 2014-05-10 11:31 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(4).exe
2014-05-10 11:25 - 2014-05-10 11:25 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(3).exe
2014-05-10 11:23 - 2014-05-10 11:23 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(2).exe
2014-05-06 22:07 - 2014-05-15 17:50 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-06-05 21:25 - 2014-06-05 21:24 - 00023458 _____ () C:\Users\Nina\Downloads\FRST.txt
2014-06-05 21:25 - 2014-06-05 21:16 - 00000000 ____D () C:\FRST
2014-06-05 21:25 - 2014-02-16 13:08 - 00000000 ____D () C:\Users\Nina\AppData\Local\Temp
2014-06-05 21:20 - 2014-06-05 20:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 21:17 - 2014-03-27 17:54 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 21:15 - 2014-06-05 21:15 - 02068992 _____ (Farbar) C:\Users\Nina\Downloads\FRST64.exe
2014-06-05 21:15 - 2014-06-05 21:14 - 01059840 _____ (Farbar) C:\Users\Nina\Downloads\FRST.exe
2014-06-05 20:55 - 2014-06-05 17:53 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-06-05 20:39 - 2014-06-05 20:39 - 01333465 _____ () C:\Users\Nina\Downloads\adwcleaner_3.212.exe
2014-06-05 20:37 - 2014-06-05 20:36 - 00000000 ____D () C:\AdwCleaner
2014-06-05 20:32 - 2014-02-16 13:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-05 20:32 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 20:32 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 20:29 - 2014-02-16 13:07 - 01579011 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 20:25 - 2014-03-27 17:54 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 20:25 - 2014-02-16 13:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-05 20:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 20:25 - 2009-07-14 06:51 - 00060341 _____ () C:\Windows\setupact.log
2014-06-05 20:24 - 2014-02-16 13:19 - 00291872 _____ () C:\Windows\PFRO.log
2014-06-05 20:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-06-05 20:23 - 2005-06-13 21:06 - 00000000 _RSHD () C:\Users\Nina\AppData\Roaming\Windows Firewall
2014-06-05 20:12 - 2014-06-05 20:12 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-05 20:11 - 2014-06-05 20:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nina\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-05 18:17 - 2014-02-16 20:05 - 00000000 ____D () C:\ProgramData\Origin
2014-06-05 18:16 - 2014-02-16 20:05 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-05 18:11 - 2014-02-16 14:27 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\UseNeXT
2014-06-05 18:07 - 2014-06-05 18:07 - 00828216 _____ () C:\Users\Nina\Downloads\Setup.exe
2014-06-05 17:53 - 2014-06-05 17:53 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\ParetoLogic
2014-06-05 17:53 - 2014-06-05 17:53 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\DriverCure
2014-06-05 17:52 - 2014-06-05 17:52 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Nina\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Sun
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-05 17:43 - 2014-06-05 17:43 - 29405096 _____ (Oracle Corporation) C:\Users\Nina\Downloads\jre-7u60-windows-i586.exe
2014-06-05 17:35 - 2014-06-05 17:35 - 00700783 ____R (Swearware) C:\Users\Nina\Downloads\dds+.exe
2014-06-05 17:30 - 2014-02-16 14:23 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\vlc
2014-06-05 17:28 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-05 17:26 - 2014-02-16 13:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-05 16:27 - 2014-06-05 16:27 - 00000000 __RHD () C:\Users\Nina\AppData\Roaming\SecuROM
2014-06-05 16:14 - 2014-02-16 16:45 - 00000000 ____D () C:\Users\Nina\Documents\Electronic Arts
2014-06-05 14:08 - 2014-06-05 14:08 - 00002300 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk
2014-06-05 14:06 - 2014-02-16 21:02 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-06-05 13:40 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\Search-NuEwTaB
2014-06-05 13:32 - 2014-06-05 13:32 - 00001001 _____ () C:\Users\Nina\Desktop\Origin.lnk
2014-06-05 13:16 - 2014-03-05 19:39 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-06-05 13:16 - 2014-02-16 20:11 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-05 13:15 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\tor
2014-06-05 13:14 - 2014-06-05 09:27 - 00000000 ____D () C:\Users\Nina\Documents\Ein Mann hat 7 Tage lang den Himmel auf Teneriffa gefilmt. Was er sah, nimmt mir den Atem-Dateien
2014-06-05 13:14 - 2014-02-16 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2014-06-05 13:12 - 2014-06-05 13:12 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Nina)
2014-06-05 13:11 - 2014-06-05 13:11 - 00002852 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Nina
2014-06-05 13:11 - 2014-06-05 13:09 - 00002133 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-06-05 13:10 - 2014-06-05 13:10 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-06-05 13:10 - 2014-06-05 13:10 - 00001156 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\ProductData
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Apple Computer
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\ProductData
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-06-05 13:10 - 2014-06-05 13:08 - 00000000 ____D () C:\ProgramData\IObit
2014-06-05 13:10 - 2014-06-05 13:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\IObit
2014-06-05 13:10 - 2014-06-05 13:07 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-06-05 13:09 - 2014-06-05 13:09 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-06-05 13:09 - 2014-06-05 13:09 - 00003164 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2014-06-05 13:09 - 2014-06-05 13:09 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-06-05 13:09 - 2014-06-05 13:09 - 00001098 _____ () C:\Users\Public\Desktop\Driver Booster.lnk
2014-06-05 13:09 - 2014-06-05 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-06-05 13:09 - 2014-06-05 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-06-05 13:07 - 2014-06-05 13:07 - 26248320 _____ (IObit ) C:\Users\Nina\Downloads\imf-setup-2.4.1.15.exe
2014-06-05 12:38 - 2014-06-05 12:38 - 00000000 ____D () C:\Users\Nina\Documents\Symantec
2014-06-05 12:15 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Vaowav
2014-06-05 12:13 - 2014-05-10 17:39 - 00000000 ____D () C:\Users\Nina\AppData\Local\IQsoft
2014-06-05 12:12 - 2014-06-01 15:34 - 00000000 ____D () C:\Program Files (x86)\Search-NuEwTaB
2014-06-05 11:20 - 2014-06-05 11:20 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-05 11:19 - 2014-06-05 11:19 - 02347384 _____ (ESET) C:\Users\Nina\Downloads\esetsmartinstaller_deu.exe
2014-06-05 11:13 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\9d268cc6c5d3588d
2014-06-05 09:43 - 2014-06-05 09:43 - 00001348 __RSH () C:\Users\Einhorn-Pegasus\ntuser.pol
2014-06-05 09:43 - 2014-06-05 09:43 - 00000680 __RSH () C:\Users\Nina\ntuser.pol
2014-06-05 09:43 - 2014-03-30 17:15 - 00000000 ____D () C:\Users\Einhorn-Pegasus
2014-06-05 09:43 - 2014-02-16 13:08 - 00000000 ____D () C:\Users\Nina
2014-06-05 09:43 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-05 09:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-05 09:01 - 2014-02-16 14:27 - 00000000 ____D () C:\Users\Nina\Documents\UseNeXT
2014-06-04 14:01 - 2014-03-30 17:15 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Temp
2014-06-04 12:58 - 2014-06-04 12:58 - 00003288 _____ () C:\Windows\System32\Tasks\{B6543D33-4196-4FF7-885A-7881AF67AB88}
2014-06-04 12:57 - 2014-03-08 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
2014-06-04 12:50 - 2014-06-04 12:50 - 00001861 _____ () C:\Users\Nina\Desktop\UseNeXT by Tangysoft.lnk
2014-06-04 12:50 - 2014-02-16 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
2014-06-04 12:50 - 2014-02-16 14:27 - 00000000 ____D () C:\Program Files (x86)\UseNeXT
2014-06-04 12:45 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-04 11:26 - 2014-03-01 11:29 - 00000000 ____D () C:\Users\Nina\AppData\Local\CrashDumps
2014-06-01 15:58 - 2014-03-23 12:20 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-01 15:35 - 2014-06-01 15:35 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\EZDownloader
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Torch
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Packages
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Chromatic Browser
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Torch
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Chromatic Browser
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\TopApp soft
2014-06-01 15:34 - 2014-06-01 15:33 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-01 15:34 - 2014-04-21 19:21 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Google
2014-06-01 15:34 - 2014-02-16 13:17 - 00000000 ____D () C:\Users\Nina\AppData\Local\Google
2014-06-01 15:32 - 2014-03-12 18:11 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\.minecraft
2014-05-29 13:12 - 2014-04-15 11:15 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\SecondLife
2014-05-29 01:12 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-05-29 01:12 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-05-29 01:12 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 01:09 - 2014-02-21 17:56 - 00000000 ____D () C:\Users\Nina\AppData\Local\QuickPar
2014-05-25 17:54 - 2014-05-25 17:53 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\NVIDIA Corporation
2014-05-25 17:45 - 2014-05-25 17:44 - 00000000 ____D () C:\Users\Nina\AppData\Local\NVIDIA Corporation
2014-05-25 17:45 - 2014-02-16 13:56 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-25 17:45 - 2014-02-16 13:55 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-25 17:45 - 2014-02-16 13:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft Games
2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Games
2014-05-23 21:34 - 2014-05-23 21:34 - 00001070 _____ () C:\Users\Nina\Documents\VLC media player.lnk
2014-05-23 16:25 - 2014-03-27 17:54 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-21 12:49 - 2014-02-19 16:22 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-18 14:05 - 2014-02-23 18:21 - 00000000 ____D () C:\ProgramData\Wizard101(DE)
2014-05-16 18:31 - 2014-05-16 18:31 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-05-16 18:31 - 2014-02-16 20:05 - 00000000 ____D () C:\Users\Nina\AppData\Local\Origin
2014-05-16 18:31 - 2014-02-16 20:05 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-16 18:30 - 2014-05-16 18:30 - 00001279 _____ () C:\Users\Public\Desktop\Pflanzen gegen Zombies.lnk
2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-16 18:30 - 2014-02-16 14:11 - 00193468 _____ () C:\Windows\DirectX.log
2014-05-16 18:27 - 2014-02-16 13:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 21:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 19:00 - 2014-03-30 17:16 - 00000000 ___RD () C:\Users\Einhorn-Pegasus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 19:00 - 2014-03-30 17:16 - 00000000 ___RD () C:\Users\Einhorn-Pegasus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 17:52 - 2014-02-16 13:08 - 00000000 ___RD () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 17:52 - 2014-02-16 13:08 - 00000000 ___RD () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 17:50 - 2014-05-06 22:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 17:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 20:32 - 2014-02-16 13:42 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 20:32 - 2014-02-16 13:42 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 20:32 - 2014-02-16 13:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 08:28 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Xaok
2014-05-12 07:26 - 2014-06-05 20:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-05 20:12 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-05 20:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 09:19 - 2014-02-16 16:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 18:25 - 2014-04-15 11:59 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Roaming\vlc
2014-05-10 15:46 - 2014-05-10 15:46 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(6).exe
2014-05-10 11:44 - 2014-05-10 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 11:32 - 2014-05-10 11:32 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(5).exe
2014-05-10 11:31 - 2014-05-10 11:31 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(4).exe
2014-05-10 11:25 - 2014-05-10 11:25 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(3).exe
2014-05-10 11:23 - 2014-05-10 11:23 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(2).exe
2014-05-09 08:14 - 2014-05-14 22:37 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 22:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 15:19 - 2014-03-30 18:35 - 00000000 ____D () C:\Users\Einhorn-Pegasus\Documents\Electronic Arts
2014-05-08 08:12 - 2014-03-27 17:54 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 08:12 - 2014-03-27 17:54 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 06:40 - 2014-05-14 23:07 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 23:07 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 23:07 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 23:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

Some content of TEMP:
====================
C:\Users\Einhorn-Pegasus\AppData\Local\Temp\DisneyPrincess.exe
C:\Users\Einhorn-Pegasus\AppData\Local\Temp\Second_Life_3_7_6_289164_i686_Setup.exe
C:\Users\Nina\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\Nina\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Nina\AppData\Local\Temp\AutoRun.exe
C:\Users\Nina\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Nina\AppData\Local\Temp\bstrapInstall.exe
C:\Users\Nina\AppData\Local\Temp\BuenoSearchTB.exe
C:\Users\Nina\AppData\Local\Temp\DisneyPrincess.exe
C:\Users\Nina\AppData\Local\Temp\EAInstall.dll
C:\Users\Nina\AppData\Local\Temp\eauninstall.exe
C:\Users\Nina\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Nina\AppData\Local\Temp\install_flashplayer12x32_mssa_aaa_aih.exe
C:\Users\Nina\AppData\Local\Temp\install_reader11_de_mssa_awe_aih[1].exe
C:\Users\Nina\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Nina\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Nina\AppData\Local\Temp\Quarantine.exe
C:\Users\Nina\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Nina\AppData\Local\Temp\sdapskill.exe
C:\Users\Nina\AppData\Local\Temp\sdaspwn.exe
C:\Users\Nina\AppData\Local\Temp\securitascoutgames_3.exe
C:\Users\Nina\AppData\Local\Temp\SimilarBundleGenericDl.exe
C:\Users\Nina\AppData\Local\Temp\sqlite3.exe
C:\Users\Nina\AppData\Local\Temp\The Sims Life Stories_uninst.exe
C:\Users\Nina\AppData\Local\Temp\zoo2trial.exe
C:\Users\Nina\AppData\Local\Temp\_is4F86.exe
C:\Users\Nina\AppData\Local\Temp\_is88ED.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 00:19

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=a07a5bd3dbff8c42b445f859df1de2e7
# engine=18567
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-05 10:16:03
# local_time=2014-06-05 12:16:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton Internet Security'
# compatibility_mode=3591 16777213 100 95 8885264 164559948 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 5820 153593213 0 0
# scanned=241031
# found=91
# cleaned=79
# scan_time=3028
sh=F32589AEF4F6B3C3384DF75218943F13FEB0A845 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{ED9232E8-473D-4DE2-AF09-0F1F3671101E}\Custom.dll"
sh=458A7DCB3C85CBE3C93EB7876FA0E6CD7E07F0F6 ft=1 fh=c71c0011129d357b vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="C:\Users\All Users\savE on\YrXfoIG77v.exe"
sh=3B2C90B0A0AF44B405D746E437ACBE2DA1E5E741 ft=1 fh=d0e8a9f046f91a20 vn="Win32/TrojanDownloader.Agent.AFD Trojaner" ac=I fn="C:\Users\All Users\TopApp soft\SW-Booster\SW-Booster.exe"
sh=D720555BED9632B698A3B1E987D466AAC1706E13 ft=1 fh=977e5f000f7bd5fc vn="Variante von MSIL/Adware.PullUpdate.D Anwendung" ac=I fn="C:\Users\All Users\Websteroids\Websteroids.exe"
sh=9645D8A917BFFE50ED3F525480EFE951FDE8E146 ft=1 fh=bb46ad0caaec5998 vn="Variante von MSIL/Adware.PullUpdate.D Anwendung" ac=I fn="C:\Users\All Users\Websteroids\Websteroids64.exe"
sh=CE4F40C2FD2C5AC3797EC6101A517E3E1C3EBE40 ft=1 fh=573001fda26e47fa vn="Variante von MSIL/Adware.PullUpdate.A Anwendung" ac=I fn="C:\Users\All Users\Websteroids\WebsteroidsService.exe"
sh=14ACB00F6620EF6B811532EEF5191B17733A27D7 ft=1 fh=5483cf7e3d987a9e vn="Variante von MSIL/Adware.PullUpdate.D Anwendung" ac=I fn="C:\Users\All Users\Websteroids\up\2.6.80\Websteroids.exe"
sh=9645D8A917BFFE50ED3F525480EFE951FDE8E146 ft=1 fh=bb46ad0caaec5998 vn="Variante von MSIL/Adware.PullUpdate.D Anwendung" ac=I fn="C:\Users\All Users\Websteroids\up\2.6.80\Websteroids64.exe"
sh=6313485982F4C1CB08A7AB87E8D1D14A60AB8BE9 ft=1 fh=21f1bc8d1875a69a vn="Variante von MSIL/Adware.PullUpdate.A Anwendung" ac=I fn="C:\Users\All Users\Websteroids\up\2.6.80\WebsteroidsService.exe"
sh=458A7DCB3C85CBE3C93EB7876FA0E6CD7E07F0F6 ft=1 fh=c71c0011129d357b vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="C:\Users\All Users\YoutubeAdblocker\roA7.exe"
sh=311749BDF8DC91E9D3F284A5D6EB5C995EFA8DF4 ft=1 fh=db16370fe5cbae6c vn="Variante von MSIL/Adware.PullUpdate.C Anwendung" ac=I fn="C:\Windows\SysWOW64\Websteroids.B324755F3F87.2.6.80.dll"
sh=9FFB13BFEA9956D1C84E1F7EE46076B512E487E4 ft=1 fh=092e3241d4211de5 vn="MSIL/Adware.PullUpdate.C Anwendung" ac=I fn="C:\Windows\SysWOW64\Websteroids.B324755F3F87.dll"
sh=7DE60A3AEAC96F7FA559D468D852FBDDA731391F ft=1 fh=3d20769bd48072ca vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\ApnIC.dll"
sh=DBA4D7540C69C6492D48E688A00B51387685F8A6 ft=1 fh=fb092140bceb8039 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\ApnStub.exe"
sh=140308EF85F243BA4D2AAC012B1017B47E52B89E ft=1 fh=ffd7fdcd47cd63f7 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\ApnToolbarInstaller.exe"
sh=44554E882D1DD6FBF71B6550B0687E3D9FD73711 ft=1 fh=b0638f029680e22d vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe"
sh=E5A3C100D2D0FD94482783AF2B2FF94CDFC9923F ft=1 fh=a0ddd0619a504a2e vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe"
sh=0DAFA42039405F8D49A6790180194076BD57C833 ft=1 fh=c71c001147036410 vn="Variante von Win32/AdWare.MultiPlug.N Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Search-NuEwTaB\Awx3GH.dll"
sh=F32589AEF4F6B3C3384DF75218943F13FEB0A845 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\InstallMate\{ED9232E8-473D-4DE2-AF09-0F1F3671101E}\Custom.dll"
sh=458A7DCB3C85CBE3C93EB7876FA0E6CD7E07F0F6 ft=1 fh=c71c0011129d357b vn="Variante von Win32/AdWare.MultiPlug.T Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\savE on\YrXfoIG77v.exe"
sh=3B2C90B0A0AF44B405D746E437ACBE2DA1E5E741 ft=1 fh=d0e8a9f046f91a20 vn="Win32/TrojanDownloader.Agent.AFD Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\TopApp soft\SW-Booster\SW-Booster.exe"
sh=D720555BED9632B698A3B1E987D466AAC1706E13 ft=1 fh=977e5f000f7bd5fc vn="Variante von MSIL/Adware.PullUpdate.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Websteroids\Websteroids.exe"
sh=9645D8A917BFFE50ED3F525480EFE951FDE8E146 ft=1 fh=bb46ad0caaec5998 vn="Variante von MSIL/Adware.PullUpdate.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Websteroids\Websteroids64.exe"
sh=CE4F40C2FD2C5AC3797EC6101A517E3E1C3EBE40 ft=1 fh=573001fda26e47fa vn="Variante von MSIL/Adware.PullUpdate.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Websteroids\WebsteroidsService.exe"
sh=14ACB00F6620EF6B811532EEF5191B17733A27D7 ft=1 fh=5483cf7e3d987a9e vn="Variante von MSIL/Adware.PullUpdate.D Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Websteroids\up\2.6.80\Websteroids.exe"
sh=9645D8A917BFFE50ED3F525480EFE951FDE8E146 ft=1 fh=bb46ad0caaec5998 vn="Variante von MSIL/Adware.PullUpdate.D Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Websteroids\up\2.6.80\Websteroids64.exe"
sh=6313485982F4C1CB08A7AB87E8D1D14A60AB8BE9 ft=1 fh=21f1bc8d1875a69a vn="Variante von MSIL/Adware.PullUpdate.A Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Websteroids\up\2.6.80\WebsteroidsService.exe"
sh=458A7DCB3C85CBE3C93EB7876FA0E6CD7E07F0F6 ft=1 fh=c71c0011129d357b vn="Variante von Win32/AdWare.MultiPlug.T Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\YoutubeAdblocker\roA7.exe"
sh=6CA5B4155761DE0B8972DEF7536E7221B5FC2D9E ft=1 fh=8993812913887d8e vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Einhorn-Pegasus\Downloads\Animal-Crossing_-Wild-World-lnstall.exe"
sh=B0AAAD4515C572A4F4C1CB9D1A9301A4096DF454 ft=1 fh=aaf37c003a7cad0c vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Einhorn-Pegasus\Downloads\SoftonicDownloader_fuer_wolfquest.exe"
sh=0722A569B2D88C617FC9D6A51561D3E9C9588E06 ft=1 fh=31688d330a2d4e0c vn="Win32/OpenCandy potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\BewerbungsMaster\Temp\PDF-Setup.exe"
sh=16B59C9A971DAB1D68C0DCECADBCDAE538EEB543 ft=1 fh=5ba78607f45e4625 vn="Variante von Win32/Packed.Themida.AAJ Trojaner (Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\IQsoft\ASMdefm216A.dll"
sh=0FFE458463F63F2F83EC6F104BBF24CA7920C11D ft=1 fh=049d8628990ae89b vn="Variante von Win32/Packed.Themida.AAJ Trojaner (Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\IQsoft\kyw7sr03.dll"
sh=3B2C90B0A0AF44B405D746E437ACBE2DA1E5E741 ft=1 fh=d0e8a9f046f91a20 vn="Win32/TrojanDownloader.Agent.AFD Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AK0XIBNI\agup[1].exe"
sh=56C47E45A11013BEC34807589595C8EBE4ED7CED ft=1 fh=208c43ea9f28fde1 vn="Variante von Win32/AdWare.MultiPlug.R Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AK0XIBNI\bPD[1].exe"
sh=6417103CC82443E318B39E2DCEA8F37B74C66CD9 ft=1 fh=4a24e13d2ea3489a vn="Variante von Win32/AdWare.MultiPlug.R Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AK0XIBNI\iYibbhjA[1].exe"
sh=CD12217A350F08A8D8AC3CBA25C6C1716B6B00B8 ft=1 fh=9b4979ef2bf78278 vn="Variante von Win32/AdWare.MultiPlug.R Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AK0XIBNI\QtXmkcV1[1].exe"
sh=7003DBCCA89CDEE60520B08BFCF91312895E848F ft=1 fh=a1b0c5b35d74d831 vn="Win32/Boaxxe.BL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AK0XIBNI\setup[1].exe"
sh=70F84A1432F6810C98C600C44D946322485040D1 ft=1 fh=c297369f5d74d831 vn="Win32/Boaxxe.BL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L98ZCM18\install[1].exe"
sh=0722A569B2D88C617FC9D6A51561D3E9C9588E06 ft=1 fh=31688d330a2d4e0c vn="Win32/OpenCandy potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L98ZCM18\PDF-Setup[1].exe"
sh=C765A4BA698622C549DAF865C56401A6EF3E7667 ft=1 fh=098e43724895edf5 vn="Variante von Win32/AdWare.MultiPlug.R Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCNYC1I3\6rdYDfecb[1].exe"
sh=6D04D56668E67E0D634A6914E54F503EC43CAC8D ft=1 fh=c71c001194990d1f vn="Variante von Win32/SProtector.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCNYC1I3\tpq[1].exe"
sh=95440646D51368D4AA9EB9111298483D01849EF8 ft=1 fh=db7c38f117e15733 vn="Variante von Win32/AdWare.MultiPlug.R Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z85YUPVK\odskVF[1].exe"
sh=4A243DA8679ACB764931623DCE333D20814A91B5 ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Mozilla\Firefox\Profiles\f1vtxk96.default\Cache\A\F7\213B2d01"
sh=651C7C2A8CA4FB4AC37719EC39B2F4A5E4E9FDBD ft=1 fh=6acd10463f324d47 vn="Variante von Generik.HNWQJRC Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\.exe"
sh=CB27A6BE2FCAAF746AFA46FE3D9904165E73C801 ft=1 fh=5f95b918289c920a vn="Variante von MSIL/Injector.CVS Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\11191324_svchost.exe"
sh=DEAE9D530046C0F5BE0A2B18BAE4040E23DEA121 ft=1 fh=540d493b49211aff vn="Variante von MSIL/Injector.CVS Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\20437456_pisser2.exe"
sh=FFC423F5B73FC6544CC89863C0BDDF1E2D520DF2 ft=1 fh=652a8a0daca9a998 vn="Variante von MSIL/Injector.CVS Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\21288738_sadsadsadsadasdsad.exe"
sh=002ABCAC55AA0ED2904672FB1BE576E08C659CBF ft=1 fh=5d4fa5822d2dd375 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\24781.exe"
sh=8BB0DC9FF54B169259A48AE67A8F8C33AACCAB92 ft=1 fh=15dab27495091c30 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\27378.exe"
sh=002ABCAC55AA0ED2904672FB1BE576E08C659CBF ft=1 fh=5d4fa5822d2dd375 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\36694.exe"
sh=002ABCAC55AA0ED2904672FB1BE576E08C659CBF ft=1 fh=5d4fa5822d2dd375 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\37126.exe"
sh=BA9163DA95BC65BC74909DBFB8B9AB956B08C7AF ft=1 fh=531ee42624295285 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\41413.exe"
sh=002ABCAC55AA0ED2904672FB1BE576E08C659CBF ft=1 fh=5d4fa5822d2dd375 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\44550.exe"
sh=002ABCAC55AA0ED2904672FB1BE576E08C659CBF ft=1 fh=5d4fa5822d2dd375 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\47403.exe"
sh=002ABCAC55AA0ED2904672FB1BE576E08C659CBF ft=1 fh=5d4fa5822d2dd375 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\57141.exe"
sh=8BB0DC9FF54B169259A48AE67A8F8C33AACCAB92 ft=1 fh=15dab27495091c30 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\62734.exe"
sh=BA9163DA95BC65BC74909DBFB8B9AB956B08C7AF ft=1 fh=531ee42624295285 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\68389.exe"
sh=002ABCAC55AA0ED2904672FB1BE576E08C659CBF ft=1 fh=5d4fa5822d2dd375 vn="Variante von MSIL/PSW.CoinStealer.L Trojaner (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\69186.exe"
sh=70F84A1432F6810C98C600C44D946322485040D1 ft=1 fh=c297369f5d74d831 vn="Win32/Boaxxe.BL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\77569.exe"
sh=789370AE8C688EF000566C4603461ADC01F036DB ft=1 fh=edd859031e93cc9b vn="Variante von MSIL/Injector.DEN Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\79040.exe"
sh=7003DBCCA89CDEE60520B08BFCF91312895E848F ft=1 fh=a1b0c5b35d74d831 vn="Win32/Boaxxe.BL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\83883.exe"
sh=7003DBCCA89CDEE60520B08BFCF91312895E848F ft=1 fh=a1b0c5b35d74d831 vn="Win32/Boaxxe.BL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\94958.exe"
sh=CB27A6BE2FCAAF746AFA46FE3D9904165E73C801 ft=1 fh=5f95b918289c920a vn="Variante von MSIL/Injector.CVS Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\9600800_svchost.exe"
sh=7003DBCCA89CDEE60520B08BFCF91312895E848F ft=1 fh=a1b0c5b35d74d831 vn="Win32/Boaxxe.BL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\96035.exe"
sh=CB27A6BE2FCAAF746AFA46FE3D9904165E73C801 ft=1 fh=5f95b918289c920a vn="Variante von MSIL/Injector.CVS Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\9744742_svchost.exe"
sh=70F84A1432F6810C98C600C44D946322485040D1 ft=1 fh=c297369f5d74d831 vn="Win32/Boaxxe.BL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\98217.exe"
sh=44554E882D1DD6FBF71B6550B0687E3D9FD73711 ft=1 fh=b0638f029680e22d vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\AskPIP_FF_.exe"
sh=523F923CB4CBB06F41321F7C0A712A2B1CE5322B ft=1 fh=b6155b93a28ea35f vn="Win32/Boaxxe.BL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\LSangamML.exe"
sh=651C7C2A8CA4FB4AC37719EC39B2F4A5E4E9FDBD ft=1 fh=6acd10463f324d47 vn="Variante von Generik.HNWQJRC Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\nalk.exe"
sh=75460D93906C1A355499A14AF3179569204E19B5 ft=1 fh=09f6e1758f811396 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\optprosetup.exe"
sh=523F923CB4CBB06F41321F7C0A712A2B1CE5322B ft=1 fh=b6155b93a28ea35f vn="Win32/Boaxxe.BL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\PMpClient.exe"
sh=8FB3D382A4ABA609543DD1F92F755DED2276EDD4 ft=1 fh=cf0091fa5dfd94d3 vn="Variante von Win32/BitCoinMiner.BF potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\tAXJb.exe"
sh=AE4B3ECB491AEF6D1594361E820A6FCC8EF44E3E ft=1 fh=c71c0011d35ff60a vn="Variante von Win64/SProtector.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\__tmp_04649eee"
sh=32F99788C6D45851A067C84FFFA1116E54CA3EF3 ft=1 fh=c71c00116263307f vn="Variante von Win32/SProtector.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\__tmp_25340bf6"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\102007883.Uninstall\uninstaller.exe"
sh=9524C2BC17D2D35ABEE44A5FECA1376781045B3F ft=1 fh=3730fac2628f7d03 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\is1242154493\2424766_stp\BuenoSearchTB.exe"
sh=6EFDDE3369DB3B94F9D5D00D5A7B16B53610A86E ft=1 fh=188d7e98fa6da4d1 vn="Win32/Systweak.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\is1242154493\2424834_stp\rcpsetup_adppi15_adppi15.exe"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\is1242154493\2424933_stp\uninstaller.exe"
sh=537C8FEEEB1FDD7B5B8EA1AD36D53121B9CD54FF ft=1 fh=7477003680c2cc64 vn="Win32/Packed.ScrambleWrapper.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\n4095\HDTotal_DE_1003-bcb4eb1f.exe"
sh=91C45E16A830548CC423AA01C18E456844DBB6B6 ft=1 fh=0d441bdf7e3fb258 vn="Win32/Toolbar.Iminent.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\n4095\Iminent_1712-b2fcad5e.exe"
sh=022E90DB179A5F276A8F1BEECD17EA2A28C399B4 ft=1 fh=8ceacbb55952b415 vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\nsiA16F\SpSetup.exe"
sh=231215B7E4E2E766929FF5210305227F1B3C30B9 ft=1 fh=c658c8268e64907d vn="Variante von Win32/BitCoinMiner.BF potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\RarSFX0\amd.exe"
sh=DB5E4E4F64BAA359255F230C658BE286E266892A ft=1 fh=cc4c339215781df4 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Local\Temp\{0B3B3991-9F94-4302-BDCB-2D56FF018D86}\setup.exe"
sh=187EBC070D5C5AE0A44619A123F149EC61F2CE85 ft=1 fh=c71c0011b197662b vn="Variante von Win32/Injector.YYR Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\AppData\Roaming\Vaowav\qarot.exe"
sh=4A243DA8679ACB764931623DCE333D20814A91B5 ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\Desktop\Ein Mann hat 7 Tage lang den Himmel auf Teneriffa gefilmt. Was er sah, nimmt mir den Atem-Dateien\mo.js"
sh=5792AA1392819A4E3F310B72A9467A37FCA05C3F ft=1 fh=c71c001162032e02 vn="Variante von Win32/Injector.YYR Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\Documents\UseNeXT\alt.binaries.nl\The.Big.Bang.Theory.S06E09.The.Parking.Spot.Escalation.German.Custom.Subbed.WS.HDTV.XviD.i.exe"
sh=AB1B34B293C2675379D2A2A53D3F46E826C6ED4C ft=1 fh=c71c001154a759ba vn="Variante von Win32/Injector.YYR Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Nina\Documents\UseNeXT\wizard\The Big Bang Theory S06e07 Habitation Configuratio\The.Big.Bang.Theory.S06E07.The.Habitation.Configuration.German.Custom.Subbed.WS.HDTV.XviD..exe"
sh=311749BDF8DC91E9D3F284A5D6EB5C995EFA8DF4 ft=1 fh=db16370fe5cbae6c vn="Variante von MSIL/Adware.PullUpdate.C Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\Websteroids.B324755F3F87.2.6.80.dll"
sh=9FFB13BFEA9956D1C84E1F7EE46076B512E487E4 ft=1 fh=092e3241d4211de5 vn="MSIL/Adware.PullUpdate.C Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\Websteroids.B324755F3F87.dll"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Mehrere Bedrohungen" ac=C fn="${Memory}"
         


Alt 05.06.2014, 20:42   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fehler beim Laden des Moduls RegSvr32 - Standard

Fehler beim Laden des Moduls RegSvr32



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Fehler beim Laden des Moduls RegSvr32

Alt 05.06.2014, 20:51   #7
-NiNa-
 
Fehler beim Laden des Moduls RegSvr32 - Standard

Fehler beim Laden des Moduls RegSvr32



Code:
ATTFilter
ComboFix 14-06-04.01 - Nina 05.06.2014  21:45:47.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.16327.13634 [GMT 2:00]
ausgeführt von:: c:\users\Nina\Downloads\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nina\AppData\Local\Microsoft\Windows\Burn\Burn\AUTORUN.inF
c:\users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Mega Browse_iels
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-05 bis 2014-06-05  ))))))))))))))))))))))))))))))
.
.
2014-06-05 19:48 . 2014-06-05 19:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-05 19:48 . 2014-06-05 19:48	--------	d-----w-	c:\users\Einhorn-Pegasus\AppData\Local\temp
2014-06-05 19:16 . 2014-06-05 19:25	--------	d-----w-	C:\FRST
2014-06-05 18:36 . 2014-06-05 18:37	--------	d-----w-	C:\AdwCleaner
2014-06-05 18:12 . 2014-06-05 19:20	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-05 18:12 . 2014-06-05 18:12	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-06-05 18:12 . 2014-06-05 18:12	--------	d-----w-	c:\programdata\Malwarebytes
2014-06-05 18:12 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-06-05 18:12 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-06-05 18:12 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-06-05 15:53 . 2014-06-05 15:53	--------	d-----w-	c:\users\Nina\AppData\Roaming\ParetoLogic
2014-06-05 15:53 . 2014-06-05 15:53	--------	d-----w-	c:\users\Nina\AppData\Roaming\DriverCure
2014-06-05 15:53 . 2014-06-05 18:55	--------	d-----w-	c:\programdata\ParetoLogic
2014-06-05 15:45 . 2014-06-05 15:45	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-06-05 15:45 . 2014-06-05 15:45	--------	d-----w-	c:\programdata\Oracle
2014-06-05 15:45 . 2014-06-05 15:45	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-05 15:45 . 2014-06-05 15:45	--------	d-----w-	c:\program files (x86)\Java
2014-06-05 14:27 . 2014-06-05 14:27	--------	d--h--r-	c:\users\Nina\AppData\Roaming\SecuROM
2014-06-05 11:10 . 2014-06-05 11:10	--------	d-----w-	c:\users\Nina\AppData\Roaming\ProductData
2014-06-05 11:10 . 2014-06-05 11:10	--------	d-----w-	c:\programdata\ProductData
2014-06-05 11:10 . 2014-06-05 11:10	--------	d-----w-	c:\users\Nina\AppData\Roaming\Apple Computer
2014-06-05 11:10 . 2014-06-05 11:10	--------	d-----w-	c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-06-05 11:08 . 2014-06-05 11:10	--------	d-----w-	c:\programdata\IObit
2014-06-05 11:07 . 2014-06-05 11:10	--------	d-----w-	c:\users\Nina\AppData\Roaming\IObit
2014-06-05 11:07 . 2014-06-05 11:10	--------	d-----w-	c:\program files (x86)\IObit
2014-06-05 09:20 . 2014-06-05 09:20	--------	d-----w-	c:\program files (x86)\ESET
2014-06-03 10:14 . 2014-04-30 23:20	10702536	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C314704B-C5ED-4DBE-9CB6-BF7F62140E1C}\mpengine.dll
2014-06-01 13:35 . 2014-06-01 13:35	--------	d-----w-	c:\users\Nina\AppData\Roaming\EZDownloader
2014-05-25 15:53 . 2014-05-25 15:54	--------	d-----w-	c:\users\Einhorn-Pegasus\AppData\Local\NVIDIA Corporation
2014-05-25 15:45 . 2014-04-30 18:29	1081112	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-05-25 15:45 . 2014-04-30 18:29	1225920	----a-w-	c:\windows\system32\nvspcap64.dll
2014-05-25 15:44 . 2014-05-25 15:45	--------	d-----w-	c:\users\Nina\AppData\Local\NVIDIA Corporation
2014-05-25 15:44 . 2014-03-31 16:42	40392	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2014-05-25 15:44 . 2014-03-31 16:42	34760	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2014-05-25 15:41 . 2014-05-25 15:41	--------	d-----w-	c:\users\Nina\AppData\Roaming\Microsoft Games
2014-05-25 15:41 . 2014-05-25 15:41	--------	d-----w-	c:\programdata\Microsoft Games
2014-05-16 16:31 . 2014-05-16 16:31	--------	d-----w-	c:\programdata\PopCap Games
2014-05-16 16:31 . 2014-05-29 12:06	--------	d-----w-	c:\programdata\EA Logs
2014-05-16 16:30 . 2014-05-16 16:30	--------	d--h--w-	c:\program files (x86)\Common Files\EAInstaller
2014-05-14 21:07 . 2014-05-06 04:40	23544320	----a-w-	c:\windows\system32\mshtml.dll
2014-05-14 21:07 . 2014-05-06 03:00	84992	----a-w-	c:\windows\system32\mshtmled.dll
2014-05-14 21:07 . 2014-05-06 04:17	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-14 21:07 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-13 20:07 . 2014-06-05 11:15	--------	d-----w-	c:\users\Nina\AppData\Roaming\tor
2014-05-13 20:07 . 2014-06-05 10:15	--------	d-----w-	c:\users\Nina\AppData\Roaming\Vaowav
2014-05-13 20:07 . 2014-05-14 06:28	--------	d-----w-	c:\users\Nina\AppData\Roaming\Xaok
2014-05-10 15:39 . 2014-06-05 10:13	--------	d-----w-	c:\users\Nina\AppData\Local\IQsoft
2014-05-07 17:34 . 2014-05-07 17:34	--------	d-----w-	c:\users\Einhorn-Pegasus\AppData\Local\Diagnostics
2014-05-06 20:07 . 2014-05-15 15:50	--------	d-s---w-	c:\windows\system32\CompatTel
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-05 12:06 . 2014-02-16 19:02	447752	----a-w-	c:\windows\SysWow64\vp6vfw.dll
2014-05-14 18:32 . 2014-02-16 11:42	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 18:32 . 2014-02-16 11:42	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-01 16:39 . 2014-05-01 16:39	1356664	----a-w-	c:\windows\system32\Websteroids.B324755F3F87.2.6.80.dll
2014-04-29 12:04 . 2014-04-29 12:03	335872	------w-	c:\windows\Setup1.exe
2014-04-29 12:04 . 2014-04-29 12:03	74752	----a-w-	c:\windows\ST6UNST.EXE
2014-03-31 16:42 . 2014-02-16 11:53	37320	----a-w-	c:\windows\system32\nvaudcap64v.dll
2014-03-31 07:35 . 2014-04-17 12:06	270496	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-04 16:46	294456	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"Spiele Post"="c:\program files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe" [2013-12-06 483400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-04-21 2295584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20140510.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20140604.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20140604.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1309010.00E\SYMNETS.SYS [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-23 14:18	1091912	----a-w-	c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-16 18:32]
.
2014-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-27 15:54]
.
2014-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-27 15:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-06-05 11:10	2471744	----a-w-	c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-04 16:46	357432	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-30 1225920]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q=
FF - user.js: general.useragent.override - Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.15
FF - user.js: extensions.blocklist.enabled - false
FF - user.js: app.update.auto - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-IQsoft - c:\users\Nina\AppData\Local\IQsoft\ASMdefm216A.dll
Wow6432Node-HKCU-Run-IQsoft Update - c:\users\Nina\AppData\Local\IQsoft\kyw7sr03.dll
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
AddRemove-Pharao - c:\windows\IsUn0407.exe
AddRemove-Steam App 226700 - e:\timmy\Steam\steam.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1228840033-2895351102-1459622301-1000\Software\SecuROM\License information*]
"datasecu"=hex:0b,94,a2,38,7d,98,82,47,bf,c9,27,9b,a5,4e,99,eb,87,bf,53,23,b1,
   75,a5,d8,59,69,8b,7f,94,a9,a0,13,03,db,cf,fd,80,ba,0d,d4,b0,13,1f,89,a5,48,\
"rkeysecu"=hex:d7,99,06,56,8d,a1,ae,5d,bb,8d,c2,d6,75,36,8a,76
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-05  21:49:57
ComboFix-quarantined-files.txt  2014-06-05 19:49
.
Vor Suchlauf: 12 Verzeichnis(se), 32.849.858.560 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 34.930.335.744 Bytes frei
.
- - End Of File - - F5B49630E61A6C9C5A0A26C178014F1C
         

Alt 05.06.2014, 20:54   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fehler beim Laden des Moduls RegSvr32 - Standard

Fehler beim Laden des Moduls RegSvr32



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.06.2014, 21:38   #9
-NiNa-
 
Fehler beim Laden des Moduls RegSvr32 - Standard

Fehler beim Laden des Moduls RegSvr32



Code:
ATTFilter
# AdwCleaner v3.212 - Bericht erstellt am 05/06/2014 um 22:25:55
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Nina - NINA-PC
# Gestartet von : C:\Users\Nina\Downloads\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\ProgramData\Search-NuEwTaB
Ordner Gelöscht : C:\Program Files (x86)\Search-NuEwTaB
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Einhorn-Pegasus\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Einhorn-Pegasus\AppData\Local\torch
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\Nina\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Nina\AppData\Local\torch
Ordner Gelöscht : C:\Users\Nina\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\Nina\AppData\Roaming\EZDownloader
Ordner Gelöscht : C:\Users\Nina\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Nina\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\adsremoval@adsremoval.net
Ordner Gelöscht : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\ebuyya@zxzgadhg.net
Ordner Gelöscht : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\fkia@chjqmws.co.uk
Ordner Gelöscht : C:\Users\Einhorn-Pegasus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg
Ordner Gelöscht : C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke
Ordner Gelöscht : C:\Users\Einhorn-Pegasus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke
Ordner Gelöscht : C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad
Ordner Gelöscht : C:\Users\Einhorn-Pegasus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad
Ordner Gelöscht : C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad
Datei Gelöscht : C:\Users\Nina\AppData\Roaming\LiveSupport.exe_log.txt
Datei Gelöscht : C:\Users\Nina\AppData\Roaming\regsvr32.exe_log.txt
Datei Gelöscht : C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\invalidprefs.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\WebSearch.xml
Datei Gelöscht : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Driver Booster Update

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-698646803
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Schlüssel Gelöscht : HKCU\Software\anchorfree
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\Software\ParetoLogic
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Trymedia Systems
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Einhorn-Pegasus\AppData\Roaming\Mozilla\Firefox\Profiles\91ev68is.default\prefs.js ]


[ Datei : C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "WebSearch");
Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q=");
Zeile gelöscht : user_pref("browser.search.order.1", "WebSearch");
Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "WebSearch");
Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
Zeile gelöscht : user_pref("extensions.4oCX02XMHU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
Zeile gelöscht : user_pref("extensions.AGUp1mNe.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
Zeile gelöscht : user_pref("extensions.av5Jq.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...]
Zeile gelöscht : user_pref("extensions.buenosearch.admin", false);
Zeile gelöscht : user_pref("extensions.buenosearch.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Zeile gelöscht : user_pref("extensions.buenosearch.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.buenosearch.bbDpng", "12");
Zeile gelöscht : user_pref("extensions.buenosearch.cntry", "DE");
Zeile gelöscht : user_pref("extensions.buenosearch.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.buenosearch.excTlbr", false);
Zeile gelöscht : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.buenosearch.hdrMd5", "A41CDBE30F583C45BA374C3DF5C7CA58");
Zeile gelöscht : user_pref("extensions.buenosearch.id", "142775060000000000003085a9acd151");
Zeile gelöscht : user_pref("extensions.buenosearch.instlDay", "16174");
Zeile gelöscht : user_pref("extensions.buenosearch.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.buenosearch.lastB", "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=14273085A9ACD151&affID=127690&tsp=5184");
Zeile gelöscht : user_pref("extensions.buenosearch.lastVrsnTs", "1.8.28.716:50:14");
Zeile gelöscht : user_pref("extensions.buenosearch.newTab", false);
Zeile gelöscht : user_pref("extensions.buenosearch.prdct", "buenosearch");
Zeile gelöscht : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Zeile gelöscht : user_pref("extensions.buenosearch.rvrt", "false");
Zeile gelöscht : user_pref("extensions.buenosearch.sg", "azb");
Zeile gelöscht : user_pref("extensions.buenosearch.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=14273085A9ACD151&affID=128492&tsp=5217");
Zeile gelöscht : user_pref("extensions.buenosearch.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=14273085A9ACD151&affID=128492&tsp=5217");
Zeile gelöscht : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Zeile gelöscht : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.717:05:11");
Zeile gelöscht : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "144d129de192be5fa1be2b4f2a441b6c");
Zeile gelöscht : user_pref("extensions.iminent.admin", false);
Zeile gelöscht : user_pref("extensions.iminent.aflt", "orgnl");
Zeile gelöscht : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Zeile gelöscht : user_pref("extensions.iminent.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.iminent.dfltLng", "");
Zeile gelöscht : user_pref("extensions.iminent.excTlbr", false);
Zeile gelöscht : user_pref("extensions.iminent.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.iminent.id", "142775060000000000003085a9acd151");
Zeile gelöscht : user_pref("extensions.iminent.instlDay", "16146");
Zeile gelöscht : user_pref("extensions.iminent.instlRef", "");
Zeile gelöscht : user_pref("extensions.iminent.newTab", false);
Zeile gelöscht : user_pref("extensions.iminent.prdct", "iminent");
Zeile gelöscht : user_pref("extensions.iminent.prtnrId", "iminent");
Zeile gelöscht : user_pref("extensions.iminent.rvrt", "false");
Zeile gelöscht : user_pref("extensions.iminent.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Zeile gelöscht : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Zeile gelöscht : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Zeile gelöscht : user_pref("extensions.iminent.vrsnTs", "1.8.28.318:48:27");
Zeile gelöscht : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q=");

-\\ Google Chrome v35.0.1916.114

[ Datei : C:\Users\Einhorn-Pegasus\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : apimnnpjidaoombgegfjdglhbmjcffke
Gelöscht [Extension] : fadcplcnmpeikaedkmboghidghbnojad

[ Datei : C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=14273085A9ACD151&affID=128492&tsp=5217
Gelöscht [Search Provider] : hxxp://websearch.eazytosearch.info/?l=1&q={searchTerms}&pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE
Gelöscht [Startup_urls] : hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE
Gelöscht [Homepage] : hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE
Gelöscht [Extension] : apimnnpjidaoombgegfjdglhbmjcffke
Gelöscht [Extension] : fadcplcnmpeikaedkmboghidghbnojad
Gelöscht [Extension] : gkcefkcdkepgkpbgncjchhbjgoanleod

*************************

AdwCleaner[R0].txt - [15795 octets] - [05/06/2014 20:37:46]
AdwCleaner[R1].txt - [16099 octets] - [05/06/2014 22:21:51]
AdwCleaner[S0].txt - [15185 octets] - [05/06/2014 22:25:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15246 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Nina on 05.06.2014 at 22:29:56,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\Nina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\taskbar\startfenster.lnk"



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Nina\AppData\Roaming\mozilla\firefox\profiles\f1vtxk96.default\prefs.js

user_pref("browser.search.defaultenginename", "WebSearch");
user_pref("browser.search.selectedEngine", "WebSearch");
user_pref("extensions.4oCX02XMHU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\"
user_pref("extensions.av5Jq.url", "hxxp://toolkitjob.info/sync2/?q=hfZ9ofV9CShEAen0qHs9tMqLDe49CNU0mwkMCMlNhd9Fqda7rdwFrHr9rTgMBzqUojw9rdgEqjw9rjnHqih7hfs0pihPBMn0qHYEpjr8rdC8
user_pref("keyword.url", "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q=");
Emptied folder: C:\Users\Nina\AppData\Roaming\mozilla\firefox\profiles\f1vtxk96.default\minidumps [27 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.06.2014 at 22:34:38,39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         





FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Nina (administrator) on NINA-PC on 05-06-2014 22:38:16
Running from C:\Users\Nina\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intenium) C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-10] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\.DEFAULT\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Run: [Spiele Post] => C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe [483400 2013-12-06] (Intenium)
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicyUsers\S-1-5-21-1228840033-2895351102-1459622301-1002\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x352833F60A2BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {1CE79CC2-73FA-442F-A916-7B62D1A98476} URL = 
SearchScopes: HKCU - DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP244E6CBF-8349-4F3A-8DFC-52A4E5111EB7&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default
FF DefaultSearchEngine: WebSearch
FF SelectedSearchEngine: WebSearch
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Nina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\amazon-icon@giga.de [2014-04-01]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\ascsurfingprotection@iobit.com [2014-06-05]
FF Extension: save on - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\auieoaa@y-.co.uk [2014-06-01]
FF Extension: Star Stable Online - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\plugin@starstable.com [2014-02-18]
FF Extension: System.Collections.CaseInsensitiveComparer - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{35CFE46B-1C5F-1AC2-DA02-9AA30B4F6DEE} [2014-05-10]
FF Extension: Popular Website Buddy - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\jid1-l6V8exwLVv1lBw@jetpack.xpi [2014-05-15]
FF Extension: FlashExtension - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{22916f38-7247-49e7-934c-c5bc815b8ea3}.xpi [2014-04-20]
FF Extension: {8f2053ad-6527-424f-9e64-1eca25d13d01} - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{8f2053ad-6527-424f-9e64-1eca25d13d01}.xpi [2014-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFF [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ []
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE"
CHR StartupUrls: "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE"
CHR Extension: (No Name) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke [2014-06-01]
CHR Extension: (YouTube) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-08]
CHR Extension: (Google Search) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-08]
CHR Extension: (Enhance Browser) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2014-06-01]
CHR Extension: (No Name) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad [2014-06-01]
CHR Extension: (save on) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjdbclcpegianmeojpmoddpgggpnploc [2014-06-01]
CHR Extension: (No Name) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-05-27]
CHR Extension: (Norton Identity Protection) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-03-09]
CHR Extension: (Google Wallet) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-09]
CHR Extension: (Gmail) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-08]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2014-02-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-16] ()

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-16] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-16] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20140604.001\IDSvia64.sys [525016 2014-06-04] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20140605.004\ENG64.SYS [126040 2014-06-05] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20140605.004\EX64.SYS [2099288 2014-06-05] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2014-02-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 22:34 - 2014-06-05 22:34 - 00001621 _____ () C:\Users\Nina\Desktop\JRT.txt
2014-06-05 22:29 - 2014-06-05 22:29 - 01016261 _____ (Thisisu) C:\Users\Nina\Downloads\JRT.exe
2014-06-05 22:29 - 2014-06-05 22:29 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 22:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-05 21:49 - 2014-06-05 21:49 - 00023369 _____ () C:\ComboFix.txt
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-05 21:45 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-05 21:45 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-05 21:45 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-05 21:45 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-05 21:45 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-05 21:45 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-05 21:45 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-05 21:45 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-05 21:43 - 2014-06-05 21:49 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 21:43 - 2014-06-05 21:49 - 00000000 ____D () C:\Qoobox
2014-06-05 21:43 - 2014-06-05 21:43 - 05205146 ____R (Swearware) C:\Users\Nina\Downloads\ComboFix.exe
2014-06-05 21:25 - 2014-06-05 21:25 - 00029164 _____ () C:\Users\Nina\Downloads\Addition.txt
2014-06-05 21:24 - 2014-06-05 22:38 - 00019617 _____ () C:\Users\Nina\Downloads\FRST.txt
2014-06-05 21:16 - 2014-06-05 22:38 - 00000000 ____D () C:\FRST
2014-06-05 21:15 - 2014-06-05 21:15 - 02068992 _____ (Farbar) C:\Users\Nina\Downloads\FRST64.exe
2014-06-05 21:14 - 2014-06-05 21:15 - 01059840 _____ (Farbar) C:\Users\Nina\Downloads\FRST.exe
2014-06-05 20:39 - 2014-06-05 20:39 - 01333465 _____ () C:\Users\Nina\Downloads\adwcleaner_3.212.exe
2014-06-05 20:36 - 2014-06-05 22:25 - 00000000 ____D () C:\AdwCleaner
2014-06-05 20:12 - 2014-06-05 22:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 20:12 - 2014-06-05 20:12 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-05 20:12 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-05 20:12 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-05 20:12 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-05 20:11 - 2014-06-05 20:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nina\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-05 18:07 - 2014-06-05 18:07 - 00828216 _____ () C:\Users\Nina\Downloads\Setup.exe
2014-06-05 17:52 - 2014-06-05 17:52 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Nina\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Sun
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-05 17:43 - 2014-06-05 17:43 - 29405096 _____ (Oracle Corporation) C:\Users\Nina\Downloads\jre-7u60-windows-i586.exe
2014-06-05 17:35 - 2014-06-05 17:35 - 00700783 ____R (Swearware) C:\Users\Nina\Downloads\dds+.exe
2014-06-05 16:27 - 2014-06-05 16:27 - 00000000 __RHD () C:\Users\Nina\AppData\Roaming\SecuROM
2014-06-05 14:08 - 2014-06-05 14:08 - 00002300 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk
2014-06-05 13:32 - 2014-06-05 13:32 - 00001001 _____ () C:\Users\Nina\Desktop\Origin.lnk
2014-06-05 13:12 - 2014-06-05 13:12 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Nina)
2014-06-05 13:11 - 2014-06-05 13:11 - 00002852 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Nina
2014-06-05 13:10 - 2014-06-05 13:10 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-06-05 13:10 - 2014-06-05 13:10 - 00001156 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\ProductData
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Apple Computer
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\ProductData
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-06-05 13:09 - 2014-06-05 13:11 - 00002133 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-06-05 13:09 - 2014-06-05 13:09 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-06-05 13:09 - 2014-06-05 13:09 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-06-05 13:09 - 2014-06-05 13:09 - 00001098 _____ () C:\Users\Public\Desktop\Driver Booster.lnk
2014-06-05 13:09 - 2014-06-05 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-06-05 13:09 - 2014-06-05 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-06-05 13:08 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\IObit
2014-06-05 13:07 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\IObit
2014-06-05 13:07 - 2014-06-05 13:10 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-06-05 13:07 - 2014-06-05 13:07 - 26248320 _____ (IObit ) C:\Users\Nina\Downloads\imf-setup-2.4.1.15.exe
2014-06-05 12:38 - 2014-06-05 12:38 - 00000000 ____D () C:\Users\Nina\Documents\Symantec
2014-06-05 11:20 - 2014-06-05 11:20 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-05 11:19 - 2014-06-05 11:19 - 02347384 _____ (ESET) C:\Users\Nina\Downloads\esetsmartinstaller_deu.exe
2014-06-05 09:43 - 2014-06-05 09:43 - 00001348 __RSH () C:\Users\Einhorn-Pegasus\ntuser.pol
2014-06-05 09:43 - 2014-06-05 09:43 - 00000680 __RSH () C:\Users\Nina\ntuser.pol
2014-06-05 09:27 - 2014-06-05 13:14 - 00000000 ____D () C:\Users\Nina\Documents\Ein Mann hat 7 Tage lang den Himmel auf Teneriffa gefilmt. Was er sah, nimmt mir den Atem-Dateien
2014-06-04 12:58 - 2014-06-04 12:58 - 00003288 _____ () C:\Windows\System32\Tasks\{B6543D33-4196-4FF7-885A-7881AF67AB88}
2014-06-04 12:50 - 2014-06-04 12:50 - 00001861 _____ () C:\Users\Nina\Desktop\UseNeXT by Tangysoft.lnk
2014-06-01 15:34 - 2014-06-05 11:13 - 00000000 ____D () C:\ProgramData\9d268cc6c5d3588d
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Packages
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\TopApp soft
2014-06-01 15:33 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-25 17:53 - 2014-05-25 17:54 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\NVIDIA Corporation
2014-05-25 17:45 - 2014-04-30 20:29 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-05-25 17:45 - 2014-04-30 20:29 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-05-25 17:44 - 2014-05-25 17:45 - 00000000 ____D () C:\Users\Nina\AppData\Local\NVIDIA Corporation
2014-05-25 17:44 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-25 17:44 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft Games
2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Games
2014-05-23 21:34 - 2014-05-23 21:34 - 00001070 _____ () C:\Users\Nina\Documents\VLC media player.lnk
2014-05-16 18:31 - 2014-05-16 18:31 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-05-16 18:30 - 2014-05-16 18:30 - 00001279 _____ () C:\Users\Public\Desktop\Pflanzen gegen Zombies.lnk
2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-14 23:07 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 23:07 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 23:07 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 23:07 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 23:07 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 23:07 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 22:37 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 22:37 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 22:37 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 22:37 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 22:37 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 22:37 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 22:37 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 22:37 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 22:37 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 22:37 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 22:37 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 22:37 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 22:37 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 22:37 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 22:37 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 22:37 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 22:37 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 22:37 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 22:37 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 22:37 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 22:07 - 2014-06-05 13:15 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\tor
2014-05-13 22:07 - 2014-06-05 12:15 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Vaowav
2014-05-13 22:07 - 2014-05-14 08:28 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Xaok
2014-05-10 17:39 - 2014-06-05 12:13 - 00000000 ____D () C:\Users\Nina\AppData\Local\IQsoft
2014-05-10 15:46 - 2014-05-10 15:46 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(6).exe
2014-05-10 11:44 - 2014-05-10 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 11:32 - 2014-05-10 11:32 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(5).exe
2014-05-10 11:31 - 2014-05-10 11:31 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(4).exe
2014-05-10 11:25 - 2014-05-10 11:25 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(3).exe
2014-05-10 11:23 - 2014-05-10 11:23 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(2).exe
2014-05-06 22:07 - 2014-05-15 17:50 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-06-05 22:38 - 2014-06-05 21:24 - 00019617 _____ () C:\Users\Nina\Downloads\FRST.txt
2014-06-05 22:38 - 2014-06-05 21:16 - 00000000 ____D () C:\FRST
2014-06-05 22:38 - 2014-02-16 13:08 - 00000000 ____D () C:\Users\Nina\AppData\Local\Temp
2014-06-05 22:34 - 2014-06-05 22:34 - 00001621 _____ () C:\Users\Nina\Desktop\JRT.txt
2014-06-05 22:34 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 22:34 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 22:32 - 2014-02-16 13:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-05 22:29 - 2014-06-05 22:29 - 01016261 _____ (Thisisu) C:\Users\Nina\Downloads\JRT.exe
2014-06-05 22:29 - 2014-06-05 22:29 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 22:28 - 2014-06-05 20:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 22:27 - 2014-03-27 17:54 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 22:27 - 2009-07-14 06:51 - 00060509 _____ () C:\Windows\setupact.log
2014-06-05 22:26 - 2014-02-16 13:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-05 22:26 - 2014-02-16 13:19 - 00293330 _____ () C:\Windows\PFRO.log
2014-06-05 22:26 - 2014-02-16 13:07 - 01593635 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 22:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 22:25 - 2014-06-05 20:36 - 00000000 ____D () C:\AdwCleaner
2014-06-05 22:17 - 2014-03-27 17:54 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 21:49 - 2014-06-05 21:49 - 00023369 _____ () C:\ComboFix.txt
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:43 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 21:49 - 2014-06-05 21:43 - 00000000 ____D () C:\Qoobox
2014-06-05 21:49 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-05 21:48 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-05 21:43 - 2014-06-05 21:43 - 05205146 ____R (Swearware) C:\Users\Nina\Downloads\ComboFix.exe
2014-06-05 21:25 - 2014-06-05 21:25 - 00029164 _____ () C:\Users\Nina\Downloads\Addition.txt
2014-06-05 21:15 - 2014-06-05 21:15 - 02068992 _____ (Farbar) C:\Users\Nina\Downloads\FRST64.exe
2014-06-05 21:15 - 2014-06-05 21:14 - 01059840 _____ (Farbar) C:\Users\Nina\Downloads\FRST.exe
2014-06-05 20:39 - 2014-06-05 20:39 - 01333465 _____ () C:\Users\Nina\Downloads\adwcleaner_3.212.exe
2014-06-05 20:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-06-05 20:23 - 2005-06-13 21:06 - 00000000 _RSHD () C:\Users\Nina\AppData\Roaming\Windows Firewall
2014-06-05 20:12 - 2014-06-05 20:12 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-05 20:11 - 2014-06-05 20:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nina\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-05 18:17 - 2014-02-16 20:05 - 00000000 ____D () C:\ProgramData\Origin
2014-06-05 18:16 - 2014-02-16 20:05 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-05 18:11 - 2014-02-16 14:27 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\UseNeXT
2014-06-05 18:07 - 2014-06-05 18:07 - 00828216 _____ () C:\Users\Nina\Downloads\Setup.exe
2014-06-05 17:52 - 2014-06-05 17:52 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Nina\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Sun
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-05 17:43 - 2014-06-05 17:43 - 29405096 _____ (Oracle Corporation) C:\Users\Nina\Downloads\jre-7u60-windows-i586.exe
2014-06-05 17:35 - 2014-06-05 17:35 - 00700783 ____R (Swearware) C:\Users\Nina\Downloads\dds+.exe
2014-06-05 17:30 - 2014-02-16 14:23 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\vlc
2014-06-05 17:28 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-05 17:26 - 2014-02-16 13:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-05 16:27 - 2014-06-05 16:27 - 00000000 __RHD () C:\Users\Nina\AppData\Roaming\SecuROM
2014-06-05 16:14 - 2014-02-16 16:45 - 00000000 ____D () C:\Users\Nina\Documents\Electronic Arts
2014-06-05 14:08 - 2014-06-05 14:08 - 00002300 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk
2014-06-05 14:06 - 2014-02-16 21:02 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-06-05 13:32 - 2014-06-05 13:32 - 00001001 _____ () C:\Users\Nina\Desktop\Origin.lnk
2014-06-05 13:16 - 2014-03-05 19:39 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-06-05 13:16 - 2014-02-16 20:11 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-05 13:15 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\tor
2014-06-05 13:14 - 2014-06-05 09:27 - 00000000 ____D () C:\Users\Nina\Documents\Ein Mann hat 7 Tage lang den Himmel auf Teneriffa gefilmt. Was er sah, nimmt mir den Atem-Dateien
2014-06-05 13:14 - 2014-02-16 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2014-06-05 13:12 - 2014-06-05 13:12 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Nina)
2014-06-05 13:11 - 2014-06-05 13:11 - 00002852 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Nina
2014-06-05 13:11 - 2014-06-05 13:09 - 00002133 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-06-05 13:10 - 2014-06-05 13:10 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-06-05 13:10 - 2014-06-05 13:10 - 00001156 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\ProductData
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Apple Computer
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\ProductData
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-06-05 13:10 - 2014-06-05 13:08 - 00000000 ____D () C:\ProgramData\IObit
2014-06-05 13:10 - 2014-06-05 13:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\IObit
2014-06-05 13:10 - 2014-06-05 13:07 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-06-05 13:09 - 2014-06-05 13:09 - 00003220 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2014-06-05 13:09 - 2014-06-05 13:09 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-06-05 13:09 - 2014-06-05 13:09 - 00001098 _____ () C:\Users\Public\Desktop\Driver Booster.lnk
2014-06-05 13:09 - 2014-06-05 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster
2014-06-05 13:09 - 2014-06-05 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-06-05 13:07 - 2014-06-05 13:07 - 26248320 _____ (IObit ) C:\Users\Nina\Downloads\imf-setup-2.4.1.15.exe
2014-06-05 12:38 - 2014-06-05 12:38 - 00000000 ____D () C:\Users\Nina\Documents\Symantec
2014-06-05 12:15 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Vaowav
2014-06-05 12:13 - 2014-05-10 17:39 - 00000000 ____D () C:\Users\Nina\AppData\Local\IQsoft
2014-06-05 11:20 - 2014-06-05 11:20 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-05 11:19 - 2014-06-05 11:19 - 02347384 _____ (ESET) C:\Users\Nina\Downloads\esetsmartinstaller_deu.exe
2014-06-05 11:13 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\9d268cc6c5d3588d
2014-06-05 09:43 - 2014-06-05 09:43 - 00001348 __RSH () C:\Users\Einhorn-Pegasus\ntuser.pol
2014-06-05 09:43 - 2014-06-05 09:43 - 00000680 __RSH () C:\Users\Nina\ntuser.pol
2014-06-05 09:43 - 2014-03-30 17:15 - 00000000 ____D () C:\Users\Einhorn-Pegasus
2014-06-05 09:43 - 2014-02-16 13:08 - 00000000 ____D () C:\Users\Nina
2014-06-05 09:43 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-05 09:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-05 09:01 - 2014-02-16 14:27 - 00000000 ____D () C:\Users\Nina\Documents\UseNeXT
2014-06-04 12:58 - 2014-06-04 12:58 - 00003288 _____ () C:\Windows\System32\Tasks\{B6543D33-4196-4FF7-885A-7881AF67AB88}
2014-06-04 12:57 - 2014-03-08 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
2014-06-04 12:50 - 2014-06-04 12:50 - 00001861 _____ () C:\Users\Nina\Desktop\UseNeXT by Tangysoft.lnk
2014-06-04 12:50 - 2014-02-16 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
2014-06-04 12:50 - 2014-02-16 14:27 - 00000000 ____D () C:\Program Files (x86)\UseNeXT
2014-06-04 12:45 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-04 11:26 - 2014-03-01 11:29 - 00000000 ____D () C:\Users\Nina\AppData\Local\CrashDumps
2014-06-01 15:58 - 2014-03-23 12:20 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Packages
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\TopApp soft
2014-06-01 15:34 - 2014-06-01 15:33 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-01 15:34 - 2014-04-21 19:21 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Google
2014-06-01 15:34 - 2014-02-16 13:17 - 00000000 ____D () C:\Users\Nina\AppData\Local\Google
2014-06-01 15:32 - 2014-03-12 18:11 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\.minecraft
2014-05-29 13:12 - 2014-04-15 11:15 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\SecondLife
2014-05-29 01:12 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-05-29 01:12 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-05-29 01:12 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 01:09 - 2014-02-21 17:56 - 00000000 ____D () C:\Users\Nina\AppData\Local\QuickPar
2014-05-25 17:54 - 2014-05-25 17:53 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\NVIDIA Corporation
2014-05-25 17:45 - 2014-05-25 17:44 - 00000000 ____D () C:\Users\Nina\AppData\Local\NVIDIA Corporation
2014-05-25 17:45 - 2014-02-16 13:56 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-25 17:45 - 2014-02-16 13:55 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-25 17:45 - 2014-02-16 13:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft Games
2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Games
2014-05-23 21:34 - 2014-05-23 21:34 - 00001070 _____ () C:\Users\Nina\Documents\VLC media player.lnk
2014-05-23 16:25 - 2014-03-27 17:54 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-21 12:49 - 2014-02-19 16:22 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-18 14:05 - 2014-02-23 18:21 - 00000000 ____D () C:\ProgramData\Wizard101(DE)
2014-05-16 18:31 - 2014-05-16 18:31 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-05-16 18:31 - 2014-02-16 20:05 - 00000000 ____D () C:\Users\Nina\AppData\Local\Origin
2014-05-16 18:31 - 2014-02-16 20:05 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-16 18:30 - 2014-05-16 18:30 - 00001279 _____ () C:\Users\Public\Desktop\Pflanzen gegen Zombies.lnk
2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-16 18:30 - 2014-02-16 14:11 - 00193468 _____ () C:\Windows\DirectX.log
2014-05-16 18:27 - 2014-02-16 13:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 21:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 19:00 - 2014-03-30 17:16 - 00000000 ___RD () C:\Users\Einhorn-Pegasus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 19:00 - 2014-03-30 17:16 - 00000000 ___RD () C:\Users\Einhorn-Pegasus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 17:52 - 2014-02-16 13:08 - 00000000 ___RD () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 17:52 - 2014-02-16 13:08 - 00000000 ___RD () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 17:50 - 2014-05-06 22:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 17:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 20:32 - 2014-02-16 13:42 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 20:32 - 2014-02-16 13:42 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 20:32 - 2014-02-16 13:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 08:28 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Xaok
2014-05-12 07:26 - 2014-06-05 20:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-05 20:12 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-05 20:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 09:19 - 2014-02-16 16:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 18:25 - 2014-04-15 11:59 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Roaming\vlc
2014-05-10 15:46 - 2014-05-10 15:46 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(6).exe
2014-05-10 11:44 - 2014-05-10 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 11:32 - 2014-05-10 11:32 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(5).exe
2014-05-10 11:31 - 2014-05-10 11:31 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(4).exe
2014-05-10 11:25 - 2014-05-10 11:25 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(3).exe
2014-05-10 11:23 - 2014-05-10 11:23 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(2).exe
2014-05-09 08:14 - 2014-05-14 22:37 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 22:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 15:19 - 2014-03-30 18:35 - 00000000 ____D () C:\Users\Einhorn-Pegasus\Documents\Electronic Arts
2014-05-08 08:12 - 2014-03-27 17:54 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 08:12 - 2014-03-27 17:54 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 06:40 - 2014-05-14 23:07 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 23:07 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 23:07 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 23:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

Some content of TEMP:
====================
C:\Users\Nina\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 00:19

==================== End Of Log ============================
         
--- --- ---

Alt 06.06.2014, 08:15   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fehler beim Laden des Moduls RegSvr32 - Standard

Fehler beim Laden des Moduls RegSvr32



Bitte auch ne neue Additions.txt erstellen. Haken setzen bei addition.txt dann auf Scan klicken

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.06.2014, 09:11   #11
-NiNa-
 
Fehler beim Laden des Moduls RegSvr32 - Standard

Fehler beim Laden des Moduls RegSvr32




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Nina (administrator) on NINA-PC on 06-06-2014 10:08:50
Running from C:\Users\Nina\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intenium) C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-10] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\.DEFAULT\...\Run: [Advanced SystemCare 7] => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Run: [Spiele Post] => C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe [483400 2013-12-06] (Intenium)
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicyUsers\S-1-5-21-1228840033-2895351102-1459622301-1002\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x352833F60A2BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {1CE79CC2-73FA-442F-A916-7B62D1A98476} URL = 
SearchScopes: HKCU - DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP244E6CBF-8349-4F3A-8DFC-52A4E5111EB7&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default
FF DefaultSearchEngine: WebSearch
FF SelectedSearchEngine: WebSearch
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Nina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\amazon-icon@giga.de [2014-04-01]
FF Extension: save on - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\auieoaa@y-.co.uk [2014-06-01]
FF Extension: Star Stable Online - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\plugin@starstable.com [2014-02-18]
FF Extension: System.Collections.CaseInsensitiveComparer - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{35CFE46B-1C5F-1AC2-DA02-9AA30B4F6DEE} [2014-05-10]
FF Extension: Popular Website Buddy - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\jid1-l6V8exwLVv1lBw@jetpack.xpi [2014-05-15]
FF Extension: FlashExtension - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{22916f38-7247-49e7-934c-c5bc815b8ea3}.xpi [2014-04-20]
FF Extension: {8f2053ad-6527-424f-9e64-1eca25d13d01} - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{8f2053ad-6527-424f-9e64-1eca25d13d01}.xpi [2014-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFF [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ []
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE"
CHR StartupUrls: "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE"
CHR Extension: (No Name) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke [2014-06-01]
CHR Extension: (YouTube) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-08]
CHR Extension: (Google Search) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-08]
CHR Extension: (Enhance Browser) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2014-06-01]
CHR Extension: (No Name) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad [2014-06-01]
CHR Extension: (save on) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjdbclcpegianmeojpmoddpgggpnploc [2014-06-01]
CHR Extension: (No Name) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-05-27]
CHR Extension: (Norton Identity Protection) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-03-09]
CHR Extension: (Google Wallet) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-09]
CHR Extension: (Gmail) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-08]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2014-02-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-16] ()

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-16] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-16] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20140606.001\IDSvia64.sys [525016 2014-06-04] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20140605.032\ENG64.SYS [126040 2014-06-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20140605.032\EX64.SYS [2099288 2014-06-05] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2014-02-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-06 10:08 - 2014-06-06 10:08 - 00000000 ____D () C:\FRST
2014-06-05 23:22 - 2014-06-05 23:22 - 00369811 _____ () C:\Users\Nina\Desktop\photo.php
2014-06-05 22:57 - 2014-06-05 22:57 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-06-05 22:29 - 2014-06-05 22:29 - 01016261 _____ (Thisisu) C:\Users\Nina\Downloads\JRT.exe
2014-06-05 22:29 - 2014-06-05 22:29 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 22:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-05 21:49 - 2014-06-05 21:49 - 00023369 _____ () C:\ComboFix.txt
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-05 21:45 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-05 21:45 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-05 21:45 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-05 21:45 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-05 21:45 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-05 21:45 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-05 21:45 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-05 21:45 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-05 21:43 - 2014-06-05 21:49 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 21:43 - 2014-06-05 21:49 - 00000000 ____D () C:\Qoobox
2014-06-05 21:43 - 2014-06-05 21:43 - 05205146 ____R (Swearware) C:\Users\Nina\Downloads\ComboFix.exe
2014-06-05 21:25 - 2014-06-05 21:25 - 00029164 _____ () C:\Users\Nina\Downloads\Addition.txt
2014-06-05 21:24 - 2014-06-06 10:09 - 00019111 _____ () C:\Users\Nina\Downloads\FRST.txt
2014-06-05 21:15 - 2014-06-05 21:15 - 02068992 _____ (Farbar) C:\Users\Nina\Downloads\FRST64.exe
2014-06-05 21:14 - 2014-06-05 21:15 - 01059840 _____ (Farbar) C:\Users\Nina\Downloads\FRST.exe
2014-06-05 20:39 - 2014-06-05 20:39 - 01333465 _____ () C:\Users\Nina\Downloads\adwcleaner_3.212.exe
2014-06-05 20:12 - 2014-06-06 07:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 20:12 - 2014-06-05 20:12 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-05 20:12 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-05 20:12 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-05 20:12 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-05 20:11 - 2014-06-05 20:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nina\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-05 18:07 - 2014-06-05 18:07 - 00828216 _____ () C:\Users\Nina\Downloads\Setup.exe
2014-06-05 17:52 - 2014-06-05 17:52 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Nina\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Sun
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-05 17:43 - 2014-06-05 17:43 - 29405096 _____ (Oracle Corporation) C:\Users\Nina\Downloads\jre-7u60-windows-i586.exe
2014-06-05 17:35 - 2014-06-05 17:35 - 00700783 ____R (Swearware) C:\Users\Nina\Downloads\dds+.exe
2014-06-05 16:27 - 2014-06-05 16:27 - 00000000 __RHD () C:\Users\Nina\AppData\Roaming\SecuROM
2014-06-05 14:08 - 2014-06-05 14:08 - 00002300 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk
2014-06-05 13:32 - 2014-06-05 13:32 - 00001001 _____ () C:\Users\Nina\Desktop\Origin.lnk
2014-06-05 13:12 - 2014-06-05 13:12 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Nina)
2014-06-05 13:10 - 2014-06-05 13:10 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-06-05 13:10 - 2014-06-05 13:10 - 00001156 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\ProductData
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Apple Computer
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\ProductData
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-06-05 13:09 - 2014-06-05 13:09 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-06-05 13:08 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\IObit
2014-06-05 13:07 - 2014-06-05 23:01 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-06-05 13:07 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\IObit
2014-06-05 13:07 - 2014-06-05 13:07 - 26248320 _____ (IObit ) C:\Users\Nina\Downloads\imf-setup-2.4.1.15.exe
2014-06-05 12:38 - 2014-06-05 12:38 - 00000000 ____D () C:\Users\Nina\Documents\Symantec
2014-06-05 11:19 - 2014-06-05 11:19 - 02347384 _____ (ESET) C:\Users\Nina\Downloads\esetsmartinstaller_deu.exe
2014-06-05 09:43 - 2014-06-05 09:43 - 00001348 __RSH () C:\Users\Einhorn-Pegasus\ntuser.pol
2014-06-05 09:43 - 2014-06-05 09:43 - 00000680 __RSH () C:\Users\Nina\ntuser.pol
2014-06-05 09:27 - 2014-06-05 13:14 - 00000000 ____D () C:\Users\Nina\Documents\Ein Mann hat 7 Tage lang den Himmel auf Teneriffa gefilmt. Was er sah, nimmt mir den Atem-Dateien
2014-06-04 12:58 - 2014-06-04 12:58 - 00003288 _____ () C:\Windows\System32\Tasks\{B6543D33-4196-4FF7-885A-7881AF67AB88}
2014-06-04 12:50 - 2014-06-04 12:50 - 00001861 _____ () C:\Users\Nina\Desktop\UseNeXT by Tangysoft.lnk
2014-06-01 15:34 - 2014-06-05 11:13 - 00000000 ____D () C:\ProgramData\9d268cc6c5d3588d
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Packages
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\TopApp soft
2014-06-01 15:33 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-25 17:53 - 2014-05-25 17:54 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\NVIDIA Corporation
2014-05-25 17:45 - 2014-04-30 20:29 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-05-25 17:45 - 2014-04-30 20:29 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-05-25 17:44 - 2014-05-25 17:45 - 00000000 ____D () C:\Users\Nina\AppData\Local\NVIDIA Corporation
2014-05-25 17:44 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-25 17:44 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft Games
2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Games
2014-05-23 21:34 - 2014-05-23 21:34 - 00001070 _____ () C:\Users\Nina\Documents\VLC media player.lnk
2014-05-16 18:31 - 2014-05-16 18:31 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-05-16 18:30 - 2014-05-16 18:30 - 00001279 _____ () C:\Users\Public\Desktop\Pflanzen gegen Zombies.lnk
2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-14 23:07 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 23:07 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 23:07 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 23:07 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 23:07 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 23:07 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 22:37 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 22:37 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 22:37 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 22:37 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 22:37 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 22:37 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 22:37 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 22:37 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 22:37 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 22:37 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 22:37 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 22:37 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 22:37 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 22:37 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 22:37 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 22:37 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 22:37 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 22:37 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 22:37 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 22:37 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 22:07 - 2014-06-05 13:15 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\tor
2014-05-13 22:07 - 2014-06-05 12:15 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Vaowav
2014-05-13 22:07 - 2014-05-14 08:28 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Xaok
2014-05-10 17:39 - 2014-06-05 12:13 - 00000000 ____D () C:\Users\Nina\AppData\Local\IQsoft
2014-05-10 15:46 - 2014-05-10 15:46 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(6).exe
2014-05-10 11:44 - 2014-05-10 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 11:32 - 2014-05-10 11:32 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(5).exe
2014-05-10 11:31 - 2014-05-10 11:31 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(4).exe
2014-05-10 11:25 - 2014-05-10 11:25 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(3).exe
2014-05-10 11:23 - 2014-05-10 11:23 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(2).exe

==================== One Month Modified Files and Folders =======

2014-06-06 10:09 - 2014-06-05 21:24 - 00019111 _____ () C:\Users\Nina\Downloads\FRST.txt
2014-06-06 10:09 - 2014-02-16 13:08 - 00000000 ____D () C:\Users\Nina\AppData\Local\Temp
2014-06-06 10:08 - 2014-06-06 10:08 - 00000000 ____D () C:\FRST
2014-06-06 09:32 - 2014-02-16 13:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-06 09:21 - 2014-02-16 14:23 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\vlc
2014-06-06 09:17 - 2014-03-27 17:54 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-06 08:17 - 2014-03-27 17:54 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-06 07:07 - 2014-06-05 20:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-06 06:59 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-06 06:59 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 06:55 - 2014-02-16 13:07 - 01633453 _____ () C:\Windows\WindowsUpdate.log
2014-06-06 06:51 - 2014-02-16 13:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-06 06:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-06 06:51 - 2009-07-14 06:51 - 00061013 _____ () C:\Windows\setupact.log
2014-06-05 23:22 - 2014-06-05 23:22 - 00369811 _____ () C:\Users\Nina\Desktop\photo.php
2014-06-05 23:01 - 2014-06-05 13:07 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-06-05 23:01 - 2014-02-16 13:19 - 00294732 _____ () C:\Windows\PFRO.log
2014-06-05 22:57 - 2014-06-05 22:57 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-06-05 22:45 - 2014-02-16 14:27 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\UseNeXT
2014-06-05 22:44 - 2014-02-21 17:56 - 00000000 ____D () C:\Users\Nina\AppData\Local\QuickPar
2014-06-05 22:29 - 2014-06-05 22:29 - 01016261 _____ (Thisisu) C:\Users\Nina\Downloads\JRT.exe
2014-06-05 22:29 - 2014-06-05 22:29 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 21:49 - 2014-06-05 21:49 - 00023369 _____ () C:\ComboFix.txt
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:43 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 21:49 - 2014-06-05 21:43 - 00000000 ____D () C:\Qoobox
2014-06-05 21:49 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-05 21:48 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-05 21:43 - 2014-06-05 21:43 - 05205146 ____R (Swearware) C:\Users\Nina\Downloads\ComboFix.exe
2014-06-05 21:25 - 2014-06-05 21:25 - 00029164 _____ () C:\Users\Nina\Downloads\Addition.txt
2014-06-05 21:15 - 2014-06-05 21:15 - 02068992 _____ (Farbar) C:\Users\Nina\Downloads\FRST64.exe
2014-06-05 21:15 - 2014-06-05 21:14 - 01059840 _____ (Farbar) C:\Users\Nina\Downloads\FRST.exe
2014-06-05 20:39 - 2014-06-05 20:39 - 01333465 _____ () C:\Users\Nina\Downloads\adwcleaner_3.212.exe
2014-06-05 20:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-06-05 20:23 - 2005-06-13 21:06 - 00000000 _RSHD () C:\Users\Nina\AppData\Roaming\Windows Firewall
2014-06-05 20:12 - 2014-06-05 20:12 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-05 20:11 - 2014-06-05 20:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nina\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-05 18:17 - 2014-02-16 20:05 - 00000000 ____D () C:\ProgramData\Origin
2014-06-05 18:16 - 2014-02-16 20:05 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-05 18:07 - 2014-06-05 18:07 - 00828216 _____ () C:\Users\Nina\Downloads\Setup.exe
2014-06-05 17:52 - 2014-06-05 17:52 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Nina\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Sun
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-05 17:43 - 2014-06-05 17:43 - 29405096 _____ (Oracle Corporation) C:\Users\Nina\Downloads\jre-7u60-windows-i586.exe
2014-06-05 17:35 - 2014-06-05 17:35 - 00700783 ____R (Swearware) C:\Users\Nina\Downloads\dds+.exe
2014-06-05 17:28 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-05 17:26 - 2014-02-16 13:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-05 16:27 - 2014-06-05 16:27 - 00000000 __RHD () C:\Users\Nina\AppData\Roaming\SecuROM
2014-06-05 16:14 - 2014-02-16 16:45 - 00000000 ____D () C:\Users\Nina\Documents\Electronic Arts
2014-06-05 14:08 - 2014-06-05 14:08 - 00002300 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk
2014-06-05 14:06 - 2014-02-16 21:02 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-06-05 13:32 - 2014-06-05 13:32 - 00001001 _____ () C:\Users\Nina\Desktop\Origin.lnk
2014-06-05 13:16 - 2014-03-05 19:39 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-06-05 13:16 - 2014-02-16 20:11 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-05 13:15 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\tor
2014-06-05 13:14 - 2014-06-05 09:27 - 00000000 ____D () C:\Users\Nina\Documents\Ein Mann hat 7 Tage lang den Himmel auf Teneriffa gefilmt. Was er sah, nimmt mir den Atem-Dateien
2014-06-05 13:14 - 2014-02-16 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2014-06-05 13:12 - 2014-06-05 13:12 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Nina)
2014-06-05 13:10 - 2014-06-05 13:10 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-06-05 13:10 - 2014-06-05 13:10 - 00001156 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\ProductData
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Apple Computer
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\ProductData
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-06-05 13:10 - 2014-06-05 13:08 - 00000000 ____D () C:\ProgramData\IObit
2014-06-05 13:10 - 2014-06-05 13:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\IObit
2014-06-05 13:09 - 2014-06-05 13:09 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-06-05 13:07 - 2014-06-05 13:07 - 26248320 _____ (IObit ) C:\Users\Nina\Downloads\imf-setup-2.4.1.15.exe
2014-06-05 12:38 - 2014-06-05 12:38 - 00000000 ____D () C:\Users\Nina\Documents\Symantec
2014-06-05 12:15 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Vaowav
2014-06-05 12:13 - 2014-05-10 17:39 - 00000000 ____D () C:\Users\Nina\AppData\Local\IQsoft
2014-06-05 11:19 - 2014-06-05 11:19 - 02347384 _____ (ESET) C:\Users\Nina\Downloads\esetsmartinstaller_deu.exe
2014-06-05 11:13 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\9d268cc6c5d3588d
2014-06-05 09:43 - 2014-06-05 09:43 - 00001348 __RSH () C:\Users\Einhorn-Pegasus\ntuser.pol
2014-06-05 09:43 - 2014-06-05 09:43 - 00000680 __RSH () C:\Users\Nina\ntuser.pol
2014-06-05 09:43 - 2014-03-30 17:15 - 00000000 ____D () C:\Users\Einhorn-Pegasus
2014-06-05 09:43 - 2014-02-16 13:08 - 00000000 ____D () C:\Users\Nina
2014-06-05 09:43 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-05 09:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-05 09:01 - 2014-02-16 14:27 - 00000000 ____D () C:\Users\Nina\Documents\UseNeXT
2014-06-04 12:58 - 2014-06-04 12:58 - 00003288 _____ () C:\Windows\System32\Tasks\{B6543D33-4196-4FF7-885A-7881AF67AB88}
2014-06-04 12:57 - 2014-03-08 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
2014-06-04 12:50 - 2014-06-04 12:50 - 00001861 _____ () C:\Users\Nina\Desktop\UseNeXT by Tangysoft.lnk
2014-06-04 12:50 - 2014-02-16 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
2014-06-04 12:50 - 2014-02-16 14:27 - 00000000 ____D () C:\Program Files (x86)\UseNeXT
2014-06-04 12:45 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-04 11:26 - 2014-03-01 11:29 - 00000000 ____D () C:\Users\Nina\AppData\Local\CrashDumps
2014-06-01 15:58 - 2014-03-23 12:20 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Packages
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\TopApp soft
2014-06-01 15:34 - 2014-06-01 15:33 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-01 15:34 - 2014-04-21 19:21 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Google
2014-06-01 15:34 - 2014-02-16 13:17 - 00000000 ____D () C:\Users\Nina\AppData\Local\Google
2014-06-01 15:32 - 2014-03-12 18:11 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\.minecraft
2014-05-29 13:12 - 2014-04-15 11:15 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\SecondLife
2014-05-29 01:12 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-05-29 01:12 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-05-29 01:12 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-25 17:54 - 2014-05-25 17:53 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\NVIDIA Corporation
2014-05-25 17:45 - 2014-05-25 17:44 - 00000000 ____D () C:\Users\Nina\AppData\Local\NVIDIA Corporation
2014-05-25 17:45 - 2014-02-16 13:56 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-25 17:45 - 2014-02-16 13:55 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-25 17:45 - 2014-02-16 13:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft Games
2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Games
2014-05-23 21:34 - 2014-05-23 21:34 - 00001070 _____ () C:\Users\Nina\Documents\VLC media player.lnk
2014-05-23 16:25 - 2014-03-27 17:54 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-21 12:49 - 2014-02-19 16:22 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-18 14:05 - 2014-02-23 18:21 - 00000000 ____D () C:\ProgramData\Wizard101(DE)
2014-05-16 18:31 - 2014-05-16 18:31 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-05-16 18:31 - 2014-02-16 20:05 - 00000000 ____D () C:\Users\Nina\AppData\Local\Origin
2014-05-16 18:31 - 2014-02-16 20:05 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-16 18:30 - 2014-05-16 18:30 - 00001279 _____ () C:\Users\Public\Desktop\Pflanzen gegen Zombies.lnk
2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-16 18:30 - 2014-02-16 14:11 - 00193468 _____ () C:\Windows\DirectX.log
2014-05-16 18:27 - 2014-02-16 13:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 21:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 19:00 - 2014-03-30 17:16 - 00000000 ___RD () C:\Users\Einhorn-Pegasus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 19:00 - 2014-03-30 17:16 - 00000000 ___RD () C:\Users\Einhorn-Pegasus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 17:52 - 2014-02-16 13:08 - 00000000 ___RD () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 17:52 - 2014-02-16 13:08 - 00000000 ___RD () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 17:50 - 2014-05-06 22:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 17:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 20:32 - 2014-02-16 13:42 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 20:32 - 2014-02-16 13:42 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 20:32 - 2014-02-16 13:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 08:28 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Xaok
2014-05-12 07:26 - 2014-06-05 20:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-05 20:12 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-05 20:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 09:19 - 2014-02-16 16:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 18:25 - 2014-04-15 11:59 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Roaming\vlc
2014-05-10 15:46 - 2014-05-10 15:46 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(6).exe
2014-05-10 11:44 - 2014-05-10 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 11:32 - 2014-05-10 11:32 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(5).exe
2014-05-10 11:31 - 2014-05-10 11:31 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(4).exe
2014-05-10 11:25 - 2014-05-10 11:25 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(3).exe
2014-05-10 11:23 - 2014-05-10 11:23 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(2).exe
2014-05-09 08:14 - 2014-05-14 22:37 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 22:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 15:19 - 2014-03-30 18:35 - 00000000 ____D () C:\Users\Einhorn-Pegasus\Documents\Electronic Arts
2014-05-08 08:12 - 2014-03-27 17:54 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 08:12 - 2014-03-27 17:54 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Nina\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 00:19

==================== End Of Log ============================
         
--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Nina at 2014-06-06 10:09:08
Running from C:\Users\Nina\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Activision(R) (x32 Version: 1.00.0000 - Activision) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Alamandi (HKLM-x32\...\Alamandi) (Version: 1.0.0.0 - INTENIUM GmbH)
Alice im Wunderland (HKLM-x32\...\{C6D7ABF3-3BE5-4A75-9638-7A770CB57B38}) (Version: 1.00.0000 - PurpleHills)
ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS)
BEWERBUNGSMASTER (C:\Program Files (x86)\BEWERBUNGSMASTER\) (HKLM-x32\...\ST6UNST #2) (Version:  - )
BEWERBUNGSMASTER (HKLM-x32\...\ST6UNST #1) (Version:  - )
Club Cooee (HKCU\...\ClubCooee) (Version: 1.6.15.0 - cooee GmbH)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Deutschland Spielt - Spiele Post (HKLM-x32\...\Deutschland Spielt - Spiele Post) (Version: 1.0.4.38 - INTENIUM GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 2.2.1.51 - INTENIUM GmbH)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 70er, 80er & 90er Accessoires (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Katy Perry Süße Welt (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Disney Prinzessin - Mein märchenhaftes Abenteuer  (HKLM-x32\...\{34647679-5D7E-455C-9DC6-618FA3B7FE1A}) (Version: 1.00.0000 - Disney Interactive Studios)
Disney Rapunzel (HKLM-x32\...\{AEAEA61F-ECE0-4528-AD7A-8A916F5F576E}) (Version: 1.00.0000 - Disney Interactive Studios)
Dragon Keeper 2 (HKLM-x32\...\Dragon Keeper 2) (Version: 1.0.0.0 - INTENIUM GmbH)
Ein Yankee unter Rittern (HKLM-x32\...\Ein Yankee unter Rittern) (Version: 1.0.0.0 - INTENIUM GmbH)
FormatFactory 3.3.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.1.0 - Format Factory)
Free YouTube to MP3 Converter version 3.12.29.304 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.29.304 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hidden Object Crosswords (HKLM-x32\...\Hidden Object Crosswords) (Version: 1.0.0.0 - INTENIUM GmbH)
Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version:  - Hammerpoint Interactive)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.10.2466 - IObit)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Jewel Legends – Tree of Life (HKLM-x32\...\Jewel Legends – Tree of Life) (Version: 1.0.0.0 - INTENIUM GmbH)
Kao - 2nd round (HKLM-x32\...\Kao - 2nd round) (Version: 1.0 - )
Madagascar 2(TM) (HKLM-x32\...\InstallShield_{F8C02517-4AC3-4026-8292-ACF23E98A7D7}) (Version: 1.00.0000 - Activision)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MySims™ (HKLM-x32\...\{68DC42FA-962C-4973-A306-D595D861FA1E}) (Version: 1.00.0000 - Electronic Arts)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Pharao (HKLM-x32\...\Pharao) (Version:  - )
Ponywelt 2 (HKLM-x32\...\Ponywelt 2) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version:  - )
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wizard101(DE) (HKCU\...\Wizard101(DE)_is1) (Version:  - Gameforge 4D GmbH)

==================== Restore Points  =========================

05-06-2014 15:04:05 Installiert TheSims3EP7
05-06-2014 15:09:15 Installiert The Sims 3 World Adventures
05-06-2014 15:12:56 Installiert TheSims3EP9
05-06-2014 15:21:44 Installiert TheSims3SP8
05-06-2014 15:23:33 Installiert TheSims3SP6
05-06-2014 15:26:29 Installiert The Sims 3 Ambitions
05-06-2014 15:44:41 Installed Java 7 Update 60

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-06-05 21:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {34BB3A78-F9A1-4A89-8542-08DC0BF6F037} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-27] (Google Inc.)
Task: {3D2E82C4-86F1-4F87-911C-2D9BB0E0288E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-27] (Google Inc.)
Task: {6DDE4660-0328-4077-9228-42D7753F8409} - System32\Tasks\Driver Booster SkipUAC (Nina) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {7EF37D31-605A-490C-8443-51821A0D6040} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {8926940A-CCFC-494E-B0A2-988094BFC9E1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {C04C8B46-4154-440A-A725-0707C77FFB4C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {C0B3ED5C-33BA-4CA7-BC33-D53F8AA37FED} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {C4041084-D91C-4253-ABCB-FAFB73252337} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit)
Task: {C51D95D0-C36C-4609-9497-56BB1AE146E5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-16 13:55 - 2013-12-19 20:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-16 22:43 - 2014-02-16 22:43 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-19 12:02 - 2014-02-19 12:02 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2014-02-16 13:26 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-02-16 13:24 - 2012-02-07 18:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/06/2014 10:08:35 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/06/2014 07:15:35 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/06/2014 07:15:29 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (06/06/2014 08:52:52 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (06/05/2014 10:59:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Advanced SystemCare Service 7" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (06/06/2014 10:08:35 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Nina\Downloads\esetsmartinstaller_deu.exe

Error: (06/06/2014 07:15:35 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Nina\downloads\esetsmartinstaller_deu.exe

Error: (06/06/2014 07:15:29 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Nina\downloads\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2014-06-05 21:48:28.381
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-05 21:48:28.335
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 16326.67 MB
Available physical RAM: 13710.63 MB
Total Pagefile: 32651.52 MB
Available Pagefile: 30194.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.05 GB) (Free:32.9 GB) NTFS
Drive d: () (Fixed) (Total:74.43 GB) (Free:72.82 GB) NTFS
Drive e: () (Fixed) (Total:74.52 GB) (Free:51.42 GB) NTFS
Drive f: (Sims3EP11) (CDROM) (Total:6.15 GB) (Free:0 GB) UDF
Drive g: (Tangled) (CDROM) (Total:2.64 GB) (Free:0 GB) UDF
Drive h: (Volume) (Fixed) (Total:931.51 GB) (Free:488.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: F1BFF7A1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=75 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 149 GB) (Disk ID: 1CD81CD7)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: 66205247)
No partition Table on disk 2.

==================== End Of Log ============================
         

Alt 06.06.2014, 10:51   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fehler beim Laden des Moduls RegSvr32 - Standard

Fehler beim Laden des Moduls RegSvr32



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicyUsers\S-1-5-21-1228840033-2895351102-1459622301-1002\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP244E6CBF-8349-4F3A-8DFC-52A4E5111EB7&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF DefaultSearchEngine: WebSearch
FF SelectedSearchEngine: WebSearch
FF Keyword.URL: http://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q=
C:\ProgramData\InstallMate
C:\Users\Nina\Desktop\UseNeXT by Tangysoft.lnk
C:\ProgramData\9d268cc6c5d3588d
C:\Users\Nina\AppData\Roaming\tor
C:\Users\Nina\AppData\Roaming\Vaowav
C:\Users\Nina\AppData\Roaming\Xaok
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.06.2014, 11:17   #13
-NiNa-
 
Fehler beim Laden des Moduls RegSvr32 - Standard

Fehler beim Laden des Moduls RegSvr32




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Nina (administrator) on NINA-PC on 06-06-2014 12:16:41
Running from C:\Users\Nina\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intenium) C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-10] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\.DEFAULT\...\Run: [Advanced SystemCare 7] => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Run: [Spiele Post] => C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe [483400 2013-12-06] (Intenium)
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1228840033-2895351102-1459622301-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicyUsers\S-1-5-21-1228840033-2895351102-1459622301-1002\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x352833F60A2BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {1CE79CC2-73FA-442F-A916-7B62D1A98476} URL = 
SearchScopes: HKCU - DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP244E6CBF-8349-4F3A-8DFC-52A4E5111EB7&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default
FF DefaultSearchEngine: WebSearch
FF SelectedSearchEngine: WebSearch
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE&l=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Nina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\amazon-icon@giga.de [2014-04-01]
FF Extension: save on - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\auieoaa@y-.co.uk [2014-06-01]
FF Extension: Star Stable Online - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\plugin@starstable.com [2014-02-18]
FF Extension: System.Collections.CaseInsensitiveComparer - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{35CFE46B-1C5F-1AC2-DA02-9AA30B4F6DEE} [2014-05-10]
FF Extension: Popular Website Buddy - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\jid1-l6V8exwLVv1lBw@jetpack.xpi [2014-05-15]
FF Extension: FlashExtension - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{22916f38-7247-49e7-934c-c5bc815b8ea3}.xpi [2014-04-20]
FF Extension: {8f2053ad-6527-424f-9e64-1eca25d13d01} - C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\f1vtxk96.default\Extensions\{8f2053ad-6527-424f-9e64-1eca25d13d01}.xpi [2014-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFF [2014-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ []
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE"
CHR StartupUrls: "hxxp://websearch.eazytosearch.info/?pid=724&r=2014/06/01&hid=13168029659258047577&lg=EN&cc=DE"
CHR Extension: (No Name) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apimnnpjidaoombgegfjdglhbmjcffke [2014-06-01]
CHR Extension: (YouTube) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-08]
CHR Extension: (Google Search) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-08]
CHR Extension: (Enhance Browser) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic [2014-06-01]
CHR Extension: (No Name) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadcplcnmpeikaedkmboghidghbnojad [2014-06-01]
CHR Extension: (save on) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjdbclcpegianmeojpmoddpgggpnploc [2014-06-01]
CHR Extension: (No Name) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-05-27]
CHR Extension: (Norton Identity Protection) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-03-09]
CHR Extension: (Google Wallet) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-09]
CHR Extension: (Gmail) - C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-08]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2014-02-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-16] ()

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-16] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-16] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20140606.001\IDSvia64.sys [525016 2014-06-04] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20140605.032\ENG64.SYS [126040 2014-06-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20140605.032\EX64.SYS [2099288 2014-06-05] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2014-02-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-06 12:14 - 2014-06-06 12:14 - 00001002 _____ () C:\Users\Nina\Desktop\fixlist.txt
2014-06-06 10:08 - 2014-06-06 12:16 - 00000000 ____D () C:\FRST
2014-06-05 23:22 - 2014-06-05 23:22 - 00369811 _____ () C:\Users\Nina\Desktop\photo.php
2014-06-05 22:57 - 2014-06-05 22:57 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-06-05 22:29 - 2014-06-05 22:29 - 01016261 _____ (Thisisu) C:\Users\Nina\Downloads\JRT.exe
2014-06-05 22:29 - 2014-06-05 22:29 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 22:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-05 21:49 - 2014-06-05 21:49 - 00023369 _____ () C:\ComboFix.txt
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-05 21:45 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-05 21:45 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-05 21:45 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-05 21:45 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-05 21:45 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-05 21:45 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-05 21:45 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-05 21:45 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-05 21:43 - 2014-06-05 21:49 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 21:43 - 2014-06-05 21:49 - 00000000 ____D () C:\Qoobox
2014-06-05 21:43 - 2014-06-05 21:43 - 05205146 ____R (Swearware) C:\Users\Nina\Downloads\ComboFix.exe
2014-06-05 21:25 - 2014-06-06 10:09 - 00022439 _____ () C:\Users\Nina\Downloads\Addition.txt
2014-06-05 21:24 - 2014-06-06 12:16 - 00019111 _____ () C:\Users\Nina\Downloads\FRST.txt
2014-06-05 21:15 - 2014-06-05 21:15 - 02068992 _____ (Farbar) C:\Users\Nina\Downloads\FRST64.exe
2014-06-05 21:14 - 2014-06-05 21:15 - 01059840 _____ (Farbar) C:\Users\Nina\Downloads\FRST.exe
2014-06-05 20:39 - 2014-06-05 20:39 - 01333465 _____ () C:\Users\Nina\Downloads\adwcleaner_3.212.exe
2014-06-05 20:12 - 2014-06-06 07:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 20:12 - 2014-06-05 20:12 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-05 20:12 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-05 20:12 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-05 20:12 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-05 20:11 - 2014-06-05 20:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nina\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-05 18:07 - 2014-06-05 18:07 - 00828216 _____ () C:\Users\Nina\Downloads\Setup.exe
2014-06-05 17:52 - 2014-06-05 17:52 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Nina\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Sun
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-05 17:43 - 2014-06-05 17:43 - 29405096 _____ (Oracle Corporation) C:\Users\Nina\Downloads\jre-7u60-windows-i586.exe
2014-06-05 17:35 - 2014-06-05 17:35 - 00700783 ____R (Swearware) C:\Users\Nina\Downloads\dds+.exe
2014-06-05 16:27 - 2014-06-05 16:27 - 00000000 __RHD () C:\Users\Nina\AppData\Roaming\SecuROM
2014-06-05 14:08 - 2014-06-05 14:08 - 00002300 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk
2014-06-05 13:32 - 2014-06-05 13:32 - 00001001 _____ () C:\Users\Nina\Desktop\Origin.lnk
2014-06-05 13:12 - 2014-06-05 13:12 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Nina)
2014-06-05 13:10 - 2014-06-05 13:10 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-06-05 13:10 - 2014-06-05 13:10 - 00001156 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\ProductData
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Apple Computer
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\ProductData
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-06-05 13:09 - 2014-06-05 13:09 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-06-05 13:08 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\IObit
2014-06-05 13:07 - 2014-06-05 23:01 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-06-05 13:07 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\IObit
2014-06-05 13:07 - 2014-06-05 13:07 - 26248320 _____ (IObit ) C:\Users\Nina\Downloads\imf-setup-2.4.1.15.exe
2014-06-05 12:38 - 2014-06-05 12:38 - 00000000 ____D () C:\Users\Nina\Documents\Symantec
2014-06-05 11:19 - 2014-06-05 11:19 - 02347384 _____ (ESET) C:\Users\Nina\Downloads\esetsmartinstaller_deu.exe
2014-06-05 09:43 - 2014-06-05 09:43 - 00001348 __RSH () C:\Users\Einhorn-Pegasus\ntuser.pol
2014-06-05 09:43 - 2014-06-05 09:43 - 00000680 __RSH () C:\Users\Nina\ntuser.pol
2014-06-05 09:27 - 2014-06-05 13:14 - 00000000 ____D () C:\Users\Nina\Documents\Ein Mann hat 7 Tage lang den Himmel auf Teneriffa gefilmt. Was er sah, nimmt mir den Atem-Dateien
2014-06-04 12:58 - 2014-06-04 12:58 - 00003288 _____ () C:\Windows\System32\Tasks\{B6543D33-4196-4FF7-885A-7881AF67AB88}
2014-06-04 12:50 - 2014-06-04 12:50 - 00001861 _____ () C:\Users\Nina\Desktop\UseNeXT by Tangysoft.lnk
2014-06-01 15:34 - 2014-06-05 11:13 - 00000000 ____D () C:\ProgramData\9d268cc6c5d3588d
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Packages
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\TopApp soft
2014-06-01 15:33 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-25 17:53 - 2014-05-25 17:54 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\NVIDIA Corporation
2014-05-25 17:45 - 2014-04-30 20:29 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-05-25 17:45 - 2014-04-30 20:29 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-05-25 17:44 - 2014-05-25 17:45 - 00000000 ____D () C:\Users\Nina\AppData\Local\NVIDIA Corporation
2014-05-25 17:44 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-25 17:44 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft Games
2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Games
2014-05-23 21:34 - 2014-05-23 21:34 - 00001070 _____ () C:\Users\Nina\Documents\VLC media player.lnk
2014-05-16 18:31 - 2014-05-16 18:31 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-05-16 18:30 - 2014-05-16 18:30 - 00001279 _____ () C:\Users\Public\Desktop\Pflanzen gegen Zombies.lnk
2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-14 23:07 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 23:07 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 23:07 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 23:07 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 23:07 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 23:07 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 22:37 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 22:37 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 22:37 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 22:37 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 22:37 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 22:37 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 22:37 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 22:37 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 22:37 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 22:37 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 22:37 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 22:37 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 22:37 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 22:37 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 22:37 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 22:37 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 22:37 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 22:37 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 22:37 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 22:37 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 22:37 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 22:37 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 22:37 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 22:07 - 2014-06-05 13:15 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\tor
2014-05-13 22:07 - 2014-06-05 12:15 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Vaowav
2014-05-13 22:07 - 2014-05-14 08:28 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Xaok
2014-05-10 17:39 - 2014-06-05 12:13 - 00000000 ____D () C:\Users\Nina\AppData\Local\IQsoft
2014-05-10 15:46 - 2014-05-10 15:46 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(6).exe
2014-05-10 11:44 - 2014-05-10 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 11:32 - 2014-05-10 11:32 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(5).exe
2014-05-10 11:31 - 2014-05-10 11:31 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(4).exe
2014-05-10 11:25 - 2014-05-10 11:25 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(3).exe
2014-05-10 11:23 - 2014-05-10 11:23 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(2).exe

==================== One Month Modified Files and Folders =======

2014-06-06 12:16 - 2014-06-06 10:08 - 00000000 ____D () C:\FRST
2014-06-06 12:16 - 2014-06-05 21:24 - 00019111 _____ () C:\Users\Nina\Downloads\FRST.txt
2014-06-06 12:16 - 2014-02-16 13:08 - 00000000 ____D () C:\Users\Nina\AppData\Local\Temp
2014-06-06 12:14 - 2014-06-06 12:14 - 00001002 _____ () C:\Users\Nina\Desktop\fixlist.txt
2014-06-06 11:32 - 2014-02-16 13:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-06 11:17 - 2014-03-27 17:54 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-06 10:27 - 2014-03-01 11:29 - 00000000 ____D () C:\Users\Nina\AppData\Local\CrashDumps
2014-06-06 10:09 - 2014-06-05 21:25 - 00022439 _____ () C:\Users\Nina\Downloads\Addition.txt
2014-06-06 09:21 - 2014-02-16 14:23 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\vlc
2014-06-06 08:17 - 2014-03-27 17:54 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-06 07:07 - 2014-06-05 20:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-06 06:59 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-06 06:59 - 2009-07-14 06:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 06:55 - 2014-02-16 13:07 - 01633453 _____ () C:\Windows\WindowsUpdate.log
2014-06-06 06:51 - 2014-02-16 13:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-06 06:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-06 06:51 - 2009-07-14 06:51 - 00061013 _____ () C:\Windows\setupact.log
2014-06-05 23:22 - 2014-06-05 23:22 - 00369811 _____ () C:\Users\Nina\Desktop\photo.php
2014-06-05 23:01 - 2014-06-05 13:07 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-06-05 23:01 - 2014-02-16 13:19 - 00294732 _____ () C:\Windows\PFRO.log
2014-06-05 22:57 - 2014-06-05 22:57 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-06-05 22:45 - 2014-02-16 14:27 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\UseNeXT
2014-06-05 22:44 - 2014-02-21 17:56 - 00000000 ____D () C:\Users\Nina\AppData\Local\QuickPar
2014-06-05 22:29 - 2014-06-05 22:29 - 01016261 _____ (Thisisu) C:\Users\Nina\Downloads\JRT.exe
2014-06-05 22:29 - 2014-06-05 22:29 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 21:49 - 2014-06-05 21:49 - 00023369 _____ () C:\ComboFix.txt
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-05 21:49 - 2014-06-05 21:43 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 21:49 - 2014-06-05 21:43 - 00000000 ____D () C:\Qoobox
2014-06-05 21:49 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-05 21:48 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-05 21:43 - 2014-06-05 21:43 - 05205146 ____R (Swearware) C:\Users\Nina\Downloads\ComboFix.exe
2014-06-05 21:15 - 2014-06-05 21:15 - 02068992 _____ (Farbar) C:\Users\Nina\Downloads\FRST64.exe
2014-06-05 21:15 - 2014-06-05 21:14 - 01059840 _____ (Farbar) C:\Users\Nina\Downloads\FRST.exe
2014-06-05 20:39 - 2014-06-05 20:39 - 01333465 _____ () C:\Users\Nina\Downloads\adwcleaner_3.212.exe
2014-06-05 20:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-06-05 20:23 - 2005-06-13 21:06 - 00000000 _RSHD () C:\Users\Nina\AppData\Roaming\Windows Firewall
2014-06-05 20:12 - 2014-06-05 20:12 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-05 20:11 - 2014-06-05 20:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nina\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-05 18:17 - 2014-02-16 20:05 - 00000000 ____D () C:\ProgramData\Origin
2014-06-05 18:16 - 2014-02-16 20:05 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-05 18:07 - 2014-06-05 18:07 - 00828216 _____ () C:\Users\Nina\Downloads\Setup.exe
2014-06-05 17:52 - 2014-06-05 17:52 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Nina\Downloads\ParetoLogic PC Health Advisor_de.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-05 17:45 - 2014-06-05 17:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Sun
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-05 17:45 - 2014-06-05 17:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-05 17:43 - 2014-06-05 17:43 - 29405096 _____ (Oracle Corporation) C:\Users\Nina\Downloads\jre-7u60-windows-i586.exe
2014-06-05 17:35 - 2014-06-05 17:35 - 00700783 ____R (Swearware) C:\Users\Nina\Downloads\dds+.exe
2014-06-05 17:28 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-05 17:26 - 2014-02-16 13:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-05 16:27 - 2014-06-05 16:27 - 00000000 __RHD () C:\Users\Nina\AppData\Roaming\SecuROM
2014-06-05 16:14 - 2014-02-16 16:45 - 00000000 ____D () C:\Users\Nina\Documents\Electronic Arts
2014-06-05 14:08 - 2014-06-05 14:08 - 00002300 _____ () C:\Users\Public\Desktop\Die*Sims™*3.lnk
2014-06-05 14:06 - 2014-02-16 21:02 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-06-05 13:32 - 2014-06-05 13:32 - 00001001 _____ () C:\Users\Nina\Desktop\Origin.lnk
2014-06-05 13:16 - 2014-03-05 19:39 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-06-05 13:16 - 2014-02-16 20:11 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-05 13:15 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\tor
2014-06-05 13:14 - 2014-06-05 09:27 - 00000000 ____D () C:\Users\Nina\Documents\Ein Mann hat 7 Tage lang den Himmel auf Teneriffa gefilmt. Was er sah, nimmt mir den Atem-Dateien
2014-06-05 13:14 - 2014-02-16 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2014-06-05 13:12 - 2014-06-05 13:12 - 00002852 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Nina)
2014-06-05 13:10 - 2014-06-05 13:10 - 00002892 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-06-05 13:10 - 2014-06-05 13:10 - 00001156 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\ProductData
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Apple Computer
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\ProductData
2014-06-05 13:10 - 2014-06-05 13:10 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-06-05 13:10 - 2014-06-05 13:08 - 00000000 ____D () C:\ProgramData\IObit
2014-06-05 13:10 - 2014-06-05 13:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\IObit
2014-06-05 13:09 - 2014-06-05 13:09 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
2014-06-05 13:07 - 2014-06-05 13:07 - 26248320 _____ (IObit ) C:\Users\Nina\Downloads\imf-setup-2.4.1.15.exe
2014-06-05 12:38 - 2014-06-05 12:38 - 00000000 ____D () C:\Users\Nina\Documents\Symantec
2014-06-05 12:15 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Vaowav
2014-06-05 12:13 - 2014-05-10 17:39 - 00000000 ____D () C:\Users\Nina\AppData\Local\IQsoft
2014-06-05 11:19 - 2014-06-05 11:19 - 02347384 _____ (ESET) C:\Users\Nina\Downloads\esetsmartinstaller_deu.exe
2014-06-05 11:13 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\9d268cc6c5d3588d
2014-06-05 09:43 - 2014-06-05 09:43 - 00001348 __RSH () C:\Users\Einhorn-Pegasus\ntuser.pol
2014-06-05 09:43 - 2014-06-05 09:43 - 00000680 __RSH () C:\Users\Nina\ntuser.pol
2014-06-05 09:43 - 2014-03-30 17:15 - 00000000 ____D () C:\Users\Einhorn-Pegasus
2014-06-05 09:43 - 2014-02-16 13:08 - 00000000 ____D () C:\Users\Nina
2014-06-05 09:43 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-05 09:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-05 09:01 - 2014-02-16 14:27 - 00000000 ____D () C:\Users\Nina\Documents\UseNeXT
2014-06-04 12:58 - 2014-06-04 12:58 - 00003288 _____ () C:\Windows\System32\Tasks\{B6543D33-4196-4FF7-885A-7881AF67AB88}
2014-06-04 12:57 - 2014-03-08 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
2014-06-04 12:50 - 2014-06-04 12:50 - 00001861 _____ () C:\Users\Nina\Desktop\UseNeXT by Tangysoft.lnk
2014-06-04 12:50 - 2014-02-16 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
2014-06-04 12:50 - 2014-02-16 14:27 - 00000000 ____D () C:\Program Files (x86)\UseNeXT
2014-06-04 12:45 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-01 15:58 - 2014-03-23 12:20 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Packages
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Nina\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Gast
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\Users\Administrator
2014-06-01 15:34 - 2014-06-01 15:34 - 00000000 ____D () C:\ProgramData\TopApp soft
2014-06-01 15:34 - 2014-06-01 15:33 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-01 15:34 - 2014-04-21 19:21 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\Google
2014-06-01 15:34 - 2014-02-16 13:17 - 00000000 ____D () C:\Users\Nina\AppData\Local\Google
2014-06-01 15:32 - 2014-03-12 18:11 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\.minecraft
2014-05-29 13:12 - 2014-04-15 11:15 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\SecondLife
2014-05-29 01:12 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-05-29 01:12 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-05-29 01:12 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-25 17:54 - 2014-05-25 17:53 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Local\NVIDIA Corporation
2014-05-25 17:45 - 2014-05-25 17:44 - 00000000 ____D () C:\Users\Nina\AppData\Local\NVIDIA Corporation
2014-05-25 17:45 - 2014-02-16 13:56 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-25 17:45 - 2014-02-16 13:55 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-25 17:45 - 2014-02-16 13:53 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft Games
2014-05-25 17:41 - 2014-05-25 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Games
2014-05-23 21:34 - 2014-05-23 21:34 - 00001070 _____ () C:\Users\Nina\Documents\VLC media player.lnk
2014-05-23 16:25 - 2014-03-27 17:54 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-21 12:49 - 2014-02-19 16:22 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-18 14:05 - 2014-02-23 18:21 - 00000000 ____D () C:\ProgramData\Wizard101(DE)
2014-05-16 18:31 - 2014-05-16 18:31 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-05-16 18:31 - 2014-02-16 20:05 - 00000000 ____D () C:\Users\Nina\AppData\Local\Origin
2014-05-16 18:31 - 2014-02-16 20:05 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-16 18:30 - 2014-05-16 18:30 - 00001279 _____ () C:\Users\Public\Desktop\Pflanzen gegen Zombies.lnk
2014-05-16 18:30 - 2014-05-16 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-16 18:30 - 2014-02-16 14:11 - 00193468 _____ () C:\Windows\DirectX.log
2014-05-16 18:27 - 2014-02-16 13:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 21:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 19:00 - 2014-03-30 17:16 - 00000000 ___RD () C:\Users\Einhorn-Pegasus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 19:00 - 2014-03-30 17:16 - 00000000 ___RD () C:\Users\Einhorn-Pegasus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 17:52 - 2014-02-16 13:08 - 00000000 ___RD () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 17:52 - 2014-02-16 13:08 - 00000000 ___RD () C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 17:50 - 2014-05-06 22:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 17:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 20:32 - 2014-02-16 13:42 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 20:32 - 2014-02-16 13:42 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 20:32 - 2014-02-16 13:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 08:28 - 2014-05-13 22:07 - 00000000 ____D () C:\Users\Nina\AppData\Roaming\Xaok
2014-05-12 07:26 - 2014-06-05 20:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-05 20:12 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-05 20:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 09:19 - 2014-02-16 16:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 18:25 - 2014-04-15 11:59 - 00000000 ____D () C:\Users\Einhorn-Pegasus\AppData\Roaming\vlc
2014-05-10 15:46 - 2014-05-10 15:46 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(6).exe
2014-05-10 11:44 - 2014-05-10 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 11:32 - 2014-05-10 11:32 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(5).exe
2014-05-10 11:31 - 2014-05-10 11:31 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(4).exe
2014-05-10 11:25 - 2014-05-10 11:25 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(3).exe
2014-05-10 11:23 - 2014-05-10 11:23 - 04105416 _____ (Gameforge 4D GmbH ) C:\Users\Einhorn-Pegasus\Downloads\Wizard101_Installer_DE(2).exe
2014-05-09 08:14 - 2014-05-14 22:37 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 22:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 15:19 - 2014-03-30 18:35 - 00000000 ____D () C:\Users\Einhorn-Pegasus\Documents\Electronic Arts
2014-05-08 08:12 - 2014-03-27 17:54 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 08:12 - 2014-03-27 17:54 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Nina\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 00:19

==================== End Of Log ============================
         
--- --- ---

Alt 06.06.2014, 14:22   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fehler beim Laden des Moduls RegSvr32 - Standard

Fehler beim Laden des Moduls RegSvr32



Falsches Log. Du solltest das Fixlog posten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.06.2014, 21:15   #15
-NiNa-
 
Fehler beim Laden des Moduls RegSvr32 - Standard

Fehler beim Laden des Moduls RegSvr32



das mit der Fixlist.txt funktioniert nicht :-(((((
frst sagt immer fixlist not found

Antwort

Themen zu Fehler beim Laden des Moduls RegSvr32
driver booster, fehler beim laden des moduls, hotspot, js/kryptik.i, msil/adware.pullupdate.a, msil/adware.pullupdate.c, msil/adware.pullupdate.d, msil/injector.cvs, msil/injector.den, msil/psw.coinstealer.l, registrierungsdatenbank, win32/adware.multiplug.n, win32/adware.multiplug.r, win32/adware.multiplug.t, win32/bitcoinminer.bf, win32/boaxxe.bl, win32/bundled.toolbar.ask, win32/bundled.toolbar.ask.d, win32/hao123.a, win32/installcore.az, win32/installerex.m, win32/packed.themida.aaj, win32/softonicdownloader.f, win32/sprotector.d, win32/sprotector.h, win32/toolbar.babylon.h, win32/trojandownloader.agent.afd, win32/winloadsda.d, win64/sprotector.b



Ähnliche Themen: Fehler beim Laden des Moduls RegSvr32


  1. RegSvr32 Fehler beim Laden des Moduls
    Plagegeister aller Art und deren Bekämpfung - 07.07.2015 (21)
  2. Win7 64: Fehler beim Laden des Moduls RegSvr32
    Plagegeister aller Art und deren Bekämpfung - 10.12.2014 (11)
  3. Die Spracherkennung konnte nicht gestartet werden / RegSvr32 Fehler beim laden des Moduls
    Plagegeister aller Art und deren Bekämpfung - 16.11.2014 (9)
  4. Windows 7: Start/ Fehlermeldung RegSvr32 Fehler beim Laden des Moduls + Avira Control Center blockiert
    Log-Analyse und Auswertung - 25.10.2014 (11)
  5. Windows 7: Fehler beim Laden des Moduls; RegSvr32; Avira Antivir öffnet nicht mehr
    Log-Analyse und Auswertung - 22.10.2014 (5)
  6. Windows7: Fehlermeldung RegSvr32 Fehler beim Laden des Moduls/ Antivir-Programm wird blockiert
    Mülltonne - 16.10.2014 (1)
  7. Windows 7 meldet beim Start 'RegSvr32 Fehler beim Laden des Moduls "". ' seit mit Avira Malware entfernt wurde
    Log-Analyse und Auswertung - 10.10.2014 (22)
  8. Fehler beim Laden des Moduls RegSvr32
    Plagegeister aller Art und deren Bekämpfung - 15.09.2014 (9)
  9. Fehler beim Laden des Moduls RegSvr32
    Plagegeister aller Art und deren Bekämpfung - 13.09.2014 (17)
  10. Windows 7: Fehlermeldung bei Systemstart- RegSvr32 "Fehler beim Laden des Moduls
    Log-Analyse und Auswertung - 01.09.2014 (13)
  11. RegSvr32 Fehler beim Laden des Moduls/ Avira durch Gruppenrichtline blockiert
    Log-Analyse und Auswertung - 06.08.2014 (41)
  12. Win 7 - Regsvr32 - fehler beim laden des moduls
    Alles rund um Windows - 02.07.2014 (27)
  13. Win 7 - Regsvr32 - fehler beim laden des moduls III.
    Alles rund um Windows - 29.06.2014 (4)
  14. Win 7: Beim Start 'RegSvr32 Fehler beim Laden des Moduls"".'
    Log-Analyse und Auswertung - 26.06.2014 (6)
  15. Regsvr32 Fehler beim Laden des Moduls
    Plagegeister aller Art und deren Bekämpfung - 12.06.2014 (15)
  16. Win 7: beim Start kommt eine Fehlermeldung: Regsvr32 Fehler beim laden des Moduls
    Alles rund um Windows - 11.06.2014 (1)
  17. regsvr32: Fehler beim Laden des Moduls "c:\ProgramData\ptqnaw.dat
    Log-Analyse und Auswertung - 03.06.2014 (9)

Zum Thema Fehler beim Laden des Moduls RegSvr32 - halli hallo hab schwere probleme mit meinem pc seit ein paar tagen ... mein antivirus war abgelaufen ... hab verlänfert etc und naturlich voller scheiss gewesehn hatte ein programm namens - Fehler beim Laden des Moduls RegSvr32...
Archiv
Du betrachtest: Fehler beim Laden des Moduls RegSvr32 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.