Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Win7: Adware in Google Chrome

Win7: Adware in Google Chrome


Plagegeister aller Art und deren Bekämpfung: Win7: Adware in Google Chrome

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.07.2014, 10:13   #1
MiHau
 
Win7: Adware in Google Chrome - Standard

Win7: Adware in Google Chrome


Guten Tag!

Leider plage ich mich schon das ganze Wochenende damit rum den FamilienPC von Adware zu befreien, die sich durch Einblendung zusätzlicher Werbung im Chrome zeigt.
Beispiel:


Falsche Weiterleitungen gibt es wohl nicht, bisher wird wohl "nur" die zusätzliche Werbung eingeblendet.

EDIT: defogger_disable vergessen anzuhängen, also füge ich das hier ein:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:36 on 20/07/2014 (Michael)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Da die Logfiles zu lang waren, hängen sie als Zip im Anhang.

Schonmal vielen Dank für die Hilfe!

Alt 20.07.2014, 11:52   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Win7: Adware in Google Chrome - Standard

Win7: Adware in Google Chrome


Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 20.07.2014, 12:03   #3
MiHau
 
Win7: Adware in Google Chrome - Standard

Win7: Adware in Google Chrome


Hier die weiteren Logs:
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by Michael (administrator) on HAUBRICHS-PC on 20-07-2014 10:27:26
Running from C:\Users\Michael\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
() C:\Program Files (x86)\Adanak\updateAdanak.exe
() C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe
() C:\Program Files (x86)\Adanak\bin\utilAdanak.exe
() C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\Adanak\bin\Adanak.PurBrowse64.exe
() C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.PurBrowse64.exe
() C:\Program Files (x86)\Adanak\bin\Adanak.BrowserAdapter.exe
() C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9955872 2010-01-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [189520 2014-07-07] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1893725291-927509140-2710564934-1004\...\MountPoints2: {fb218210-3810-11e3-bd63-d02788005d28} - K:\setup.exe
HKU\S-1-5-21-1893725291-927509140-2710564934-1007\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1893725291-927509140-2710564934-1007\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default Þa                                    (the data entry has 1 more characters).
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\adobe air application installer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\bpm.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\bpmdemo_4.9.9.4.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\bpmplay.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\icloud.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\icloudweb.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\shellstreamsshortcut.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\sump.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\switchboard.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Herbert2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.4players.de/
hxxp://www.facebook.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {6EE7E54F-177A-4AD6-92AC-2AD9EBAA6CFD} URL = hxxp://kostenlos.toggle.com/de/index.php?rvs=google
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: SplitButtonBHO Class -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar -> {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} ->  No File
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SplitButtonBHO Class -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM - No Name - !{3041d03e-fd4b-44e0-b742-2d9b88305f98} -  No File
Toolbar: HKLM - No Name - !{30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKLM - No Name - !{40c3cc16-7269-4b32-9531-17f2950fb06f} -  No File
Toolbar: HKLM - No Name - !{53A871EB-8545-4244-A2CE-BFC401587CE4} -  No File
Toolbar: HKLM - No Name - !{fc01c2be-850b-4115-9b6b-9a427ddecc34} -  No File
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKLM-x32 - No Name - !{3041d03e-fd4b-44e0-b742-2d9b88305f98} -  No File
Toolbar: HKLM-x32 - No Name - !{30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKLM-x32 - No Name - !{40c3cc16-7269-4b32-9531-17f2950fb06f} -  No File
Toolbar: HKLM-x32 - No Name - !{53A871EB-8545-4244-A2CE-BFC401587CE4} -  No File
Toolbar: HKLM-x32 - No Name - !{fc01c2be-850b-4115-9b6b-9a427ddecc34} -  No File
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u20-windows-i586.cab
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Jane's%20Hotel%20-%20Family%20Hero/Images/stg_drm.ocx
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Jane's%20Hotel%20-%20Family%20Hero/Images/armhelper.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\zfgbfyap.default
FF NetworkProxy: "http", "93.187.17.202"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @protectdisc.com/NPPDLicenseHelper - C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: NitroPDF - C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll ( )
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober149651.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2013-05-18]
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-19]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-19]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-19]
CHR Extension: (Google-Suche) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-19]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-19]
CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-19]
CHR HKLM-x32\...\Chrome\Extension: [anpiogajjmckmlehhpjnojhebaidkeod] - C:\Users\Haubrichs\AppData\Local\CRE\anpiogajjmckmlehhpjnojhebaidkeod.crx [2014-07-19]
CHR HKLM-x32\...\Chrome\Extension: [hfjckbbeondgbgemllebneccphndhhda] - C:\Users\HAUBRI~1\AppData\Local\Temp\tbch.crx [2014-07-19]
CHR HKLM-x32\...\Chrome\Extension: [ofahndfepeaeelmhdkjiihmofnokhmik] - C:\Users\HAUBRI~1\AppData\Local\Temp\tbch.crx [2014-07-19]

==================== Services (Whitelisted) =================

S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-07] (Avira Operations GmbH & Co. KG)
S3 Boonty Games; C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe [69120 2011-09-06] (BOONTY) [File not signed]
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [341296 2011-06-21] (Nitro PDF Software)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-30] (TuneUp Software)
R2 Update Adanak; C:\Program Files (x86)\Adanak\updateAdanak.exe [321816 2014-07-18] ()
R2 Update Deal Keeper; C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe [321824 2014-07-19] ()
R2 Util Adanak; C:\Program Files (x86)\Adanak\bin\utilAdanak.exe [321816 2014-07-18] ()
R2 Util Deal Keeper; C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe [321824 2014-07-19] ()

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2011-08-22] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-07-19] (Emsisoft GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2011-08-22] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-19] (Malwarebytes Corporation)
R3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [106040 2009-03-12] (AhnLab, Inc.)
S3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [180280 2009-08-18] (AhnLab, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
R1 {2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64; C:\Windows\System32\drivers\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64.sys [61112 2014-07-08] (StdLib)
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys [61120 2014-07-18] (StdLib)
S1 ajywjedc; \??\C:\Windows\system32\drivers\ajywjedc.sys [X]
S3 dump_wmimmc; \??\C:\AeriaGames\Wolfteam-DE\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S2 Tdlpt; \??\C:\Windows\system32\drivers\Tdlpt.sys [X]
S3 wolf; \??\C:\AeriaGames\Wolfteam-DE\avital\wolf64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-20 10:25 - 2014-07-20 10:25 - 00000020 ___SH () C:\Users\TEMP.Haubrichs-PC\ntuser.ini
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\Vorlagen
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\Startmenü
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\Netzwerkumgebung
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\Lokale Einstellungen
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\Eigene Dateien
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\Druckumgebung
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\Documents\Eigene Musik
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\Documents\Eigene Bilder
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\AppData\Local\Verlauf
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\AppData\Local\Anwendungsdaten
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\Anwendungsdaten
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 ____D () C:\Users\TEMP.Haubrichs-PC
2014-07-20 10:25 - 2014-07-10 15:26 - 00000000 ____D () C:\Users\TEMP.Haubrichs-PC\AppData\Local\Google
2014-07-20 10:25 - 2013-03-18 10:07 - 00000000 ____D () C:\Users\TEMP.Haubrichs-PC\AppData\Roaming\TuneUp Software
2014-07-20 10:25 - 2012-05-05 10:40 - 00000000 ____D () C:\Users\TEMP.Haubrichs-PC\AppData\Roaming\Macromedia
2014-07-20 10:25 - 2011-03-08 21:31 - 00000000 ____D () C:\Users\TEMP.Haubrichs-PC\AppData\Local\Microsoft Help
2014-07-20 10:25 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\TEMP.Haubrichs-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-20 10:25 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\TEMP.Haubrichs-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-20 10:22 - 2014-07-20 10:22 - 00001034 _____ () C:\EamClean.log
2014-07-20 10:21 - 2014-07-20 10:21 - 00003416 ____N () C:\bootsqm.dat
2014-07-20 10:19 - 2014-07-20 10:19 - 00000000 __SHD () C:\found.000
2014-07-19 22:45 - 2014-07-19 22:45 - 00000550 _____ () C:\Users\Michael\Desktop\Emsisoft Emergency Kit.lnk
2014-07-19 22:45 - 2014-07-19 22:45 - 00000000 ____D () C:\EEK
2014-07-19 21:25 - 2014-07-19 21:25 - 00001870 _____ () C:\Users\Michael\Desktop\JRT.txt
2014-07-19 20:53 - 2014-07-19 20:54 - 00053096 _____ () C:\Users\Michael\Downloads\Addition.txt
2014-07-19 20:50 - 2014-07-20 10:27 - 00023523 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-07-19 20:50 - 2014-07-20 10:27 - 00000000 ____D () C:\FRST
2014-07-19 20:49 - 2014-07-19 21:00 - 215630768 _____ () C:\Users\Michael\Downloads\EmsisoftEmergencyKit.exe
2014-07-19 20:49 - 2014-07-19 20:50 - 02089984 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-07-19 20:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-19 20:01 - 2014-07-19 20:01 - 01016261 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe
2014-07-19 20:00 - 2014-07-19 20:00 - 01354223 _____ () C:\Users\Michael\Downloads\adwcleaner_3.216.exe
2014-07-19 19:55 - 2014-07-19 19:55 - 00002211 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-19 19:55 - 2014-07-19 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-19 19:53 - 2014-07-20 10:22 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 19:53 - 2014-07-20 09:58 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 19:53 - 2014-07-19 19:53 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-19 19:53 - 2014-07-19 19:53 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-19 18:27 - 2014-07-19 18:27 - 00000000 ____D () C:\Users\Michael\AppData\Local\Avg2014
2014-07-19 16:50 - 2014-07-19 16:50 - 00000000 __SHD () C:\Users\Michael\AppData\Local\EmieUserList
2014-07-19 16:50 - 2014-07-19 16:50 - 00000000 __SHD () C:\Users\Michael\AppData\Local\EmieSiteList
2014-07-19 15:08 - 2014-07-19 21:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-19 15:08 - 2014-07-19 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-19 15:08 - 2014-07-19 15:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-19 15:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-19 15:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-19 15:07 - 2014-07-19 15:07 - 506066019 _____ () C:\Users\Michael\Downloads\Rulez.TXN.2014.07.17.HDTV.mp4
2014-07-18 15:48 - 2014-07-18 15:48 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\Vorlagen
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\Startmenü
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\Netzwerkumgebung
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\Lokale Einstellungen
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\Eigene Dateien
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\Druckumgebung
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Musik
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Bilder
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Verlauf
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Anwendungsdaten
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\Anwendungsdaten
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 ____D () C:\Users\TEMP
2014-07-18 15:48 - 2014-07-10 15:26 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Google
2014-07-18 15:48 - 2013-03-18 10:07 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\TuneUp Software
2014-07-18 15:48 - 2012-05-05 10:40 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Macromedia
2014-07-18 15:48 - 2011-03-08 21:31 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Microsoft Help
2014-07-18 15:48 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-18 15:48 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-18 15:45 - 2014-07-18 06:01 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys
2014-07-18 13:41 - 2014-07-08 18:42 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64.sys
2014-07-18 13:12 - 2014-07-20 10:10 - 00000000 ____D () C:\Program Files (x86)\Deal Keeper
2014-07-18 12:40 - 2014-07-18 12:40 - 00001426 _____ () C:\Users\Thomas\Desktop\Registry kostenlos entrümpeln!.lnk
2014-07-18 12:39 - 2014-07-20 10:10 - 00000000 ____D () C:\Program Files (x86)\Adanak
2014-07-18 11:21 - 2014-07-18 11:21 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieUserList
2014-07-18 11:21 - 2014-07-18 11:21 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieSiteList
2014-07-16 20:59 - 2014-07-16 20:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe
2014-07-16 20:56 - 2014-07-17 20:16 - 00000000 ____D () C:\Users\Michael\Desktop\plauschangriff
2014-07-12 14:28 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-12 14:28 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-12 14:28 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-12 14:28 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-12 14:28 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-12 14:28 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-12 14:28 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-12 14:28 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-12 14:28 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-12 14:28 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-12 14:28 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-12 14:28 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-12 14:28 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-12 14:28 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-12 14:28 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-12 14:28 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-12 14:28 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-12 14:28 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-12 14:28 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-12 14:28 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-12 14:28 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-12 14:28 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-12 14:28 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-12 14:28 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-12 14:28 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-12 14:28 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-12 14:28 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-12 14:28 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-12 14:28 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-12 14:28 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-12 14:28 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-12 14:28 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-12 14:28 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-12 14:28 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-12 14:28 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-12 14:28 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-12 14:28 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-12 14:28 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-12 14:28 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-12 14:28 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-12 14:28 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-12 14:28 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-12 14:28 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-12 14:28 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-12 14:28 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-12 14:28 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-12 14:28 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-12 14:28 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-12 14:28 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-12 14:28 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-12 14:28 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-12 14:28 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-12 14:28 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-12 14:28 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-12 14:28 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-12 14:28 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-12 14:15 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-12 14:15 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-12 14:15 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-12 14:15 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-12 14:15 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-12 14:15 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-12 14:15 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-12 14:15 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-12 14:15 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-12 14:15 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-12 14:15 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-12 14:15 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-12 14:15 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-12 14:15 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-12 14:15 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-12 14:15 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-12 14:15 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-12 14:15 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-12 14:15 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-12 14:15 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-12 14:15 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-12 14:15 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-12 14:15 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-12 14:15 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-12 14:15 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 15:26 - 2014-07-10 15:26 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-07-10 15:26 - 2014-07-10 15:26 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-07-04 15:49 - 2014-07-04 15:49 - 00002728 _____ () C:\Users\Michaela\Desktop\Lightroom 4 Catalog - Verknüpfung.lnk
2014-06-22 22:53 - 2014-06-22 22:53 - 00000000 ____D () C:\Users\Thomas\AppData\Local\NVIDIA
2014-06-22 18:21 - 2014-06-22 18:21 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\yWorks
2014-06-20 09:05 - 2014-06-22 18:12 - 00000000 ____D () C:\Users\Michael\UMLet
2014-06-20 09:05 - 2014-06-20 09:05 - 00000000 ____D () C:\Users\Michael\Downloads\umlet_12.2
2014-06-20 00:37 - 2014-06-20 09:26 - 00000000 ____D () C:\Program Files (x86)\MSECache

==================== One Month Modified Files and Folders =======

2014-07-20 10:29 - 2014-07-19 20:50 - 00023523 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-07-20 10:27 - 2014-07-19 20:50 - 00000000 ____D () C:\FRST
2014-07-20 10:27 - 2013-05-13 22:07 - 01752092 _____ () C:\Windows\WindowsUpdate.log
2014-07-20 10:25 - 2014-07-20 10:25 - 00000020 ___SH () C:\Users\TEMP.Haubrichs-PC\ntuser.ini
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\Vorlagen
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\Startmenü
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\Netzwerkumgebung
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\Lokale Einstellungen
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\Eigene Dateien
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\Druckumgebung
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\Documents\Eigene Musik
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\Documents\Eigene Bilder
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\AppData\Local\Verlauf
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\AppData\Local\Anwendungsdaten
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _SHDL () C:\Users\TEMP.Haubrichs-PC\Anwendungsdaten
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 ____D () C:\Users\TEMP.Haubrichs-PC
2014-07-20 10:25 - 2012-10-05 23:52 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox
2014-07-20 10:23 - 2014-05-05 11:12 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DropboxMaster
2014-07-20 10:23 - 2012-10-05 23:53 - 00000000 ___RD () C:\Users\Michael\Dropbox
2014-07-20 10:23 - 2009-07-14 04:34 - 00000729 _____ () C:\Windows\win.ini
2014-07-20 10:22 - 2014-07-20 10:22 - 00001034 _____ () C:\EamClean.log
2014-07-20 10:22 - 2014-07-19 19:53 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 10:22 - 2013-09-10 06:46 - 00850468 _____ () C:\Windows\PFRO.log
2014-07-20 10:22 - 2013-08-25 16:47 - 00064342 _____ () C:\Windows\setupact.log
2014-07-20 10:22 - 2011-06-08 12:22 - 00000314 ___SH () C:\Windows\Tasks\FIQMXPA.job
2014-07-20 10:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-20 10:22 - 2007-10-10 08:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-20 10:21 - 2014-07-20 10:21 - 00003416 ____N () C:\bootsqm.dat
2014-07-20 10:19 - 2014-07-20 10:19 - 00000000 __SHD () C:\found.000
2014-07-20 10:10 - 2014-07-18 13:12 - 00000000 ____D () C:\Program Files (x86)\Deal Keeper
2014-07-20 10:10 - 2014-07-18 12:39 - 00000000 ____D () C:\Program Files (x86)\Adanak
2014-07-20 09:58 - 2014-07-19 19:53 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 09:32 - 2012-04-16 21:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-20 07:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-19 22:45 - 2014-07-19 22:45 - 00000550 _____ () C:\Users\Michael\Desktop\Emsisoft Emergency Kit.lnk
2014-07-19 22:45 - 2014-07-19 22:45 - 00000000 ____D () C:\EEK
2014-07-19 21:40 - 2014-07-19 15:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-19 21:25 - 2014-07-19 21:25 - 00001870 _____ () C:\Users\Michael\Desktop\JRT.txt
2014-07-19 21:23 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-19 21:23 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-19 21:18 - 2011-02-18 21:24 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-19 21:09 - 2014-01-26 01:32 - 00000000 ____D () C:\AdwCleaner
2014-07-19 21:00 - 2014-07-19 20:49 - 215630768 _____ () C:\Users\Michael\Downloads\EmsisoftEmergencyKit.exe
2014-07-19 20:54 - 2014-07-19 20:53 - 00053096 _____ () C:\Users\Michael\Downloads\Addition.txt
2014-07-19 20:50 - 2014-07-19 20:49 - 02089984 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-07-19 20:04 - 2013-05-16 19:52 - 00000000 ____D () C:\Users\Herbert
2014-07-19 20:04 - 2011-01-25 19:02 - 00000000 ____D () C:\Users\Christian
2014-07-19 20:01 - 2014-07-19 20:01 - 01016261 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe
2014-07-19 20:00 - 2014-07-19 20:00 - 01354223 _____ () C:\Users\Michael\Downloads\adwcleaner_3.216.exe
2014-07-19 19:55 - 2014-07-19 19:55 - 00002211 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-19 19:55 - 2014-07-19 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-19 19:55 - 2011-02-03 21:27 - 00000000 ____D () C:\Users\Michael\AppData\Local\Google
2014-07-19 19:55 - 2011-01-26 13:08 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-19 19:53 - 2014-07-19 19:53 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-19 19:53 - 2014-07-19 19:53 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-19 19:53 - 2014-01-25 23:11 - 00000000 ____D () C:\Users\Michael\AppData\Local\Deployment
2014-07-19 19:50 - 2011-03-12 19:57 - 00000000 ____D () C:\Program Files (x86)\Alawar.de
2014-07-19 19:12 - 2011-04-29 23:44 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
2014-07-19 18:27 - 2014-07-19 18:27 - 00000000 ____D () C:\Users\Michael\AppData\Local\Avg2014
2014-07-19 18:20 - 2011-07-12 19:59 - 00000000 ____D () C:\ProgramData\Skype
2014-07-19 18:18 - 2011-02-13 22:55 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Trillian
2014-07-19 18:15 - 2011-11-30 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo DE
2014-07-19 18:15 - 2011-11-01 12:33 - 00000000 ____D () C:\ProgramData\RescueFrenzy
2014-07-19 18:15 - 2011-10-05 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shockwave.com
2014-07-19 18:15 - 2011-02-04 22:18 - 00000000 ____D () C:\Program Files (x86)\Shockwave.com
2014-07-19 18:15 - 2011-01-20 22:37 - 00000000 ____D () C:\Users\Haubrichs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-19 18:11 - 2011-06-04 00:21 - 00000000 ____D () C:\Program Files (x86)\Jetztspielen.de
2014-07-19 18:10 - 2011-02-04 16:00 - 00000000 ____D () C:\Program Files (x86)\BoontyGames
2014-07-19 18:09 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-19 18:00 - 2012-08-02 12:21 - 00000000 ____D () C:\ProgramData\Sony Ericsson
2014-07-19 18:00 - 2012-08-02 12:21 - 00000000 ____D () C:\Program Files (x86)\Sony Ericsson
2014-07-19 17:58 - 2011-09-06 21:54 - 00000000 ____D () C:\ProgramData\VirtualFarm2
2014-07-19 17:50 - 2012-01-01 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gamesload Spiele
2014-07-19 17:39 - 2011-01-29 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiaa
2014-07-19 17:39 - 2011-01-29 16:46 - 00000000 ____D () C:\Fiaa
2014-07-19 17:24 - 2011-12-10 19:30 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-07-19 17:21 - 2012-04-24 20:23 - 00000000 ____D () C:\AeriaGames
2014-07-19 17:17 - 2010-08-25 17:15 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-07-19 17:15 - 2011-02-21 22:56 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\SoftGrid Client
2014-07-19 17:15 - 2011-01-19 19:05 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-07-19 17:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-19 17:15 - 2007-10-10 18:39 - 00702964 _____ () C:\Windows\system32\perfh007.dat
2014-07-19 17:15 - 2007-10-10 18:39 - 00150604 _____ () C:\Windows\system32\perfc007.dat
2014-07-19 17:11 - 2012-12-27 15:53 - 00000000 ____D () C:\Users\Haubrichs\AppData\Roaming\LegacyGames
2014-07-19 17:10 - 2012-12-30 18:37 - 00000000 ____D () C:\Users\Haubrichs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo Spiele
2014-07-19 17:07 - 2011-11-30 11:22 - 00000000 ____D () C:\Program Files (x86)\CasualGameBox
2014-07-19 17:04 - 2011-10-01 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandlot Games
2014-07-19 17:04 - 2011-03-04 19:19 - 00000000 ____D () C:\Program Files (x86)\Sandlot Games
2014-07-19 17:02 - 2012-12-30 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BoontyGames
2014-07-19 17:00 - 2011-02-06 18:14 - 00000000 ____D () C:\Program Files (x86)\Youdagames
2014-07-19 16:57 - 2013-08-23 16:29 - 00000000 ____D () C:\Riot Games
2014-07-19 16:50 - 2014-07-19 16:50 - 00000000 __SHD () C:\Users\Michael\AppData\Local\EmieUserList
2014-07-19 16:50 - 2014-07-19 16:50 - 00000000 __SHD () C:\Users\Michael\AppData\Local\EmieSiteList
2014-07-19 16:44 - 2011-04-02 14:56 - 00000000 ____D () C:\Program Files (x86)\Realore
2014-07-19 16:39 - 2011-05-20 10:20 - 00000000 ____D () C:\Games
2014-07-19 16:38 - 2011-05-26 12:28 - 00000000 ____D () C:\Program Files (x86)\iWin.com
2014-07-19 16:36 - 2012-02-01 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Games
2014-07-19 16:25 - 2011-02-04 17:03 - 00000000 ____D () C:\GameHouse Games
2014-07-19 16:24 - 2011-02-04 17:03 - 00000000 ____D () C:\Program Files (x86)\RealArcade
2014-07-19 16:23 - 2011-03-04 12:59 - 00000000 ____D () C:\Program Files (x86)\OXXOGames
2014-07-19 16:22 - 2011-03-04 12:59 - 00000000 ____D () C:\Program Files (x86)\DEUTSCHLAND SPIELT
2014-07-19 16:21 - 2011-11-05 00:05 - 00000000 ____D () C:\ProgramData\NexonEU
2014-07-19 16:21 - 2011-01-24 17:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEXON
2014-07-19 16:21 - 2011-01-24 15:37 - 00000000 ____D () C:\Nexon
2014-07-19 15:08 - 2014-07-19 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-19 15:08 - 2014-07-19 15:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-19 15:08 - 2014-01-25 23:41 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-19 15:08 - 2014-01-25 23:41 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Malwarebytes
2014-07-19 15:08 - 2014-01-25 23:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-19 15:07 - 2014-07-19 15:07 - 506066019 _____ () C:\Users\Michael\Downloads\Rulez.TXN.2014.07.17.HDTV.mp4
2014-07-19 14:17 - 2014-06-19 17:34 - 00000000 ___RD () C:\Users\Michael\Google Drive
2014-07-18 15:48 - 2014-07-18 15:48 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\Vorlagen
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\Startmenü
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\Netzwerkumgebung
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\Lokale Einstellungen
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\Eigene Dateien
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\Druckumgebung
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Musik
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Bilder
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Verlauf
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Anwendungsdaten
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 _SHDL () C:\Users\TEMP\Anwendungsdaten
2014-07-18 15:48 - 2014-07-18 15:48 - 00000000 ____D () C:\Users\TEMP
2014-07-18 15:43 - 2013-09-10 07:25 - 00001426 _____ () C:\Users\Michaela\Desktop\Registry kostenlos entrümpeln!.lnk
2014-07-18 15:41 - 2011-01-18 21:51 - 00116904 _____ () C:\Users\Haubrichs\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-18 13:41 - 2009-07-14 07:13 - 01630924 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-18 13:25 - 2012-11-06 00:20 - 00000000 ____D () C:\Users\Thomas\Desktop\Rauschmittel für Körper und Geist
2014-07-18 12:40 - 2014-07-18 12:40 - 00001426 _____ () C:\Users\Thomas\Desktop\Registry kostenlos entrümpeln!.lnk
2014-07-18 11:21 - 2014-07-18 11:21 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieUserList
2014-07-18 11:21 - 2014-07-18 11:21 - 00000000 __SHD () C:\Users\Thomas\AppData\Local\EmieSiteList
2014-07-18 06:01 - 2014-07-18 15:45 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys
2014-07-17 20:44 - 2013-05-16 20:10 - 00003516 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Haubrichs-PC-Herbert
2014-07-17 20:44 - 2013-01-14 21:11 - 00003520 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Haubrichs-PC-Christian
2014-07-17 20:44 - 2011-07-27 00:12 - 00003696 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-07-17 20:16 - 2014-07-16 20:56 - 00000000 ____D () C:\Users\Michael\Desktop\plauschangriff
2014-07-17 11:29 - 2013-05-17 17:25 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Adobe
2014-07-16 20:59 - 2014-07-16 20:59 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe
2014-07-16 20:45 - 2011-05-18 18:17 - 00000000 ____D () C:\Users\Michael\Desktop\beruf
2014-07-16 10:49 - 2014-04-29 11:57 - 00000000 ____D () C:\Users\Christian\AppData\Local\daedalic entertainment
2014-07-16 10:47 - 2014-01-09 00:35 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Spotify
2014-07-16 10:20 - 2014-01-09 00:38 - 00000000 ____D () C:\Users\Christian\AppData\Local\Spotify
2014-07-15 16:08 - 2014-01-25 21:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-15 16:08 - 2014-01-25 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-15 16:08 - 2014-01-25 21:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-12 23:21 - 2009-07-14 06:45 - 06699208 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-12 21:47 - 2014-04-26 21:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-12 21:47 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 21:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-12 21:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-12 21:04 - 2014-04-15 23:47 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\KeePass
2014-07-12 15:33 - 2014-04-15 21:45 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-07-12 15:33 - 2014-04-15 21:45 - 00001069 _____ () C:\Users\Michael\Desktop\KeePass 2.lnk
2014-07-12 15:33 - 2014-04-15 21:45 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-07-12 14:39 - 2013-09-22 14:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-12 14:34 - 2011-01-19 00:54 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-12 14:33 - 2011-01-19 19:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-11 23:50 - 2013-05-15 19:50 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Microsoft Help
2014-07-11 21:32 - 2012-04-16 21:06 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-11 21:32 - 2012-04-16 21:06 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-11 21:32 - 2011-05-19 02:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-11 16:32 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-10 15:26 - 2014-07-20 10:25 - 00000000 ____D () C:\Users\TEMP.Haubrichs-PC\AppData\Local\Google
2014-07-10 15:26 - 2014-07-18 15:48 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Google
2014-07-10 15:26 - 2014-07-10 15:26 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-07-10 15:26 - 2014-07-10 15:26 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-07-10 15:26 - 2014-02-18 20:27 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-08 18:42 - 2014-07-18 13:41 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64.sys
2014-07-08 16:24 - 2014-02-20 17:03 - 00000000 ____D () C:\Users\Herbert\AppData\Local\Pokki
2014-07-08 16:23 - 2013-05-16 19:53 - 00116904 _____ () C:\Users\Herbert\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-08 16:21 - 2013-05-16 19:54 - 00000000 ____D () C:\Users\Herbert\AppData\Local\Google
2014-07-06 15:23 - 2014-04-20 22:15 - 00000000 ____D () C:\Users\Michael\AppData\Local\Daedalic Entertainment
2014-07-04 15:49 - 2014-07-04 15:49 - 00002728 _____ () C:\Users\Michaela\Desktop\Lightroom 4 Catalog - Verknüpfung.lnk
2014-07-04 15:39 - 2013-05-15 19:50 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Adobe
2014-07-02 17:03 - 2012-06-17 18:25 - 01883136 ___SH () C:\Users\Christian\Desktop\Thumbs.db
2014-07-02 17:00 - 2013-04-13 19:40 - 00000000 ____D () C:\ProgramData\tmp
2014-07-02 16:09 - 2012-01-09 17:42 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\Nitro PDF
2014-07-02 15:51 - 2011-02-19 11:57 - 00116904 _____ () C:\Users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-02 15:48 - 2011-01-29 16:02 - 00000000 ____D () C:\Users\Christian\AppData\Local\Google
2014-07-01 21:42 - 2011-07-12 19:59 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2014-07-01 14:55 - 2014-01-26 14:49 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-01 14:46 - 2011-01-21 17:37 - 00000000 ____D () C:\Users\Michael
2014-06-30 19:30 - 2014-01-16 20:49 - 00000000 ____D () C:\Users\Herbert2
2014-06-30 19:30 - 2013-05-15 19:50 - 00000000 ____D () C:\Users\Michaela
2014-06-30 19:30 - 2011-01-22 18:33 - 00000000 ____D () C:\Users\Maria
2014-06-30 19:30 - 2011-01-21 16:16 - 00000000 ____D () C:\Users\Thomas
2014-06-30 19:30 - 2011-01-18 21:51 - 00000000 ____D () C:\Users\Haubrichs
2014-06-30 19:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-30 04:09 - 2014-07-12 14:15 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-12 14:15 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 14:55 - 2011-01-26 22:29 - 00000000 ____D () C:\Users\Maria\AppData\Local\Google
2014-06-29 14:55 - 2011-01-23 13:56 - 00116904 _____ () C:\Users\Maria\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-24 16:34 - 2013-05-15 19:51 - 00116904 _____ () C:\Users\Michaela\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-24 16:33 - 2013-05-15 19:51 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Google
2014-06-23 16:47 - 2014-01-23 21:32 - 00000000 ____D () C:\Users\Herbert2\AppData\Local\Google
2014-06-23 16:47 - 2014-01-16 20:50 - 00116904 _____ () C:\Users\Herbert2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-23 02:18 - 2014-04-15 21:44 - 00002766 _____ () C:\Users\Michael\Desktop\privat.kdbx
2014-06-22 23:05 - 2013-09-22 18:13 - 00000000 ____D () C:\Users\Thomas\Desktop\Ausbildung
2014-06-22 22:55 - 2011-01-21 17:31 - 00116904 _____ () C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-22 22:53 - 2014-06-22 22:53 - 00000000 ____D () C:\Users\Thomas\AppData\Local\NVIDIA
2014-06-22 22:53 - 2011-01-26 13:08 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Google
2014-06-22 18:21 - 2014-06-22 18:21 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\yWorks
2014-06-22 18:12 - 2014-06-20 09:05 - 00000000 ____D () C:\Users\Michael\UMLet
2014-06-22 17:27 - 2011-06-07 14:47 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Nitro PDF
2014-06-20 22:14 - 2014-07-12 14:28 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-12 14:28 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 09:33 - 2007-10-10 08:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-06-20 09:26 - 2014-06-20 00:37 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-06-20 09:05 - 2014-06-20 09:05 - 00000000 ____D () C:\Users\Michael\Downloads\umlet_12.2
2014-06-20 00:38 - 2011-01-22 11:20 - 00116904 _____ () C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT

Files to move or delete:
====================
C:\ProgramData\6796117.bat
C:\ProgramData\6796117.reg
C:\ProgramData\7115507.bat
C:\ProgramData\7115507.reg
C:\ProgramData\8864387.bat
C:\ProgramData\8864387.reg
C:\ProgramData\mazuki.dll
C:\Users\Herbert\AppData\Roaming\skype.ini


Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\avgnt.exe
C:\Users\Christian\AppData\Local\Temp\Bootstrapper_0-uvdhqmaP_.exe
C:\Users\Christian\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Christian\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Haubrichs\AppData\Local\Temp\4db8c59afc31544abcd74bf959a458ef.dll
C:\Users\Haubrichs\AppData\Local\Temp\BackupSetup.exe
C:\Users\Haubrichs\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Haubrichs\AppData\Local\Temp\uninst1.exe
C:\Users\Herbert\AppData\Local\Temp\avgnt.exe
C:\Users\Herbert\AppData\Local\Temp\jpathwatch-nativelib-v-0-94-jpathwatch-native.dll
C:\Users\Herbert2\AppData\Local\Temp\avgnt.exe
C:\Users\Maria\AppData\Local\Temp\avgnt.exe
C:\Users\Michael\AppData\Local\Temp\avgnt.exe
C:\Users\Michael\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzuddaa.dll
C:\Users\Michael\AppData\Local\Temp\htmlayout.dll
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Michael\AppData\Local\Temp\uninst1.exe
C:\Users\Michael\AppData\Local\Temp\uninstall-updater8887577.exe
C:\Users\Michael\AppData\Local\Temp\uninstall8857404.exe
C:\Users\Michael\AppData\Local\Temp\uninstall8868883.exe
C:\Users\Michael\AppData\Local\Temp\uninstall8868899.exe
C:\Users\Michael\AppData\Local\Temp\uninstall8905033.exe
C:\Users\Michael\AppData\Local\Temp\uninstall8905048.exe
C:\Users\Michael\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Michael\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Michaela\AppData\Local\Temp\avgnt.exe
C:\Users\Michaela\AppData\Local\Temp\installerdll1077982.dll
C:\Users\Michaela\AppData\Local\Temp\Setup.exe
C:\Users\Thomas\AppData\Local\Temp\avgnt.exe
C:\Users\Thomas\AppData\Local\Temp\BackupSetup.exe
C:\Users\Thomas\AppData\Local\Temp\htmlayout.dll
C:\Users\Thomas\AppData\Local\Temp\RegClean2.exe
C:\Users\Thomas\AppData\Local\Temp\toolbar5290916.exe
C:\Users\Thomas\AppData\Local\Temp\toolbar5290924.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-20 07:25

==================== End Of Log ============================
--- --- ---


Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2014
Ran by Michael at 2014-07-19 20:53:17
Running from C:\Users\Michael\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adanak (HKLM\...\Adanak) (Version: 2014.07.18.063940 - Adanak)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.1060 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{CADBC192-932B-EC76-510D-4012A33C5E20}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Avira (HKLM-x32\...\{142be4a8-895b-4ed9-b1ff-11c76357e3df}) (Version: 1.1.17.31000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.17.31000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
AVM FRITZ!Box AddOn (IE) (HKLM-x32\...\{0F0B7981-5262-4C55-8499-5C3C2AE05699}) (Version: 1.5.7 - AVM Berlin)
AVM FRITZ!Box AddOn (IE) (x64) (HKLM\...\{01EBCEA8-DB46-4C0C-B0CE-043FD7013903}) (Version: 1.5.7 - AVM Berlin)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - Ronimo Games)
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
Battle Worlds: Kronos (HKLM-x32\...\Steam App 237470) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
BPM-Studio 4 Private (HKLM-x32\...\{E341EE7E-0647-4607-8B6B-66A123999056}) (Version: 4.9.94 - AlcaTech)
Broken Age (HKLM-x32\...\Steam App 232790) (Version:  - Double Fine Productions)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.8.0.1 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.7.0.1 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.7.0.6 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.5.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.6.0.5 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.9 (HKLM-x32\...\DPP) (Version: 3.9.1.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.9.0.0 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.8.0.0 - Canon Inc.)
Canon Utilities WFT Utility (HKLM-x32\...\WFTK) (Version: 3.5.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.6.0.23 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.4.0.4 - Canon Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version:  - )
Deal Keeper (HKLM\...\Deal Keeper) (Version: 2014.07.18.093841 - Deal Keeper)
Dia (nur entfernen) (HKLM-x32\...\Dia) (Version:  - )
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
Europa-Führerschein 2012 v10.0 (HKLM-x32\...\Europa-Führerschein 2012) (Version: 10.0 - S.A.D.)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Bethesda Softworks)
ffdshow v1.1.4399 [2012-03-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4399.0 - )
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.23.219 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.23.219 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HDR Photo Pro 5 (HKLM-x32\...\HDR Photo Pro 5) (Version: Windows Version v1.0.0 - HengTu, Inc.)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
J2SE Runtime Environment 5.0 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150000}) (Version: 1.5.0 - Sun Microsystems, Inc.)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020F0}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Java(TM) 7 Update 4 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417004FF}) (Version: 7.0.40 - Oracle)
Java(TM) SE Runtime Environment 6 Update 1 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
KeePass Password Safe 2.27 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Luminance HDR 2.2.1 (HKLM-x32\...\{7020FC34-6E04-4858-924D-354B28CB2402}_is1) (Version:  - Luminance HDR Dev Team)
MagniPic (HKLM\...\{14BAB75D-8865-48EA-AA01-C047CF5995AB}) (Version: 1.0 - ) <==== ATTENTION
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version:  - BioWare)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.318.3 - McAfee, Inc.)
MediaMonkey 3.2 (HKLM-x32\...\MediaMonkey_is1) (Version: 3.2 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visio Viewer 2013 (HKLM\...\{95150000-0052-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version:  - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NetObjects Fusion 10.0 (HKLM-x32\...\{B41820B9-170F-4448-80EC-083B6E4E444C}) (Version: 10.0 German - )
NetObjects Toolbox - Bonusanwendungen (HKLM-x32\...\{0C67F96B-8502-4503-9949-B1A8FF9A43DC}) (Version: 1.0 - )
Nitro PDF Reader 2 (HKLM\...\{3DA00A00-C3E9-4064-B62C-CAD25EAF0B6A}) (Version: 2.0.0.29 - Nitro PDF Software)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.64 - )
NVIDIA 3D Vision Controller-Treiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.97 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 2.9.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Photivo version 27 Mar 2011 (af1122a33cb1) (HKLM-x32\...\{F7E4DC4D-EFDF-4896-95EA-7AB47255CFF8}_is1) (Version: 27 Mar 2011 (af1122a33cb1) - )
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Frame Maker 2.8 (HKLM-x32\...\Photo Frame Maker_is1) (Version:  - ZeallSoft, Inc.)
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photomatix Pro version 4.1.4 (HKLM-x32\...\PhotomatixPro41x32_is1) (Version: 4.1.4 - HDRsoft Sarl)
Photomatix Pro version 4.2.6 (HKLM-x32\...\PhotomatixPro42x32_is1) (Version: 4.2.6 - HDRsoft Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
pix2up 4.8.0.6 (HKLM-x32\...\{27A8CFAB-67A7-4092-90DE-5EC7770BBDCB}_is1) (Version: 4.8.0.6 - PixelfotoExpress)
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version:  - PopCap)
Plugin 7 (HKLM-x32\...\{F16247B8-CD07-40C4-8C96-FC2568G29E8F}}_is1) (Version: 7 - WebSource)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PrivitizeVPN (HKLM-x32\...\PrivitizeVPN) (Version: 1.0.0 - OOO Industry) <==== ATTENTION
Protect Disc License Helper 1.0.118 (HKLM-x32\...\Protect Disc License Helper) (Version: 1.0.118 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Psychonauts (HKLM-x32\...\Steam App 3830) (Version:  - Double Fine Productions)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6024 - Realtek Semiconductor Corp.)
Rescue Team de (HKLM-x32\...\Rescue Team_is1) (Version: de - Boonty)
Retro City Rampage™ (HKLM-x32\...\Steam App 204630) (Version:  - Vblank Entertainment, Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roads of Rome (HKLM-x32\...\Roads of Rome) (Version: 32.0.0.0 - Shockwave.com)
Roads Of Rome (HKLM-x32\...\Roads Of Rome_is1) (Version:  - Realore Studios)
Sandlot Connect Version 1.2.6 (HKLM-x32\...\Sandlot Connect_is1) (Version:  - Sandlot Games)
SearchTheWeb (x32 Version: 4.4.0 - Iminent) Hidden <==== ATTENTION
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Shank (HKLM-x32\...\Steam App 6120) (Version:  - Electronic Arts)
SmartPCFixer 4.2 (HKLM\...\{2C5927BD-3F65-4207-8FB5-8EDF638A3511}_is1) (Version: 4.2 - LionSea Software) <==== ATTENTION
Stacking (HKLM-x32\...\Steam App 115110) (Version:  - Double Fine Productions)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Strike Suit Zero (HKLM-x32\...\Steam App 209540) (Version:  - Born Ready Games Ltd.)
Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version:  - Gas Powered Games)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Joy of Farming de (HKLM-x32\...\The Joy of Farming_is1) (Version: de - Boonty)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
The Timebuilders: Caveman's Prophecy (HKLM-x32\...\The Timebuilders: Caveman's Prophecy) (Version: 32.0.0.0 - Shockwave.com)
To the Moon (HKLM-x32\...\Steam App 206440) (Version:  - Freebird Games)
Tom Clancy's Rainbow Six Vegas (HKLM-x32\...\{5731C0A8-B266-451A-8D3F-8066AA21836F}) (Version: 1.06.000 - Ubisoft)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TuneUp Companion 2.4.6.4 (HKLM-x32\...\TuneUpMedia) (Version: 2.4.6.4 - TuneUp Media, Inc.)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.169 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities 2014) (Version: 14.0.1000.89 - TuneUp Software)
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.169 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.169 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.4410.1 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.151 - TuneUp Software) Hidden
TWinform 2.0 (HKLM-x32\...\{E2373FE8-B454-4ACB-BBAC-2F8CDE79820A}) (Version: 2.0.0.28 - InData)
UltraMixer 3.2.0 (HKLM-x32\...\{32E2F180-247C-4077-B06A-20F9868568E1}_is1) (Version: 3.2.0 - UltraMixer Digital Audio Solutions)
UltraMixer 4.0.2 (HKLM-x32\...\{8C101DEE-540D-42C7-860F-E326883C81C5}_is1) (Version: 4.0.2 - UltraMixer Digital Audio Solutions)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 4.00 Beta 5 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.5 - win.rar GmbH)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2011 (HKLM-x32\...\{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}) (Version: 18.00.6928 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7303 - Buhl Data Service GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
YTD Video Downloader 4.7.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.2 - GreenTree Applications SRL)
Zombie Panic Source (HKLM-x32\...\Steam App 17500) (Version:  - Zombie Panic! Team)

==================== Restore Points  =========================

19-07-2014 17:49:02 Revo Uninstaller's restore point - Microsoft Office File Validation Add-In
19-07-2014 17:49:56 Revo Uninstaller's restore point - Ranch Rush 2 - Sara's Island Experiment

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0242AE42-4C20-4DD5-972E-F54973FE1CED} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe <==== ATTENTION
Task: {05E7316F-1965-4173-9730-9A365D5BEA97} - System32\Tasks\{2B9D2322-47FD-41B5-95E4-99FA285F046A} => Chrome.exe hxxp://ui.skype.com/ui/0/6.1.0.129.259/de/abandoninstall?page=tsProgressBar
Task: {0BB2A333-EDCE-477E-AD59-2D9407E1267D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2235EE3D-D5A9-4BF2-80E8-BFCE2E8889D7} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {28BFB2E1-B612-48F1-9723-97FC2E970A93} - \DriverScanner No Task File <==== ATTENTION
Task: {34F762AF-8206-420D-A884-B7E690307E0C} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.)
Task: {3DD7F20B-DAA6-47EB-A730-7EDAE37D7405} - System32\Tasks\{E8C93D99-AC11-4077-B811-398299CBEE4B} => D:\Program Files (x86)\AlcaTech\BPM-Studio Private\bpm.exe [2010-09-19] (AlcaTech)
Task: {4876B307-BF34-4972-A746-4678FA550694} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {4DA4D7B2-ACD5-4778-BF8A-1E6D2009331D} - System32\Tasks\{1AD66BDE-31ED-4A40-9AE7-48B92994A56E} => D:\Program Files (x86)\AlcaTech\BPM-Studio Private\bpm.exe [2010-09-19] (AlcaTech)
Task: {5D562294-0EBF-4BA7-9108-BA383B261BF5} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-08-29] ()
Task: {5D71885C-1800-4EBE-9CA1-DA7CBEFA65ED} - System32\Tasks\AdobeAAMUpdater-1.0-Haubrichs-PC-Haubrichs => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {620687F8-2128-4CBB-9516-1612C97FA4CE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1893725291-927509140-2710564934-1006UA => C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-03] (Facebook Inc.)
Task: {71607D4C-5A7E-4BEF-8CCB-14834A8FC368} - System32\Tasks\{DDCD77D2-CC5D-4007-9647-3D39A167AB5B} => C:\Users\Haubrichs\AppData\Roaming\Nevosoft.Com.Games\drm_en.exe
Task: {771146DA-A8F7-4F51-8D91-82F19195321B} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\iWin Games\iWinGames.exe
Task: {91595C5D-4E5B-4C3E-A36E-6BBAF108C018} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {92AB41C3-92B4-485D-B8F0-15106A9E143C} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {9B46F683-261B-4E61-8CF4-34BA224AA424} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-19] (Google Inc.)
Task: {A46399F2-B9C9-4069-82A3-26523BA5DE57} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1893725291-927509140-2710564934-1006Core => C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-03] (Facebook Inc.)
Task: {A6C20CB2-DD50-4945-8358-A439E1875F13} - System32\Tasks\{006B5CC5-1A0E-4D06-8295-0BAD2B8023C1} => D:\Program Files (x86)\AlcaTech\BPM-Studio Private\bpm.exe [2010-09-19] (AlcaTech)
Task: {A8C0ED01-A0FC-46B9-9633-5E4B0BDC06B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-11] (Adobe Systems Incorporated)
Task: {A97DF808-CCCA-4298-AC1A-C71C1C7672C4} - System32\Tasks\{C4A8D42E-03DC-4444-8A69-8D53D3D08DBF} => C:\Users\Haubrichs\AppData\Roaming\Nevosoft.Com.Games\drm_en.exe
Task: {ACCE5F70-DB0D-46BF-A847-F391184294D9} - System32\Tasks\AdobeAAMUpdater-1.0-Haubrichs-PC-Christian => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {B77AE984-4927-4CBF-B7E3-ECEFD80245DC} - \DSite No Task File <==== ATTENTION
Task: {B784B12F-B8BA-4415-B9D7-B538AA181989} - System32\Tasks\FIQMXPA => Rundll32.exe "C:\Windows\SysWOW64\vbajet321.dll",ybntq
Task: {C28B18EC-9FA3-473D-80A2-4D1B092AC86B} - \SpeedUpMyPC No Task File <==== ATTENTION
Task: {CF8AEC43-DD97-49ED-AF3A-B2DBA7EBDA88} - \Funmoods No Task File <==== ATTENTION
Task: {E3A1B148-AD63-4672-966C-F3542C2B8352} - \spmonitor No Task File <==== ATTENTION
Task: {F11E45A5-2B1E-47E4-9C81-E7C2C2C0DBF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-19] (Google Inc.)
Task: {F479618F-FAF3-4C5E-A75E-C2C3B175DBE0} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {F664EB86-D8C9-473A-9746-2BDD6240A93C} - System32\Tasks\AdobeAAMUpdater-1.0-Haubrichs-PC-Herbert => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {FE4E2464-6A48-456B-9406-54AC0D96AA58} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1893725291-927509140-2710564934-1006Core.job => C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1893725291-927509140-2710564934-1006UA.job => C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FIQMXPA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-10-10 20:40 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-30 11:46 - 2013-10-30 11:46 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-07-18 08:39 - 2014-07-18 16:01 - 00321816 _____ () C:\Program Files (x86)\Adanak\updateAdanak.exe
2014-07-18 11:38 - 2014-07-19 14:21 - 00321824 _____ () C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe
2014-07-18 13:40 - 2014-07-18 16:04 - 00321816 _____ () C:\Program Files (x86)\Adanak\bin\utilAdanak.exe
2014-07-18 15:42 - 2014-07-19 00:00 - 00321824 _____ () C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe
2014-07-19 20:18 - 2014-07-08 18:42 - 00287000 _____ () C:\Program Files (x86)\Adanak\bin\Adanak.PurBrowse64.exe
2014-07-19 20:18 - 2014-07-18 06:01 - 00287008 _____ () C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.PurBrowse64.exe
2014-07-18 16:00 - 2014-07-18 15:01 - 00096544 _____ () C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe
2014-07-18 13:41 - 2014-07-18 03:13 - 00096536 _____ () C:\Program Files (x86)\Adanak\bin\Adanak.BrowserAdapter.exe
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-07 13:53 - 2014-07-07 13:53 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-07 13:52 - 2014-07-07 13:52 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-05-01 12:27 - 2014-07-12 02:53 - 01116672 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-03-04 21:38 - 2014-07-12 02:53 - 00438784 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-05-01 12:27 - 2014-07-12 02:53 - 00399360 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2013-12-16 00:06 - 2014-07-12 02:53 - 00331264 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2013-03-12 18:10 - 2014-06-27 00:40 - 00764416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-01 12:27 - 2014-07-16 04:28 - 02139328 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-01 12:27 - 2014-04-29 02:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2011-11-05 18:15 - 2014-07-16 04:28 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2011-11-05 18:15 - 2014-05-02 01:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-07-19 20:46 - 2014-07-19 20:46 - 00043008 _____ () c:\users\michael\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprasakz.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-25 23:19 - 2014-07-07 13:53 - 00049744 _____ () C:\Users\Michael\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2011-01-17 17:19 - 2012-01-26 13:30 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-07-18 16:00 - 2014-07-18 15:01 - 00183584 _____ () C:\Program Files (x86)\Deal Keeper\bin\DealKeeperBAApp.dll
2014-07-19 19:55 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-19 19:55 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-19 19:55 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-19 19:55 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-19 19:55 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-19 19:55 - 2014-07-15 11:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Maria:gs5sys
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\ProgramData\Temp:01885124
AlternateDataStreams: C:\ProgramData\Temp:03F9B551
AlternateDataStreams: C:\ProgramData\Temp:04406D73
AlternateDataStreams: C:\ProgramData\Temp:0483BBEB
AlternateDataStreams: C:\ProgramData\Temp:05650B69
AlternateDataStreams: C:\ProgramData\Temp:07D9FF25
AlternateDataStreams: C:\ProgramData\Temp:092DD1DD
AlternateDataStreams: C:\ProgramData\Temp:0EC9720B
AlternateDataStreams: C:\ProgramData\Temp:10516C76
AlternateDataStreams: C:\ProgramData\Temp:138A0A84
AlternateDataStreams: C:\ProgramData\Temp:17FF6514
AlternateDataStreams: C:\ProgramData\Temp:190A8079
AlternateDataStreams: C:\ProgramData\Temp:1A24F93C
AlternateDataStreams: C:\ProgramData\Temp:24FFE96C
AlternateDataStreams: C:\ProgramData\Temp:273A8657
AlternateDataStreams: C:\ProgramData\Temp:273EB0C9
AlternateDataStreams: C:\ProgramData\Temp:2892289F
AlternateDataStreams: C:\ProgramData\Temp:33C6377A
AlternateDataStreams: C:\ProgramData\Temp:35629AE6
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:38FF076E
AlternateDataStreams: C:\ProgramData\Temp:3965C4E8
AlternateDataStreams: C:\ProgramData\Temp:3C0887BF
AlternateDataStreams: C:\ProgramData\Temp:3CBB1B5E
AlternateDataStreams: C:\ProgramData\Temp:3D11302A
AlternateDataStreams: C:\ProgramData\Temp:4B6D77FC
AlternateDataStreams: C:\ProgramData\Temp:4C96DCB8
AlternateDataStreams: C:\ProgramData\Temp:4CA7FA57
AlternateDataStreams: C:\ProgramData\Temp:4F96D8E6
AlternateDataStreams: C:\ProgramData\Temp:50717788
AlternateDataStreams: C:\ProgramData\Temp:5425B7F5
AlternateDataStreams: C:\ProgramData\Temp:55F142C1
AlternateDataStreams: C:\ProgramData\Temp:56CAF6DF
AlternateDataStreams: C:\ProgramData\Temp:5C4A588B
AlternateDataStreams: C:\ProgramData\Temp:64BDD821
AlternateDataStreams: C:\ProgramData\Temp:65621319
AlternateDataStreams: C:\ProgramData\Temp:69BAF25F
AlternateDataStreams: C:\ProgramData\Temp:6ABA8CF1
AlternateDataStreams: C:\ProgramData\Temp:742F1EE5
AlternateDataStreams: C:\ProgramData\Temp:7890F666
AlternateDataStreams: C:\ProgramData\Temp:7A1C5C92
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA
AlternateDataStreams: C:\ProgramData\Temp:7EE43C06
AlternateDataStreams: C:\ProgramData\Temp:7F27F87D
AlternateDataStreams: C:\ProgramData\Temp:81653DC8
AlternateDataStreams: C:\ProgramData\Temp:8E6845BC
AlternateDataStreams: C:\ProgramData\Temp:9756362E
AlternateDataStreams: C:\ProgramData\Temp:977C5DA8
AlternateDataStreams: C:\ProgramData\Temp:993C3DF6
AlternateDataStreams: C:\ProgramData\Temp:99AC3203
AlternateDataStreams: C:\ProgramData\Temp:9A842F5C
AlternateDataStreams: C:\ProgramData\Temp:9B0BB48F
AlternateDataStreams: C:\ProgramData\Temp:9D03192E
AlternateDataStreams: C:\ProgramData\Temp:9F82C43C
AlternateDataStreams: C:\ProgramData\Temp:A213D1FE
AlternateDataStreams: C:\ProgramData\Temp:A44008FA
AlternateDataStreams: C:\ProgramData\Temp:A5264343
AlternateDataStreams: C:\ProgramData\Temp:A5808D58
AlternateDataStreams: C:\ProgramData\Temp:A5B27FF0
AlternateDataStreams: C:\ProgramData\Temp:A8F6CE91
AlternateDataStreams: C:\ProgramData\Temp:A9ABA3FF
AlternateDataStreams: C:\ProgramData\Temp:AAB1FB9F
AlternateDataStreams: C:\ProgramData\Temp:B093E177
AlternateDataStreams: C:\ProgramData\Temp:B110897C
AlternateDataStreams: C:\ProgramData\Temp:B2B2F0D4
AlternateDataStreams: C:\ProgramData\Temp:B3D2C69C
AlternateDataStreams: C:\ProgramData\Temp:B64798F2
AlternateDataStreams: C:\ProgramData\Temp:BAC56E61
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06
AlternateDataStreams: C:\ProgramData\Temp:C9F873D0
AlternateDataStreams: C:\ProgramData\Temp:CC7382F6
AlternateDataStreams: C:\ProgramData\Temp:CDBA7E05
AlternateDataStreams: C:\ProgramData\Temp:CF1F9405
AlternateDataStreams: C:\ProgramData\Temp:D0397AE3
AlternateDataStreams: C:\ProgramData\Temp:D2397415
AlternateDataStreams: C:\ProgramData\Temp:D29BFE59
AlternateDataStreams: C:\ProgramData\Temp:D33169E5
AlternateDataStreams: C:\ProgramData\Temp:D6F942C1
AlternateDataStreams: C:\ProgramData\Temp:D74C2847
AlternateDataStreams: C:\ProgramData\Temp:DD9FFC08
AlternateDataStreams: C:\ProgramData\Temp:DDCB9D2C
AlternateDataStreams: C:\ProgramData\Temp:DE33A453
AlternateDataStreams: C:\ProgramData\Temp:E153075C
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
AlternateDataStreams: C:\ProgramData\Temp:E7F6B755
AlternateDataStreams: C:\ProgramData\Temp:E85C241C
AlternateDataStreams: C:\ProgramData\Temp:E937120C
AlternateDataStreams: C:\ProgramData\Temp:E95E2173
AlternateDataStreams: C:\ProgramData\Temp:EA7D76BE
AlternateDataStreams: C:\ProgramData\Temp:F061428B
AlternateDataStreams: C:\ProgramData\Temp:F6827FE3
AlternateDataStreams: C:\ProgramData\Temp:F6E5C7FB
AlternateDataStreams: C:\ProgramData\Temp:F9563B56
AlternateDataStreams: C:\ProgramData\Temp:F9BEC32D
AlternateDataStreams: C:\ProgramData\Temp:FB7959F6
AlternateDataStreams: C:\ProgramData\Temp:FC7B5C61
AlternateDataStreams: C:\ProgramData\Temp:FD3CDBDF
AlternateDataStreams: C:\ProgramData\Temp:FDAA7C08
AlternateDataStreams: C:\Users\Haubrichs\Desktop\lok.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Haubrichs\Desktop\lok.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Haubrichs\Documents\Abrechnung Michael.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Haubrichs\Documents\Abrechnung Michael.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Haubrichs\Documents\canon Reparatur.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Haubrichs\Documents\canon Reparatur.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Herbert\Documents\aub.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Herbert\Documents\aub.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Maria\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Maria\Cookies:gs5sys
AlternateDataStreams: C:\Users\Maria\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\Maria\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\Maria\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Maria\Desktop\Kostenvoranschlag S.1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Maria\Desktop\Kostenvoranschlag S.1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Maria\Desktop\Kostenvoranschlag S.2.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Maria\Desktop\Kostenvoranschlag S.2.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Maria\Desktop\Kostenvoranschlag S.3.jpeg.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Maria\Desktop\Kostenvoranschlag S.3.jpeg.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Maria\Desktop\Kostenvoranschlag S.4.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Maria\Desktop\Kostenvoranschlag S.4.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Maria\Desktop\quittung.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Maria\Desktop\quittung.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Maria\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Maria\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Maria\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Maria\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\Maria\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is disabled because the firmware of the device did not give it the required resources. (Code 29)
Resolution: Enable the device in the BIOS of the device.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2014 08:48:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Haubrichs-PC)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.

Error: (07/19/2014 08:48:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Haubrichs-PC)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.


System errors:
=============
Error: (07/19/2014 08:47:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (07/19/2014 08:44:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/19/2014 08:44:20 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.

Error: (07/19/2014 08:44:19 PM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: Der Dienst "Tdlpt" ist von der Gruppe "Parallel arbitrator" abhängig. Kein Mitglied dieser Gruppe wurde jedoch gestartet.


Microsoft Office Sessions:
=========================
Error: (06/11/2013 10:39:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/15/2013 09:28:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 590 seconds with 540 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2012-11-03 23:13:49.467
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 48%
Total physical RAM: 6127.76 MB
Available physical RAM: 3183.21 MB
Total Pagefile: 12253.7 MB
Available Pagefile: 9070.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:458.87 GB) (Free:57.81 GB) NTFS
Drive d: (DATA) (Fixed) (Total:458.81 GB) (Free:201.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931 GB) (Disk ID: BFFD2C5F)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=459 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=459 GB) - (Type=07 NTFS)

==================== End Of Log ============================
__________________
Alt 20.07.2014, 15:29   #4
MiHau
 
Win7: Adware in Google Chrome - Standard

Win7: Adware in Google Chrome


GMER:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-20 10:59:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000064 WDC_____ rev.80.0 931,45GB
Running: Gmer-19357.exe; Driver: C:\Users\Michael\AppData\Local\Temp\pglcauob.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Adanak\updateAdanak.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                             0000000075641465 2 bytes [64, 75]
.text   C:\Program Files (x86)\Adanak\updateAdanak.exe[2156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            00000000756414bb 2 bytes [64, 75]
.text   ...                                                                                                                                      * 2
.text   C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe[2728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    0000000075641465 2 bytes [64, 75]
.text   C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe[2728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                   00000000756414bb 2 bytes [64, 75]
.text   ...                                                                                                                                      * 2
.text   C:\Program Files (x86)\Adanak\bin\utilAdanak.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           0000000075641465 2 bytes [64, 75]
.text   C:\Program Files (x86)\Adanak\bin\utilAdanak.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          00000000756414bb 2 bytes [64, 75]
.text   ...                                                                                                                                      * 2
.text   C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000075641465 2 bytes [64, 75]
.text   C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000756414bb 2 bytes [64, 75]
.text   ...                                                                                                                                      * 2
.text   C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69             0000000075641465 2 bytes [64, 75]
.text   C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[3044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            00000000756414bb 2 bytes [64, 75]
.text   ...                                                                                                                                      * 2
.text   C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3452] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                 0000000075641465 2 bytes [64, 75]
.text   C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[3452] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                00000000756414bb 2 bytes [64, 75]
.text   ...                                                                                                                                      * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69        0000000075641465 2 bytes [64, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155       00000000756414bb 2 bytes [64, 75]
.text   ...                                                                                                                                      * 2
.text   C:\Program Files (x86)\Adanak\bin\Adanak.BrowserAdapter.exe[3404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000075641465 2 bytes [64, 75]
.text   C:\Program Files (x86)\Adanak\bin\Adanak.BrowserAdapter.exe[3404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               00000000756414bb 2 bytes [64, 75]
.text   ...                                                                                                                                      * 2
.text   C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000075641465 2 bytes [64, 75]
.text   C:\Program Files (x86)\Deal Keeper\bin\DealKeeper.BrowserAdapter.exe[3392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000756414bb 2 bytes [64, 75]
.text   ...                                                                                                                                      * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075641465 2 bytes [64, 75]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000756414bb 2 bytes [64, 75]
.text   ...                                                                                                                                      * 2

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [1924:5500]                                                                           000007fefba12bf8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\SwitchBoard@Start                                                                                 3
Reg     HKLM\SYSTEM\CurrentControlSet\services\SwitchBoard                                                                                       

---- EOF - GMER 2.1 ----
Vielen Dank!

Hab die Stelle gefunden, in der sich die Adware eingenistet hatte und mit dem Unlocker entfernt. Keine Werbung mehr im Chrome. Werde das System nochmal mit verschiedener Software durchleuchten, aber denke es sollte jetzt passen. Trotzdem vielen Dank!

Kann geschlossen werden.

Alt 20.07.2014, 18:04   #5
schrauber
/// the machine
/// TB-Ausbilder
 
Win7: Adware in Google Chrome - Standard

Win7: Adware in Google Chrome


Adware & Co. deinstallieren
  • Lade Dir bitte von hier Revo Uninstaller herunter.
  • Installiere und starte das Programm.
  • Suche im Uninstallerfeld nach den Programmen, die unter:

    diesen Zusatz haben:
  • Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win7: Adware in Google Chrome
adware, befreien, chrome, einblendung, gen, google, google chrome, guten, hilfe, hilfe!, hänge, hängen, logfiles, plage, rum, weiterleitungen, werbung, win, win7, woche, zu lang, zusätzlicher


« Windows 8.1 / Habe Anhang Telekom Rechnung geöffnet | Virenprogramm hat 174 Viren gefunden »


Ähnliche Themen: Win7: Adware in Google Chrome


  1. Win7, Google Chrome, Einblendungen ähnlich Bundestrojaner
    Log-Analyse und Auswertung - 11.11.2015 (9)
  2. Win7 : Google Chrome - Bei klick im Bereich auf Webseite ,öffnet sich Werbe Tab
    Log-Analyse und Auswertung - 04.08.2015 (13)
  3. WIN7: Google Suchergebnisse auf Chrome manipuliert
    Log-Analyse und Auswertung - 22.02.2015 (6)
  4. Adware "Positive Finds" lässt sich in google Chrome nicht enfernen.
    Plagegeister aller Art und deren Bekämpfung - 15.02.2015 (10)
  5. Win7 64Bit ADWARE/Adware.Gen7 , 'TR/Rogue.230400.8
    Log-Analyse und Auswertung - 31.01.2015 (24)
  6. Google Chrome - öffnet eine andere Seite beim Starten von Google Chrome (Win7)
    Plagegeister aller Art und deren Bekämpfung - 19.01.2015 (29)
  7. Win7/Avira meldet ADWARE/Adware.Gen7
    Log-Analyse und Auswertung - 24.11.2014 (8)
  8. PC (Win7) hat eigenmächtig Internetseite h**p://98uj8.de/s3brsn5ba66mgfzeinrum#ad geöffnet in Google Chrome
    Plagegeister aller Art und deren Bekämpfung - 04.08.2014 (4)
  9. Google Chrome Adware-Virus
    Plagegeister aller Art und deren Bekämpfung - 23.06.2014 (1)
  10. win7: google chrome öffnet automatisch tabs mit werbung
    Log-Analyse und Auswertung - 04.06.2014 (19)
  11. win7: google chrome öffnet automatisch tabs mit werbung, danke an M-K- D-B!
    Lob, Kritik und Wünsche - 04.06.2014 (0)
  12. Win7 64bit / Diverse Virenfunde bei Malewarebytes. Google Chrome verweigert Downloads.
    Log-Analyse und Auswertung - 26.05.2014 (11)
  13. Doppelt grün unterstrichene Wörter (Win7 Google Chrome)
    Log-Analyse und Auswertung - 01.04.2014 (5)
  14. Windows 7 Google Chrome Adware (fun2save) installiert sich immer wieder selbst
    Log-Analyse und Auswertung - 08.01.2014 (9)
  15. Win7, Google Chrome seit heute mit Werbung-einige Webseiten funktionieren nicht mehr richtig, ungewollte Sounds in Windows
    Log-Analyse und Auswertung - 27.12.2013 (9)
  16. jsn.donecore.net Malware Trojaner (Win7/64bit), Google Chrome Werbepopups
    Log-Analyse und Auswertung - 06.12.2013 (13)
  17. Click Compare Trojaner - Laptop (Win7 / Google Chrome)
    Plagegeister aller Art und deren Bekämpfung - 30.05.2013 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win7: Adware in Google Chrome - Guten Tag! Leider plage ich mich schon das ganze Wochenende damit rum den FamilienPC von Adware zu befreien, die sich durch Einblendung zusätzlicher Werbung im Chrome zeigt. Beispiel: Falsche Weiterleitungen - Win7: Adware in Google Chrome...
Archiv
Du betrachtest: Win7: Adware in Google Chrome auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129