Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji.....

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.08.2014, 23:12   #1
monat111
 
Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... - Standard

Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji.....



Hey Liebes Team,

ich habe seit gerade eben, ein Problem, dass sich hunderte von Tabs öffnen mit dem link 98uj....... ich kann nichts machen außer meinen Computer neustarten um den Spuck zu beenden, dennoch brauche ich hilfe ich habe nun einen Scan mit Avast gemacht und mit Anti Maleware

Anti Maleware Code:
Zitat:
<?xml version="1.0" encoding="UTF-8" ?>
<mbam-log>
<header>
<date>2014/08/03 22:53:19 +0200</date>
<logfile>mbam-log-2014-08-03 (22-52-29).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.08.03.07</malware-database>
<rootkit-database>v2014.08.01.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 8.1</osversion>
<arch>x64</arch>
<username>Marvin</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>302242</objects>
<time>800</time>
<processes>0</processes>
<modules>0</modules>
<keys>18</keys>
<values>4</values>
<datas>3</datas>
<folders>8</folders>
<files>15</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>e35020a2a3d80f27b0a9393453afae52</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>e35020a2a3d80f27b0a9393453afae52</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>e35020a2a3d80f27b0a9393453afae52</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>e35020a2a3d80f27b0a9393453afae52</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>e35020a2a3d80f27b0a9393453afae52</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>e35020a2a3d80f27b0a9393453afae52</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\Updater.AmiUpd</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>e35020a2a3d80f27b0a9393453afae52</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>e35020a2a3d80f27b0a9393453afae52</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1</path><vendor>PUP.Optional.SoftwareUpdater</vendor><action>success</action><hash>e35020a2a3d80f27b0a9393453afae52</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>3300ad152556c1753da67a575ca6e818</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MediaBuzzV1</path><vendor>PUP.Optional.MediaBuzz.A</vendor><action>success</action><hash>7bb8e6dc4437c2744fa404e3b74b639d</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MediaBuzzV1mode5461</path><vendor>PUP.Optional.MediaBuzz.A</vendor><action>success</action><hash>51e2f6cc07744cea22d133b46a98659b</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware</path><vendor>PUP.Optional.SweetPage.A</vendor><action>success</action><hash>79bad0f22f4ca19588041d09f014c43c</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}</path><vendor>PUP.Software.Updater</vendor><action>success</action><hash>e152ad1585f61e18b3b3d72cd62d6c94</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WPM</path><vendor>PUP.Optional.WpManager.A</vendor><action>success</action><hash>3ef579495823a2941a5f0a18c4406d93</hash></key>
<key><path>HKU\S-1-5-21-1558844064-977152752-1788893837-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>da593a88a2d9360003d55e9dd62c5ca4</hash></key>
<key><path>HKU\S-1-5-21-1558844064-977152752-1788893837-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>250e7b470972fd39fcfa13fe679d916f</hash></key>
<key><path>HKU\S-1-5-21-1558844064-977152752-1788893837-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com</path><vendor>PUP.Optional.SuperFish.A</vendor><action>success</action><hash>72c1853dbac11224f719e7f1ad55837d</hash></key>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>ext@MediaBuzzV1mode5461.net</valuename><vendor>PUP.Optional.MediaBuzz.A</vendor><action>success</action><valuedata>C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5461\ff</valuedata><hash>3ff452702754a591dd1764834cb61ce4</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path><valuename>ext@RichMediaViewV1release7137.net</valuename><vendor>PUP.Optional.RichMediaView.A</vendor><action>success</action><valuedata>C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7137\ff</valuedata><hash>0330bf036d0ebe78e4282fb335cd06fa</hash></value>
<value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WPM</path><valuename>ImagePath</valuename><vendor>PUP.Optional.WpManager.A</vendor><action>success</action><valuedata>C:\ProgramData\WPM\wprotectmanager.exe -service</valuedata><hash>3ef579495823a2941a5f0a18c4406d93</hash></value>
<value><path>HKU\S-1-5-21-1558844064-977152752-1788893837-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><valuename>tb</valuename><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><valuedata>0V1D1S1R1D0V1O</valuedata><hash>250e7b470972fd39fcfa13fe679d916f</hash></value>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Default_Search_URL</valuename><vendor>PUP.Optional.SweetPage.A</vendor><action>replaced</action><valuedata>hxxp://www.sweet-page.com/web/?type=ds&amp;ts=1400533272&amp;from=cor&amp;uid=ST1000DM003-1CH162_Z1D8ZRYLXXXXZ1D8ZRYL&amp;q={searchTerms}</valuedata><baddata>hxxp://www.sweet-page.com/web/?type=ds&amp;ts=1400533272&amp;from=cor&amp;uid=ST1000DM003-1CH162_Z1D8ZRYLXXXXZ1D8ZRYL&amp;q={searchTerms}</baddata><gooddata>www.google.com</gooddata><hash>d85b6d55512a55e178c81ba4986c9868</hash></data>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Search Page</valuename><vendor>PUP.Optional.SweetPage.A</vendor><action>replaced</action><valuedata>hxxp://www.sweet-page.com/web/?type=ds&amp;ts=1400533272&amp;from=cor&amp;uid=ST1000DM003-1CH162_Z1D8ZRYLXXXXZ1D8ZRYL&amp;q={searchTerms}</valuedata><baddata>hxxp://www.sweet-page.com/web/?type=ds&amp;ts=1400533272&amp;from=cor&amp;uid=ST1000DM003-1CH162_Z1D8ZRYLXXXXZ1D8ZRYL&amp;q={searchTerms}</baddata><gooddata>www.google.com</gooddata><hash>ca69a31f0279ec4a75a9cee6897b18e8</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Search Page</valuename><vendor>PUP.Optional.SweetPage.A</vendor><action>replaced</action><valuedata>hxxp://www.sweet-page.com/web/?type=ds&amp;ts=1400533272&amp;from=cor&amp;uid=ST1000DM003-1CH162_Z1D8ZRYLXXXXZ1D8ZRYL&amp;q={searchTerms}</valuedata><baddata>hxxp://www.sweet-page.com/web/?type=ds&amp;ts=1400533272&amp;from=cor&amp;uid=ST1000DM003-1CH162_Z1D8ZRYLXXXXZ1D8ZRYL&amp;q={searchTerms}</baddata><gooddata>www.google.com</gooddata><hash>73c0c4fe87f42d0954ca3480cc38649c</hash></data>
<folder><path>C:\Users\Marvin\AppData\Local\SwvUpdater</path><vendor>PUP.Optional.SoftwareUpdater.A</vendor><action>success</action><hash>4ae942804f2c57df6f725c7742c0af51</hash></folder>
<folder><path>C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5461</path><vendor>PUP.Optional.MediaBuzz.A</vendor><action>success</action><hash>4fe41da55f1c51e5f1b0b2087e8411ef</hash></folder>
<folder><path>C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5461\ch</path><vendor>PUP.Optional.MediaBuzz.A</vendor><action>success</action><hash>4fe41da55f1c51e5f1b0b2087e8411ef</hash></folder>
<folder><path>C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5461\ie</path><vendor>PUP.Optional.MediaBuzz.A</vendor><action>success</action><hash>4fe41da55f1c51e5f1b0b2087e8411ef</hash></folder>
<folder><path>C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7137</path><vendor>PUP.Optional.RichMediaView.A</vendor><action>success</action><hash>38fb16accdaed264bd61caf4f60c48b8</hash></folder>
<folder><path>C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7137\ch</path><vendor>PUP.Optional.RichMediaView.A</vendor><action>success</action><hash>38fb16accdaed264bd61caf4f60c48b8</hash></folder>
<folder><path>C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7137\ie</path><vendor>PUP.Optional.RichMediaView.A</vendor><action>success</action><hash>38fb16accdaed264bd61caf4f60c48b8</hash></folder>
<folder><path>C:\Program Files (x86)\SupTab</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>92a13092cead4aecc49e517bbe4405fb</hash></folder>
<file><path>C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage</path><vendor>PUP.Optional.LiveLyrics.A</vendor><action>none</action><hash>1c17f3cfa8d3fe3821a6c021a45e22de</hash></file>
<file><path>C:\Users\Marvin\AppData\Local\Temp\setapp.exe</path><vendor>PUP.Optional.MediaView.A</vendor><action>success</action><hash>a68db40e3a4180b6368bda9ef110ad53</hash></file>
<file><path>C:\Users\Marvin\AppData\Local\Temp\105659890\105659890.zipDir\alilog.dll</path><vendor>PUP.Optional.SkyTech.A</vendor><action>success</action><hash>9f94e9d97ffc61d5bb7a072b9769d32d</hash></file>
<file><path>C:\Users\Marvin\AppData\Local\Temp\105659890\105659890.zipDir\qSE.exe</path><vendor>PUP.Optional.V9.A</vendor><action>success</action><hash>c2715072d4a72b0b2ab9f45428d8a060</hash></file>
<file><path>C:\Users\Marvin\AppData\Local\Temp\105659890\105659890.zipDir\UninstallManager.exe</path><vendor>PUP.Optional.Skytech.A</vendor><action>success</action><hash>83b019a9d4a7b77f1a47d3bc639e58a8</hash></file>
<file><path>C:\Users\Marvin\AppData\Local\Temp\105659890\105659890.zipDir\tmp\SupTab_Setup302.exe</path><vendor>PUP.Optional.IePluginService.A</vendor><action>success</action><hash>5fd4a61cfe7d5dd941c2f070e918956b</hash></file>
<file><path>C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>3300ad152556c1753da67a575ca6e818</hash></file>
<file><path>C:\Users\Marvin\AppData\Local\SwvUpdater\Updater.xml</path><vendor>PUP.Optional.SoftwareUpdater.A</vendor><action>success</action><hash>4ae942804f2c57df6f725c7742c0af51</hash></file>
<file><path>C:\Users\Marvin\AppData\Local\SwvUpdater\status.cfg</path><vendor>PUP.Optional.SoftwareUpdater.A</vendor><action>success</action><hash>4ae942804f2c57df6f725c7742c0af51</hash></file>
<file><path>C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal</path><vendor>PUP.Optional.LiveLyrics.A</vendor><action>success</action><hash>4be84a7899e294a2cff8e4fdc73b3dc3</hash></file>
<file><path>C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage</path><vendor>PUP.Optional.Superfish.A</vendor><action>success</action><hash>a291586abbc0171ff4d7667d6a98ed13</hash></file>
<file><path>C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal</path><vendor>PUP.Optional.Superfish.A</vendor><action>success</action><hash>23107f4389f29e98cefdde0518ea8c74</hash></file>
<file><path>C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5461\ch\MediaBuzzV1mode5461.crx</path><vendor>PUP.Optional.MediaBuzz.A</vendor><action>success</action><hash>4fe41da55f1c51e5f1b0b2087e8411ef</hash></file>
<file><path>C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7137\ch\RichMediaViewV1release7137.crx</path><vendor>PUP.Optional.RichMediaView.A</vendor><action>success</action><hash>38fb16accdaed264bd61caf4f60c48b8</hash></file>
<file><path>C:\Program Files (x86)\SupTab\SupTab.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>92a13092cead4aecc49e517bbe4405fb</hash></file>
</items>
</mbam-log>
Ich hoffe auf Hilfe, ich weiß nicht ob meine "eigen Faust" Tour etwas gebracht hat

Alt 03.08.2014, 23:24   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... - Standard

Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji.....



Hi und

Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 03.08.2014, 23:49   #3
monat111
 
Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... - Standard

Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji.....



Danke Dir, dass du dich meinem Problem animmst hier die geforderten datein:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.302 - Bericht erstellt am 03/08/2014 um 23:28:25
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro  (64 bits)
# Benutzername : Marvin - MARVIN-PC
# Gestartet von : C:\Users\Marvin\Desktop\adwcleaner_3.302.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : IePluginServices
[#] Dienst Gelöscht : Wpm

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\MediaBuzzV1
Ordner Gelöscht : C:\Program Files (x86)\RichMediaViewV1
Ordner Gelöscht : C:\Users\Marvin\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Marvin\AppData\Local\Temp\webget
Ordner Gelöscht : C:\Users\Marvin\AppData\Roaming\sweet-page
Datei Gelöscht : C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Wpm
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\2qprc40m.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ Datei : C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [3401 octets] - [03/08/2014 23:27:02]
AdwCleaner[S0].txt - [3272 octets] - [03/08/2014 23:28:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3332 octets] ##########
         
--- --- ---


Zitat:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 8.1 Pro x64
Ran by Marvin on 03.08.2014 at 23:40:48,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Marvin\AppData\Roaming\mozilla\firefox\profiles\2qprc40m.default\minidumps [54 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.08.2014 at 23:46:27,35
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Marvin (administrator) on MARVIN-PC on 03-08-2014 23:47:05
Running from C:\Users\Marvin\Downloads
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE
(Spotify Ltd) C:\Users\Marvin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5694640 2013-08-16] (VIA)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-1558844064-977152752-1788893837-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1558844064-977152752-1788893837-1001\...\Run: [Dxtory Update Checker 2.0] => D:\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-1558844064-977152752-1788893837-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1558844064-977152752-1788893837-1001\...\Run: [Spotify] => C:\Users\Marvin\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-28] (Spotify Ltd)
HKU\S-1-5-21-1558844064-977152752-1788893837-1001\...\Run: [Spotify Web Helper] => C:\Users\Marvin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-28] (Spotify Ltd)
HKU\S-1-5-21-1558844064-977152752-1788893837-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1558844064-977152752-1788893837-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE7C347E71F72CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=prc265
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\2qprc40m.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Keyword.URL: hxxp://de.yhs4.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\2qprc40m.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\2qprc40m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-18]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "https://de.yahoo.com?fr=hp-avast&type=avastbcl"
CHR DefaultSearchKeyword: www.yahoo.com
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-01]
CHR Extension: (Google Drive) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01]
CHR Extension: (YouTube) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-01]
CHR Extension: (Google-Suche) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-01]
CHR Extension: (Google Wallet) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01]
CHR Extension: (Google Mail) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-24]
CHR HKLM-x32\...\Chrome\Extension: [ldkpceoalofkiebeehmogjchofmanjng] - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode5461\ch\MediaBuzzV1mode5461.crx [2014-07-24]
CHR HKLM-x32\...\Chrome\Extension: [mhmfagboamjggejikghpdnogclccoboe] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7137\ch\RichMediaViewV1release7137.crx [2014-07-24]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-24] (AVAST Software)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-07] ()
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-24] ()
S3 h643352; C:\Windows\System32\drivers\h643352.sys [67432 2012-07-11] (Your Corporation)
S3 hid3352; C:\Windows\SysWOW64\drivers\hid3352.sys [45672 2012-07-11] (Your Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-03 23:47 - 2014-08-03 23:47 - 00019686 _____ () C:\Users\Marvin\Downloads\FRST.txt
2014-08-03 23:46 - 2014-08-03 23:47 - 00000000 ____D () C:\FRST
2014-08-03 23:46 - 2014-08-03 23:46 - 00000845 _____ () C:\Users\Marvin\Desktop\JRT.txt
2014-08-03 23:35 - 2014-08-03 23:35 - 02094080 _____ (Farbar) C:\Users\Marvin\Downloads\FRST64.exe
2014-08-03 23:34 - 2014-08-03 23:34 - 01016261 _____ (Thisisu) C:\Users\Marvin\Downloads\JRT.exe
2014-08-03 23:34 - 2014-08-03 23:34 - 00000000 ____D () C:\Windows\ERUNT
2014-08-03 23:32 - 2014-08-03 23:32 - 00003424 _____ () C:\Users\Marvin\Desktop\AdwCleaner[S0].txt
2014-08-03 23:28 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-03 23:26 - 2014-08-03 23:28 - 00000000 ____D () C:\AdwCleaner
2014-08-03 23:26 - 2014-08-03 23:26 - 01361309 _____ () C:\Users\Marvin\Desktop\adwcleaner_3.302.exe
2014-08-03 22:52 - 2014-08-03 23:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 22:51 - 2014-08-03 22:51 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-03 22:51 - 2014-08-03 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-03 22:51 - 2014-08-03 22:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 22:51 - 2014-08-03 22:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-03 22:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-03 22:51 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-03 22:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-03 22:48 - 2014-08-03 22:48 - 00826192 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-08-03 19:17 - 2014-08-03 19:17 - 00325807 _____ () C:\Users\Marvin\Downloads\Multiverse-Core-2.4.jar
2014-08-03 19:13 - 2014-08-03 19:13 - 00819871 _____ () C:\Users\Marvin\Downloads\lever-race.zip
2014-08-03 18:47 - 2014-08-03 18:47 - 00900139 _____ () C:\Users\Marvin\Downloads\worldedit-5.6.3.zip
2014-08-03 18:42 - 2014-08-03 18:42 - 00000000 ____D () C:\Users\Marvin\Desktop\Bewerbungen
2014-08-03 17:22 - 2014-08-03 17:22 - 00001558 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2014-08-03 01:28 - 2014-08-03 22:10 - 00000000 ____D () C:\Users\Marvin\Desktop\1 Hungerspiele
2014-07-31 12:06 - 2014-07-31 12:06 - 00094229 _____ () C:\Users\Marvin\Downloads\PvPStats.zip
2014-07-30 20:55 - 2014-07-30 20:55 - 00000000 ____D () C:\Users\Marvin\Desktop\FTB_BackUp
2014-07-30 20:54 - 2014-07-30 20:55 - 27896541 _____ () C:\Users\Marvin\Downloads\world.rar
2014-07-30 20:32 - 2014-07-30 20:32 - 27874473 _____ () C:\Users\Marvin\Desktop\FTB_BackUP.rar
2014-07-30 16:45 - 2014-07-30 16:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 19:57 - 2014-07-29 19:58 - 06903445 _____ () C:\Users\Marvin\Downloads\CraftillDawn-Starter-Icon-Package-v7.0.zip
2014-07-29 18:54 - 2014-07-29 18:54 - 19972216 _____ () C:\Users\Marvin\Downloads\craftbukkit-1.7.2-R0.3.jar
2014-07-29 18:17 - 2014-07-29 18:17 - 20453584 _____ () C:\Users\Marvin\Downloads\craftbukkit-1.7.9-R0.2(1).jar
2014-07-29 16:07 - 2014-07-29 16:14 - 356222835 _____ () C:\Users\Marvin\Downloads\MB_O530G_O530_O520_FIX.rar
2014-07-29 15:52 - 2014-07-29 15:52 - 04493939 _____ () C:\Users\Marvin\Downloads\AddOn_MAK_MB_O530G_Vestische_SB.rar
2014-07-28 23:00 - 2014-07-29 16:14 - 00000000 ____D () C:\Users\Marvin\Desktop\Omsi 2
2014-07-27 13:17 - 2014-07-27 13:17 - 03678445 _____ () C:\Users\Marvin\Downloads\BP Hacker_ FlynnTrotter123.mp4
2014-07-27 13:03 - 2014-07-27 13:04 - 04619770 _____ () C:\Users\Marvin\Downloads\jman203315 Hacker Report.mp4
2014-07-27 12:09 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-07-27 12:07 - 2014-07-27 12:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-26 22:04 - 2014-07-26 22:08 - 00000000 ____D () C:\Users\Marvin\AppData\Local\DayZ
2014-07-26 17:15 - 2014-07-26 17:15 - 00000000 ____D () C:\Windows\USB_Vibration
2014-07-26 17:15 - 2012-07-11 10:57 - 00067432 _____ (Your Corporation) C:\Windows\system32\Drivers\h643352.sys
2014-07-26 17:15 - 2012-07-11 10:57 - 00045672 _____ (Your Corporation) C:\Windows\SysWOW64\Drivers\hid3352.sys
2014-07-26 17:15 - 2012-07-11 10:57 - 00009932 _____ () C:\Windows\SysWOW64\Drivers\hid3352.cat
2014-07-26 17:15 - 2012-05-10 13:54 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\USBMAX.cpl
2014-07-26 17:14 - 2014-07-26 17:14 - 00000000 ____D () C:\Program Files (x86)\USB_Vibration
2014-07-26 16:36 - 2014-07-26 16:36 - 00000000 ____D () C:\Lizenz
2014-07-26 16:28 - 2014-07-26 16:28 - 00510832 _____ () C:\Users\Marvin\Downloads\ujwMr.zip
2014-07-26 00:15 - 2014-07-26 00:15 - 04856320 _____ () C:\Users\Marvin\Downloads\tpl21.tar
2014-07-24 20:54 - 2014-07-24 20:54 - 34103034 _____ () C:\Users\Marvin\Downloads\modpacks^Ultimate^1_1_2^Ultimate_Server.zip
2014-07-24 20:52 - 2014-08-03 14:47 - 00000000 ____D () C:\Users\Marvin\AppData\Local\ftblauncher
2014-07-24 20:52 - 2014-07-24 20:52 - 04980105 _____ () C:\Users\Marvin\Desktop\launcher^FTB_Launcher.exe
2014-07-24 14:08 - 2014-07-24 14:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-24 14:08 - 2014-07-24 14:08 - 00001982 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-24 12:29 - 2014-07-24 12:29 - 00614177 _____ () C:\Users\Marvin\Downloads\hacker TrygOien.mp4
2014-07-24 12:13 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 12:13 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 12:13 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-24 12:13 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 12:13 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 12:13 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 12:13 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 12:13 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-24 12:13 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-24 12:13 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 12:13 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-24 12:13 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 12:13 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-24 12:13 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-24 12:13 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 12:13 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-24 12:13 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-24 12:13 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-24 12:13 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 12:13 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-24 12:13 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-24 12:13 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-24 12:13 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 12:13 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-24 12:13 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-24 12:13 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 12:13 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-24 12:13 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-24 12:13 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-24 12:13 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-24 12:13 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-24 12:13 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-24 12:13 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-24 12:13 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-07-24 12:13 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-07-24 12:13 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-24 12:13 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-07-24 12:13 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-24 12:13 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-24 12:12 - 2014-07-01 00:45 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-24 12:12 - 2014-06-28 09:48 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-24 12:12 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-24 12:11 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-24 12:11 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-07-24 12:11 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-07-24 12:11 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-24 12:11 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-24 12:11 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-24 12:11 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-24 12:11 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-24 12:11 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-24 12:11 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-24 12:11 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-24 12:11 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-07-24 12:11 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-24 12:11 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-24 12:11 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-24 12:03 - 2014-07-24 12:03 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-24 12:03 - 2014-07-24 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-24 12:02 - 2014-07-24 12:02 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Marvin\Downloads\SkypeSetup.exe
2014-07-04 15:39 - 2014-07-04 15:39 - 00000613 _____ () C:\Users\Public\Desktop\Aerosoft Launcher.lnk
2014-07-04 15:39 - 2014-07-04 15:39 - 00000000 ____D () C:\Aerosoft
2014-07-04 15:37 - 2014-07-04 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-03 23:48 - 2014-02-06 23:06 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Skype
2014-08-03 23:47 - 2014-08-03 23:47 - 00019686 _____ () C:\Users\Marvin\Downloads\FRST.txt
2014-08-03 23:47 - 2014-08-03 23:46 - 00000000 ____D () C:\FRST
2014-08-03 23:47 - 2014-02-06 22:31 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1558844064-977152752-1788893837-1001
2014-08-03 23:46 - 2014-08-03 23:46 - 00000845 _____ () C:\Users\Marvin\Desktop\JRT.txt
2014-08-03 23:41 - 2014-04-01 12:36 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-03 23:40 - 2014-08-03 22:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 23:40 - 2014-06-02 21:18 - 02082669 _____ () C:\Windows\WindowsUpdate.log
2014-08-03 23:40 - 2014-05-20 13:52 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Spotify
2014-08-03 23:40 - 2014-04-01 12:35 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-03 23:40 - 2014-02-06 22:27 - 00000000 __RDO () C:\Users\Marvin\SkyDrive
2014-08-03 23:39 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-03 23:38 - 2014-02-06 23:22 - 00098312 _____ () C:\Windows\PFRO.log
2014-08-03 23:38 - 2014-02-06 22:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-03 23:38 - 2013-08-22 15:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-08-03 23:36 - 2014-02-06 22:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-03 23:35 - 2014-08-03 23:35 - 02094080 _____ (Farbar) C:\Users\Marvin\Downloads\FRST64.exe
2014-08-03 23:34 - 2014-08-03 23:34 - 01016261 _____ (Thisisu) C:\Users\Marvin\Downloads\JRT.exe
2014-08-03 23:34 - 2014-08-03 23:34 - 00000000 ____D () C:\Windows\ERUNT
2014-08-03 23:33 - 2014-02-06 22:28 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4AA0648D-9BA6-4C21-AAB8-012CDCBE1B15}
2014-08-03 23:32 - 2014-08-03 23:32 - 00003424 _____ () C:\Users\Marvin\Desktop\AdwCleaner[S0].txt
2014-08-03 23:30 - 2013-08-22 16:44 - 05189200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-03 23:29 - 2014-02-06 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-03 23:29 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Help
2014-08-03 23:28 - 2014-08-03 23:26 - 00000000 ____D () C:\AdwCleaner
2014-08-03 23:26 - 2014-08-03 23:26 - 01361309 _____ () C:\Users\Marvin\Desktop\adwcleaner_3.302.exe
2014-08-03 23:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-08-03 22:59 - 2014-02-09 23:00 - 01022976 ___SH () C:\Users\Marvin\Downloads\Thumbs.db
2014-08-03 22:51 - 2014-08-03 22:51 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-03 22:51 - 2014-08-03 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-03 22:51 - 2014-08-03 22:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-03 22:51 - 2014-08-03 22:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-03 22:50 - 2014-04-01 12:35 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-03 22:48 - 2014-08-03 22:48 - 00826192 _____ (Chip Digital GmbH) C:\Users\Marvin\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
2014-08-03 22:10 - 2014-08-03 01:28 - 00000000 ____D () C:\Users\Marvin\Desktop\1 Hungerspiele
2014-08-03 22:10 - 2014-06-02 22:52 - 00000000 ____D () C:\Users\Marvin\Desktop\Plugin Verkauf
2014-08-03 21:52 - 2014-04-19 03:23 - 00000600 _____ () C:\Users\Marvin\AppData\Roaming\winscp.rnd
2014-08-03 21:52 - 2014-02-11 20:37 - 00000600 _____ () C:\Users\Marvin\AppData\Local\PUTTY.RND
2014-08-03 21:49 - 2014-02-09 23:56 - 00000132 _____ () C:\Users\Marvin\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-08-03 20:04 - 2014-05-02 14:30 - 00000000 ____D () C:\Users\Marvin\Desktop\Pics
2014-08-03 19:38 - 2014-02-07 13:51 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\.minecraft
2014-08-03 19:17 - 2014-08-03 19:17 - 00325807 _____ () C:\Users\Marvin\Downloads\Multiverse-Core-2.4.jar
2014-08-03 19:13 - 2014-08-03 19:13 - 00819871 _____ () C:\Users\Marvin\Downloads\lever-race.zip
2014-08-03 18:47 - 2014-08-03 18:47 - 00900139 _____ () C:\Users\Marvin\Downloads\worldedit-5.6.3.zip
2014-08-03 18:42 - 2014-08-03 18:42 - 00000000 ____D () C:\Users\Marvin\Desktop\Bewerbungen
2014-08-03 18:33 - 2014-02-06 22:26 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\Adobe
2014-08-03 17:30 - 2014-02-08 19:39 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-08-03 17:28 - 2014-03-01 22:40 - 00000000 ____D () C:\Users\Marvin\AppData\Local\CrashDumps
2014-08-03 17:26 - 2014-08-03 17:26 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC.lnk
2014-08-03 17:26 - 2014-08-03 17:23 - 00000000 ____D () C:\Program Files\Adobe
2014-08-03 17:26 - 2014-02-08 19:35 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-03 17:25 - 2014-08-03 17:25 - 00001059 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC.lnk
2014-08-03 17:24 - 2014-08-03 17:24 - 00000000 ____D () C:\adobeTemp
2014-08-03 17:23 - 2014-02-08 19:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-03 17:22 - 2014-08-03 17:22 - 00001558 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2014-08-03 16:56 - 2014-08-03 16:56 - 00000000 ____D () C:\Adobe
2014-08-03 14:47 - 2014-07-24 20:52 - 00000000 ____D () C:\Users\Marvin\AppData\Local\ftblauncher
2014-08-03 14:46 - 2014-04-20 20:55 - 00000000 ____D () C:\FTB
2014-08-03 11:45 - 2014-02-11 19:39 - 00965120 ___SH () C:\Users\Marvin\Desktop\Thumbs.db
2014-08-03 02:00 - 2014-02-08 19:07 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Adobe
2014-08-02 22:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-31 23:38 - 2014-02-06 22:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-31 12:45 - 2014-02-11 18:43 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\FileZilla
2014-07-31 12:06 - 2014-07-31 12:06 - 00094229 _____ () C:\Users\Marvin\Downloads\PvPStats.zip
2014-07-30 20:55 - 2014-07-30 20:55 - 00000000 ____D () C:\Users\Marvin\Desktop\FTB_BackUp
2014-07-30 20:55 - 2014-07-30 20:54 - 27896541 _____ () C:\Users\Marvin\Downloads\world.rar
2014-07-30 20:32 - 2014-07-30 20:32 - 27874473 _____ () C:\Users\Marvin\Desktop\FTB_BackUP.rar
2014-07-30 16:45 - 2014-07-30 16:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 15:39 - 2014-05-20 13:54 - 00000000 ____D () C:\Users\Marvin\AppData\Local\Spotify
2014-07-29 19:58 - 2014-07-29 19:57 - 06903445 _____ () C:\Users\Marvin\Downloads\CraftillDawn-Starter-Icon-Package-v7.0.zip
2014-07-29 18:54 - 2014-07-29 18:54 - 19972216 _____ () C:\Users\Marvin\Downloads\craftbukkit-1.7.2-R0.3.jar
2014-07-29 18:17 - 2014-07-29 18:17 - 20453584 _____ () C:\Users\Marvin\Downloads\craftbukkit-1.7.9-R0.2(1).jar
2014-07-29 16:14 - 2014-07-29 16:07 - 356222835 _____ () C:\Users\Marvin\Downloads\MB_O530G_O530_O520_FIX.rar
2014-07-29 16:14 - 2014-07-28 23:00 - 00000000 ____D () C:\Users\Marvin\Desktop\Omsi 2
2014-07-29 15:52 - 2014-07-29 15:52 - 04493939 _____ () C:\Users\Marvin\Downloads\AddOn_MAK_MB_O530G_Vestische_SB.rar
2014-07-28 21:37 - 2014-02-17 23:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 21:36 - 2014-02-17 23:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 23:23 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-27 23:23 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-27 23:23 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-27 23:23 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-27 23:22 - 2014-02-20 20:16 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\TS3Client
2014-07-27 13:17 - 2014-07-27 13:17 - 03678445 _____ () C:\Users\Marvin\Downloads\BP Hacker_ FlynnTrotter123.mp4
2014-07-27 13:04 - 2014-07-27 13:03 - 04619770 _____ () C:\Users\Marvin\Downloads\jman203315 Hacker Report.mp4
2014-07-27 12:14 - 2014-04-15 17:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-27 12:14 - 2014-02-06 23:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-27 12:14 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-27 12:11 - 2014-02-06 23:39 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-27 12:09 - 2014-02-17 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-27 12:09 - 2013-09-30 05:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-27 12:07 - 2014-07-27 12:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-26 22:08 - 2014-07-26 22:04 - 00000000 ____D () C:\Users\Marvin\AppData\Local\DayZ
2014-07-26 22:08 - 2014-02-06 22:41 - 00000000 ____D () C:\Users\Marvin\Documents\DayZ
2014-07-26 17:15 - 2014-07-26 17:15 - 00000000 ____D () C:\Windows\USB_Vibration
2014-07-26 17:15 - 2014-02-06 22:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-26 17:14 - 2014-07-26 17:14 - 00000000 ____D () C:\Program Files (x86)\USB_Vibration
2014-07-26 16:36 - 2014-07-26 16:36 - 00000000 ____D () C:\Lizenz
2014-07-26 16:28 - 2014-07-26 16:28 - 00510832 _____ () C:\Users\Marvin\Downloads\ujwMr.zip
2014-07-26 00:15 - 2014-07-26 00:15 - 04856320 _____ () C:\Users\Marvin\Downloads\tpl21.tar
2014-07-24 20:55 - 2014-04-20 20:52 - 00000000 ____D () C:\Users\Marvin\AppData\Roaming\ftblauncher
2014-07-24 20:54 - 2014-07-24 20:54 - 34103034 _____ () C:\Users\Marvin\Downloads\modpacks^Ultimate^1_1_2^Ultimate_Server.zip
2014-07-24 20:52 - 2014-07-24 20:52 - 04980105 _____ () C:\Users\Marvin\Desktop\launcher^FTB_Launcher.exe
2014-07-24 14:08 - 2014-07-24 14:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-24 14:08 - 2014-07-24 14:08 - 00001982 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-24 14:08 - 2014-05-18 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-24 14:08 - 2014-05-18 16:26 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-24 14:08 - 2014-05-18 16:26 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-24 14:08 - 2014-05-18 16:26 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-24 14:08 - 2014-05-18 16:26 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-24 14:08 - 2014-05-18 16:26 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-24 14:08 - 2014-05-18 16:26 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-24 14:08 - 2014-05-18 16:26 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-24 14:08 - 2014-05-18 16:26 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-24 14:08 - 2014-05-18 16:26 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-24 14:08 - 2014-05-18 16:26 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-24 12:36 - 2014-02-06 22:33 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-24 12:29 - 2014-07-24 12:29 - 00614177 _____ () C:\Users\Marvin\Downloads\hacker TrygOien.mp4
2014-07-24 12:03 - 2014-07-24 12:03 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-24 12:03 - 2014-07-24 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-24 12:03 - 2014-02-06 22:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-24 12:03 - 2014-02-06 22:36 - 00000000 ____D () C:\ProgramData\Skype
2014-07-24 12:02 - 2014-07-24 12:02 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Marvin\Downloads\SkypeSetup.exe
2014-07-04 23:12 - 2014-06-18 14:36 - 00000000 ____D () C:\Users\Marvin\Desktop\MC
2014-07-04 15:59 - 2014-07-04 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft
2014-07-04 15:39 - 2014-07-04 15:39 - 00000613 _____ () C:\Users\Public\Desktop\Aerosoft Launcher.lnk
2014-07-04 15:39 - 2014-07-04 15:39 - 00000000 ____D () C:\Aerosoft
2014-07-04 15:19 - 2014-03-26 16:40 - 00000000 ____D () C:\Games

Some content of TEMP:
====================
C:\Users\Marvin\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Marvin\AppData\Local\Temp\dotnetfx45_full_setup.exe
C:\Users\Marvin\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-14-g8f8716c-b3042jnks.dll
C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-b3020jnks.dll
C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.9-R0.2-1-ga6e0bfd-b3095jnks.dll
C:\Users\Marvin\AppData\Local\Temp\npp.6.5.4.Installer.exe
C:\Users\Marvin\AppData\Local\Temp\npp.6.5.5.Installer.exe
C:\Users\Marvin\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Marvin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Marvin\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Marvin\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Marvin\AppData\Local\Temp\nvStInst.exe
C:\Users\Marvin\AppData\Local\Temp\Quarantine.exe
C:\Users\Marvin\AppData\Local\Temp\restarter750721907477381351.exe
C:\Users\Marvin\AppData\Local\Temp\restarter7840972115023373522.exe
C:\Users\Marvin\AppData\Local\Temp\sonarinst.exe
C:\Users\Marvin\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-29 22:44

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Zitat:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Marvin at 2014-08-03 23:48:05
Running from C:\Users\Marvin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft)
aerosoft's - OMSI 2 - Drei Generationen (HKLM-x32\...\{C88376AA-BF64-40F4-9AD6-F8A18DA394F2}) (Version: 1.00 - aerosoft)
aerosoft's - OMSI 2 - Hamburg (HKLM-x32\...\{5BF6B590-F7F5-46B5-B5F4-B0CA93423AD6}) (Version: 2.01 - aerosoft)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
AMD Catalyst Install Manager (HKLM\...\{2BFD590F-1D73-3533-E734-FDDAC3746E4A}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.4.2.0 - Auslogics Labs Pty Ltd)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.2 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{F5C9BE9A-04C3-4A72-8CD0-BB67C722D608}) (Version: 8.1.2.1344 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Craften Terminal 3.5.5 (HKLM-x32\...\{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1) (Version: 3.5.5 - Craften.de)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)
DRIFT O.Z. (HKLM-x32\...\{A3F4E5E5-A302-48E9-948B-2773FEAB2869}) (Version: V4.40a - SPEEDLINK)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dxtory version 2.0.126 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.126 - ExKode Co. Ltd.)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version: - SEIKO EPSON Corporation)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FormatFactory 3.3.2.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.2.0 - Format Factory)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Git version 1.9.4-preview20140611 (HKLM-x32\...\Git_is1) (Version: 1.9.4-preview20140611 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inquisitor (HKLM-x32\...\Steam App 241620) (Version: - CINEMAX, s.r.o.)
IntelliJ IDEA Community Edition 13.1.3 (HKLM-x32\...\IntelliJ IDEA Community Edition 13.1.3) (Version: 135.909 - JetBrains s.r.o.)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 51 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Lego Harry Potter (HKLM-x32\...\Steam App 21130) (Version: - TT Games)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Magic 2014 (HKLM-x32\...\Steam App 213850) (Version: - Stainless Games)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Access Runtime 2010 (HKLM-x32\...\Office14.AccessRT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Runtime 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Runtime MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NetOn 1.0 (HKLM-x32\...\NetOn_is1) (Version: - Rct-Net.de)
NetOn 2.1 (HKLM-x32\...\NetOn 2_is1) (Version: - Rct-Net.de)
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 334.89 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3489 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version: - Ndemic Creations)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Pro Evolution Soccer 2014 (HKLM-x32\...\Steam App 250870) (Version: - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.0.0 - Electronic Arts)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Rebus Manager (HKLM-x32\...\Rebus Manager) (Version: - )
Rechnungsverwalter (HKCU\...\Rechnungsverwalter) (Version: 2.10.28 - Temia Consulting)
RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version: - Frontier)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{54846D1D-E5D5-4A28-AA6D-7208259007EA}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2106.0 - Hi-Rez Studios)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version: - Ubisoft Montreal)
Tropico 5 (HKLM-x32\...\Steam App 245620) (Version: - Haemimont Games)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessRT_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessRT_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessRT_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessRT_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessRT_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
Versystem Soundboard (HKLM-x32\...\VersystemSoundboard) (Version: - )
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Virtual Rides 2 Version 1.0 (HKLM-x32\...\{A71636CD-637E-4975-B7BF-E2FAF34BD11F}_is1) (Version: 1.0 - rondomedia Marketing & Vertriebs GmbH)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinSCP 5.5.3 (HKLM-x32\...\winscp3_is1) (Version: 5.5.3 - Martin Prikryl)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1558844064-977152752-1788893837-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-03-01 23:32 - 2014-08-03 17:30 - 00001146 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 65.52.240.48
127.0.0.1 69.167.144.18


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2998D921-2BA9-4DB8-BAAE-9B75880E442B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {398003F7-C3D7-4004-B5C1-1C5B77FC0848} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3CE0B8E2-468D-4239-9CFF-8964AAA30417} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {50BEECD4-1968-4648-892E-5B3544DEE909} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-24] (Adobe Systems Incorporated)
Task: {62D65EAE-0722-47C4-A100-673A70F6F0DE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {6A0FFF04-0BA7-4581-9AE0-A0941D8BCCD9} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73A800A2-21CB-4EBA-A588-3245DD23D155} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AAA2AC63-C8C4-4FEB-A4EF-EE2B73CE5BBE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AFAA5358-C910-4795-9496-F33C58A7775B} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-reuter.marvin1@hotmail.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {BAEA7E05-7515-4831-B5EE-C1A75880804C} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {C8B13E6B-D92E-4A77-BDF5-5604A12F0140} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {CC195D3D-F377-40DA-824D-90E9FA57E27E} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E708B0E7-1D62-49AE-A80B-7F699D52FED9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-27] (Microsoft Corporation)
Task: {EE7220A2-4A96-403C-92CA-B9FA17502CA5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-24] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-06 22:48 - 2014-02-08 19:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-07 00:18 - 2014-02-07 00:30 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-23 12:55 - 2014-05-23 12:55 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-07-24 14:08 - 2014-07-24 14:08 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-03 20:45 - 2014-08-03 20:45 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080301\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-07-24 14:08 - 2014-07-24 14:08 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-30 16:45 - 2014-07-30 16:45 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Marvin\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/03/2014 11:47:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARVIN-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============
Error: (08/03/2014 11:48:17 PM) (Source: DCOM) (EventID: 10010) (User: MARVIN-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/03/2014 11:47:47 PM) (Source: DCOM) (EventID: 10010) (User: MARVIN-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/03/2014 11:47:17 PM) (Source: DCOM) (EventID: 10010) (User: MARVIN-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================
Error: (08/03/2014 11:47:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MARVIN-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927151


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 8174.11 MB
Available physical RAM: 6024.79 MB
Total Pagefile: 9454.11 MB
Available Pagefile: 7160.29 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:616.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:465.76 GB) (Free:249.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3A0ACE59)
Partition 1: (Not Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 521E2976)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
__________________

Geändert von monat111 (04.08.2014 um 00:15 Uhr)

Alt 04.08.2014, 00:26   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... - Standard

Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji.....



Zitat:
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
Gecracktes MS-Office? Sowas sehn wir hjier garnicht gerne

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.08.2014, 11:35   #5
monat111
 
Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... - Standard

Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji.....



o.O ich wusste gar nicht mehr, dass das Programm noch aktiv auf dem rechner läuft da ich längst die Originale version, bzw den Lizenz Key meines Vaters nutze, welchen er von seiner Firma hat.

KMSPico wurde deinstalliert ^^


Alt 04.08.2014, 12:08   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... - Standard

Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji.....



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
Hosts: 127.0.0.1 65.52.240.48
Hosts: 127.0.0.1 69.167.144.18
C:\Program Files\KMSpico
C:\Users\Marvin\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Marvin\AppData\Local\Temp\dotnetfx45_full_setup.exe
C:\Users\Marvin\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-14-g8f8716c-b3042jnks.dll
C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-b3020jnks.dll
C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.9-R0.2-1-ga6e0bfd-b3095jnks.dll
C:\Users\Marvin\AppData\Local\Temp\npp.6.5.4.Installer.exe
C:\Users\Marvin\AppData\Local\Temp\npp.6.5.5.Installer.exe
C:\Users\Marvin\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Marvin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Marvin\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Marvin\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Marvin\AppData\Local\Temp\nvStInst.exe
C:\Users\Marvin\AppData\Local\Temp\Quarantine.exe
C:\Users\Marvin\AppData\Local\Temp\restarter750721907477381351.exe
C:\Users\Marvin\AppData\Local\Temp\restarter7840972115023373522.exe
C:\Users\Marvin\AppData\Local\Temp\sonarinst.exe
C:\Users\Marvin\AppData\Local\Temp\xmlUpdater.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
--> Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji.....

Alt 04.08.2014, 12:16   #7
monat111
 
Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... - Standard

Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji.....



So hier bitte:
Zitat:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-08-2014
Ran by Marvin at 2014-08-04 12:11:24 Run:1
Running from C:\Users\Marvin\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
Hosts: 127.0.0.1 65.52.240.48
Hosts: 127.0.0.1 69.167.144.18
C:\Program Files\KMSpico
C:\Users\Marvin\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Marvin\AppData\Local\Temp\dotnetfx45_full_setup.exe
C:\Users\Marvin\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-14-g8f8716c-b3042jnks.dll
C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-b3020jnks.dll
C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.9-R0.2-1-ga6e0bfd-b3095jnks.dll
C:\Users\Marvin\AppData\Local\Temp\npp.6.5.4.Installer.exe
C:\Users\Marvin\AppData\Local\Temp\npp.6.5.5.Installer.exe
C:\Users\Marvin\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Marvin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Marvin\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Marvin\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Marvin\AppData\Local\Temp\nvStInst.exe
C:\Users\Marvin\AppData\Local\Temp\Quarantine.exe
C:\Users\Marvin\AppData\Local\Temp\restarter750721907477381351.exe
C:\Users\Marvin\AppData\Local\Temp\restarter7840972115023373522.exe
C:\Users\Marvin\AppData\Local\Temp\sonarinst.exe
C:\Users\Marvin\AppData\Local\Temp\xmlUpdater.exe

*****************

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => Moved successfully.
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
Service KMSELDI => Service not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
C:\Program Files\KMSpico => Moved successfully.
C:\Users\Marvin\AppData\Local\Temp\AskPIP_FF_.exe => Moved successfully.
C:\Users\Marvin\AppData\Local\Temp\dotnetfx45_full_setup.exe => Moved successfully.
C:\Users\Marvin\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-14-g8f8716c-b3042jnks.dll => Moved successfully.
C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-b3020jnks.dll => Moved successfully.
C:\Users\Marvin\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.9-R0.2-1-ga6e0bfd-b3095jnks.dll => Moved successfully.
C:\Users\Marvin\AppData\Local\Temp\npp.6.5.4.Installer.exe => Moved successfully.
C:\Users\Marvin\AppData\Local\Temp\npp.6.5.5.Installer.exe => Moved successfully.
C:\Users\Marvin\AppData\Local\Temp\nv3DVStreaming.dll => Moved successfully.
C:\Users\Marvin\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\Marvin\AppData\Local\Temp\nvSCPAPI64.dll => Moved successfully.
C:\Users\Marvin\AppData\Local\Temp\nvStereoApiI.dll => Moved successfully.
C:\Users\Marvin\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\Marvin\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Marvin\AppData\Local\Temp\restarter750721907477381351.exe => Moved successfully.
C:\Users\Marvin\AppData\Local\Temp\restarter7840972115023373522.exe => Moved successfully.
C:\Users\Marvin\AppData\Local\Temp\sonarinst.exe => Moved successfully.
C:\Users\Marvin\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

Alt 04.08.2014, 13:29   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... - Standard

Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji.....



Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.08.2014, 21:19   #9
monat111
 
Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... - Standard

Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji.....



So nachdem ESET endlich mal fertig geworden ist ;=)

Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e4ca206c6488d042b9685d6afc8322b7
# engine=19497
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-04 11:39:20
# local_time=2014-08-05 01:39:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 94168 6772383 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 991764 11579081 0 0
# scanned=522006
# found=3
# cleaned=0
# scan_time=14044
sh=FED7CAA2E24771B66065C8D30131FC8037B6BD2A ft=1 fh=b41296876ed186e5 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marvin\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=E5A3C100D2D0FD94482783AF2B2FF94CDFC9923F ft=1 fh=a0ddd0619a504a2e vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe"
sh=4155F881D2FFE555D00036574AC171D91DD4D5B0 ft=1 fh=fad0211188d33231 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marvin\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe"
Zitat:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 04.08.2014
Suchlauf-Zeit: 21:25:06
Logdatei: forurm.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.04.06
Rootkit Datenbank: v2014.08.01.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Marvin

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 302856
Verstrichene Zeit: 12 Min, 2 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Alt 06.08.2014, 01:41   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... - Standard

Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji.....



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe
C:\Users\Marvin\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.08.2014, 22:34   #11
monat111
 
Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... - Standard

Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji.....



Zitat:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-08-2014
Ran by Marvin at 2014-08-06 22:34:05 Run:2
Running from C:\Users\Marvin\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe
C:\Users\Marvin\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe
*****************

C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe => Moved successfully.
C:\Users\Marvin\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe => Moved successfully.

==== End of Fixlog ====
Da bittesehr

Alt 07.08.2014, 00:20   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... - Standard

Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji.....



TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.




Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji.....
avast, beenden, browser, computer, explorer, firefox, ics, installmanager.exe, internet, internet explorer, link, logfile, microsoft, mozilla, neustarten, problem, rootkits, scan, setup, software, system, system32, tabs öffnen, temp, tmp, windows, öffnet



Ähnliche Themen: Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji.....


  1. Chrome öffnet bei Klick auf Link Werbung & Werbung PopUps im Browser
    Plagegeister aller Art und deren Bekämpfung - 03.11.2015 (1)
  2. Windows 10: Chrome-Browser öffnet eigenständig Seite von Watch4.de
    Log-Analyse und Auswertung - 28.09.2015 (5)
  3. Bei Systemstart und bei eingabe via Ausführen öffnet sich der Browser und ein bestimmter Link
    Plagegeister aller Art und deren Bekämpfung - 17.08.2015 (1)
  4. Windows 8.1 64-bit GoogleChrome-Nutzer: Nach klicken auf beliebigen Link öffnet Tab mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 12.08.2015 (27)
  5. Windows 8.1: Browser öffnet selbstständig Werbeseiten
    Plagegeister aller Art und deren Bekämpfung - 07.06.2015 (7)
  6. Merkwürdiges Problem mit Windows-Fenstern
    Plagegeister aller Art und deren Bekämpfung - 07.06.2015 (19)
  7. onclickads öffnet ständig Werbungen in neuen Tabs/Fenstern unter Windows 8 / Chrome
    Log-Analyse und Auswertung - 02.05.2015 (20)
  8. Windows 8: neuer Laptop öffnet Unmengen an Werbung im Browser
    Log-Analyse und Auswertung - 07.04.2015 (11)
  9. Alle Browser öffnen Werbung in neuen Fenstern, und auf aktueller Seite?
    Antiviren-, Firewall- und andere Schutzprogramme - 28.02.2015 (1)
  10. Windows 7: Mysearchcom öffnet sich Mozilla Firefox Browser
    Log-Analyse und Auswertung - 27.01.2015 (15)
  11. Windows Vista: Browser öffnet immer mit Starsseite IE WEBSEARCHES
    Plagegeister aller Art und deren Bekämpfung - 18.11.2014 (9)
  12. Windows 8 / "Feun2Save": Nur noch Werbelinks usw. im Browser; Browser öffnet sich von alleine
    Log-Analyse und Auswertung - 06.10.2014 (18)
  13. Windows 8: Browser öffnet Werbung in Tabs
    Log-Analyse und Auswertung - 06.06.2014 (5)
  14. Windows Vista: Browser öffnet sich selbstständig
    Log-Analyse und Auswertung - 16.03.2014 (7)
  15. Firefox öffnet neues Fenster mit Werbung/ stürzt bei mehreren Fenstern ab
    Log-Analyse und Auswertung - 24.07.2008 (1)
  16. Link im Browser öffnet falsche Seite
    Plagegeister aller Art und deren Bekämpfung - 30.10.2007 (1)
  17. Beim Schließen von Fenstern öffnet sich Internetexplorer
    Alles rund um Windows - 14.02.2007 (6)

Zum Thema Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... - Hey Liebes Team, ich habe seit gerade eben, ein Problem, dass sich hunderte von Tabs öffnen mit dem link 98uj....... ich kann nichts machen außer meinen Computer neustarten um den - Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji........
Archiv
Du betrachtest: Windows 8 öffnet 100 von Browser Fenstern mit dem link 98uji..... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.