Ich war leider das Wochenende nicht zuhause, hier aber die weiteren logs:
mbam Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 28.03.2014
Suchlauf-Zeit: 12:11:35
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.0.1000
Malware Datenbank: v2014.03.28.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Chameleon: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Manuel
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 280698
Verstrichene Zeit: 14 Min, 53 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 1
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, Löschen bei Neustart, [59a7bf41827e847cf41a2b574fb4b34d],
Registrierungswerte: 1
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, Löschen bei Neustart, [59a7bf41827e847cf41a2b574fb4b34d]
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 23
PUP.Optional.Delta.A, C:\Users\Manuel\AppData\Local\Temp\mt_ffx\Delta, In Quarantäne, [d12f8878cf311ee27ddb98b6fb07649c],
PUP.Optional.Delta.A, C:\Users\Manuel\AppData\Local\Temp\mt_ffx\Delta\delta, In Quarantäne, [d12f8878cf311ee27ddb98b6fb07649c],
PUP.Optional.Delta.A, C:\Users\Manuel\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.21.5, In Quarantäne, [d12f8878cf311ee27ddb98b6fb07649c],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\Main, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\Main\bin, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\Main\Logs, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\Main\rep, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\SearchProtect, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\SearchProtect\bin, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\SearchProtect\Logs, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\SearchProtect\rep, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\bin, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\bubble, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\libs, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\protection, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\protectionDS, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\settings, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\uninstall, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\rep, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
Dateien: 146
PUP.Optional.DealPly.A, C:\Users\Manuel\AppData\Local\Temp\1384452412_dp.exe, In Quarantäne, [4cb420e0c83801ff38c656d8fb09738d],
PUP.Optional.SweetIM, C:\Users\Manuel\AppData\Local\Temp\mgsqlite3.dll, In Quarantäne, [36cab64aa06010f013c654d7a0644eb2],
PUP.Optional.SweetIM, C:\Users\Manuel\AppData\Local\Temp\SimboApp.exe, In Quarantäne, [38c804fcb848fa069a3f210a0afa7e82],
PUP.Optional.FileScout.A, C:\Users\Manuel\AppData\Local\Temp\setup_fsu_cid.exe, In Quarantäne, [2ed288781fe1f808f04b817e97696898],
PUP.Optional.SweetIM, C:\Users\Manuel\AppData\Local\Temp\Shortcut_toolbar_vit_sweetim.exe, In Quarantäne, [8f71a15fbc44d92712c742e94fb53fc1],
PUP.Optional.Conduit.A, C:\Users\Manuel\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [97698d731be55ca46a47ea2bdf22867a],
PUP.Optional.SearchProtect.A, C:\Users\Manuel\AppData\Local\Temp\nsd47AD.exe, In Quarantäne, [26da6799c53b7987546d110f8d748a76],
PUP.Optional.SearchProtect.A, C:\Users\Manuel\AppData\Local\Temp\nsd6B08.exe, In Quarantäne, [b64a8c74ed13a957a91874ace61baa56],
PUP.Optional.SearchProtect.A, C:\Users\Manuel\AppData\Local\Temp\nsj6905.exe, In Quarantäne, [5ca4a35d31cf58a88938c25e758cf709],
PUP.Optional.SearchProtect.A, C:\Users\Manuel\AppData\Local\Temp\nso49C1.exe, In Quarantäne, [867a47b9fa06af517b46e33df20feb15],
PUP.Optional.PerformerSoft.A, C:\Users\Manuel\AppData\Local\Temp\A054.tmp, In Quarantäne, [ae52d22e0bf528d8bc4bfe1048b9a759],
PUP.Optional.Conduit.A, C:\Users\Manuel\AppData\Local\Temp\4F49.tmp, In Quarantäne, [996714ec936da65a044c8b8d3cc50df3],
PUP.Optional.Babylon.A, C:\Users\Manuel\AppData\Local\Temp\8037.tmp, In Quarantäne, [e61a6898788820e0b56a1fffd62a4eb2],
PUP.Optional.Conduit.A, C:\Users\Manuel\AppData\Local\Temp\sp_downloader.exe, In Quarantäne, [8b7530d09d6312ee7f6e3bd86998d42c],
PUP.Optional.PerformerSoft.A, C:\Users\Manuel\AppData\Local\Temp\C542.tmp, In Quarantäne, [887845bb629e38c8bc4b9b739869b64a],
PUP.Optional.Delta.A, C:\Users\Manuel\AppData\Local\Temp\is-MKUSP.tmp\DeltaTB.exe, In Quarantäne, [639db44c669a33cdd4f257a7768a2bd5],
PUP.BundleInstaller.VG, C:\Users\Manuel\AppData\Local\Temp\is-MKUSP.tmp\VideoDownloader.exe, In Quarantäne, [b749916fa65a39c7b3aaf88848b89769],
PUP.Optional.Delta.A, C:\Users\Manuel\AppData\Local\Temp\is1275519350\DeltaTB.exe, In Quarantäne, [98688d737987d52be4e26e908d73f709],
PUP.DealPly, C:\Users\Manuel\AppData\Local\Temp\is1275519350\dp.exe, In Quarantäne, [20e0cf312dd353adb4ec99910ef66997],
PUP.Optional.LyricsAd, C:\Users\Manuel\AppData\Local\Temp\is1275519350\LyricsFinder.exe, In Quarantäne, [04fc44bcd22ee11fb5d8857ac33dd42c],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus6C1A\CrxUpdater_d.exe, In Quarantäne, [6e921ee2d32d2dd3208a14c6e122827e],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus70CB\CrxUpdater_d.exe, In Quarantäne, [9d6317e95fa1dc244a60c51582816f91],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus7187\CrxUpdater_d.exe, In Quarantäne, [55abe71952ae9a669317f1e9966d34cc],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus74A2\CrxUpdater_d.exe, In Quarantäne, [2fd119e730d020e0951536a4d3306a96],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus74A3\CrxUpdater_d.exe, In Quarantäne, [29d71ee26c94c33db2f8aa30778cc63a],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus759C\CrxUpdater_d.exe, In Quarantäne, [3bc534cc6e9236ca7e2c607a847fba46],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus75EA\CrxUpdater_d.exe, In Quarantäne, [87796c9442be30d02a8007d317ecbd43],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus7A6C\CrxUpdater_d.exe, In Quarantäne, [25db7d83c13f40c0d2d81fbb5aa957a9],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus7AAB\CrxUpdater_d.exe, In Quarantäne, [1de37c840ff16d938d1d5f7b9f640000],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus7ACA\CrxUpdater_d.exe, In Quarantäne, [ef11926eee122dd3c2e84694897abc44],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus7B47\CrxUpdater_d.exe, In Quarantäne, [e719fd03d32dc23e78320ad08d76ec14],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus7CDC\CrxUpdater_d.exe, In Quarantäne, [ed130cf4a858b7491199776348bbb54b],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus7E33\CrxUpdater_d.exe, In Quarantäne, [eb1588783cc4d32d00aa805af21121df],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus7F6B\CrxUpdater_d.exe, In Quarantäne, [d62a8779a15f0df3ddcdab2fb94a7d83],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus8075\CrxUpdater_d.exe, In Quarantäne, [07f9639dea16996700aa8654877cbc44],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus85D1\CrxUpdater_d.exe, In Quarantäne, [1be5ef1111efac5400aa2fab5ca7e61a],
PUP.Optional.SweetIM, C:\Users\Manuel\AppData\Local\Temp\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}\mgSqlite3.dll, In Quarantäne, [f90740c03fc16e92b128d55692723cc4],
PUP.Optional.SweetIM, C:\Users\Manuel\AppData\Local\Temp\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}\VistaCookiesCollector.exe, In Quarantäne, [a15ff20ea55b907019c0ea41e71d37c9],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus86AC\CrxUpdater_d.exe, In Quarantäne, [d03090703fc1fa069b0f508a49ba13ed],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus8748\CrxUpdater_d.exe, In Quarantäne, [f709b9475fa106fa9c0e6d6d8182bc44],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus87A7\CrxUpdater_d.exe, In Quarantäne, [f709ab550cf418e87a30f1e9e61d52ae],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus87B5\CrxUpdater_d.exe, In Quarantäne, [d12fff01966a2ed24a60e8f25fa48e72],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus88BE\CrxUpdater_d.exe, In Quarantäne, [a8589b65bf4140c035751fbb24dfc23e],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus950E\CrxUpdater_d.exe, In Quarantäne, [06faf20ea8580000d1d95b7f7a89b54b],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus9720\CrxUpdater_d.exe, In Quarantäne, [e818d62a24dc37c93c6ec51523e0a957],
PUP.Optional.BabSolution.A, C:\Users\Manuel\AppData\Local\Temp\bus9DA5\BUSolution.dll, In Quarantäne, [0bf5bd43cb35e31dbd0617ec10f1a15f],
PUP.Optional.SweetIM, C:\Users\Manuel\AppData\Local\Temp\2827278562\chromeupdaterfull.exe, In Quarantäne, [3bc5b34d41bf847c3a9f919a887cae52],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\bus9E12\CrxUpdater_d.exe, In Quarantäne, [936d30d0877922de1f8b6a709e651ce4],
PUP.Optional.CRX.A, C:\Users\Manuel\AppData\Local\Temp\busC080\CrxUpdater_d.exe, In Quarantäne, [7b85e31da9571de3159517c3bf44ac54],
PUP.Optional.Vittalia, C:\Windows\Temp\instloffer.exe, In Quarantäne, [718f4eb2d22e04fcbf490f5c8e737b85],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nscA2B8.exe, In Quarantäne, [b14f3bc517e94eb208b9051bda27fc04],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsd5AB7.exe, In Quarantäne, [d7290cf4e71901ff6a57ff21c53c9967],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsd5EAD.exe, In Quarantäne, [7987a858ba46ed13546d08188e73d32d],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nshBDF6.exe, In Quarantäne, [4fb1c33d7e82ef11853c22fed72a8b75],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsm914A.exe, In Quarantäne, [00001ee2b9477987cef3c15f45bcc040],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsmBABB.exe, In Quarantäne, [56aa9967867a659bd8e98e9255acf10f],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsrAB4F.exe, In Quarantäne, [3bc5e719fb0558a80eb3051bc43dd828],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nssDCAD.exe, In Quarantäne, [6898f50bb9477e82d5ec2ef2cb3658a8],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nst6B3C.exe, In Quarantäne, [d62a18e8847cff015c65031d6f928e72],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsxAFB3.exe, In Quarantäne, [e719eb15936d916f5c65f828ac558977],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsxD8D6.exe, In Quarantäne, [44bce11fff0154ac9b2677a93ac7a65a],
PUP.Optional.OpenCandy, C:\Users\Manuel\Downloads\DTLite4461-0327.exe, In Quarantäne, [1be53cc4a75950b06aded45854b039c7],
RiskWare.Tool.CK, C:\Users\Manuel\Downloads\keygen.exe, In Quarantäne, [bd4337c9c9371ae63839c7d17b8607f9],
PUP.Optional.Softonic.A, C:\Users\Manuel\Downloads\SoftonicDownloader_fuer_skyrim-mod-manager-lite.exe, In Quarantäne, [60a0cb3508f820e07cf8e82f4fb20af6],
RiskWare.Tool.CK, C:\Users\Manuel\Dropbox\keygen.exe, In Quarantäne, [916f837d7b857b855b16cfc908f97888],
PUP.Optional.SweetIM, C:\Windows\Installer\c0db58.msi, In Quarantäne, [4ab6bd4322de29d7f5e49893788c669a],
PUP.Optional.SweetIM, C:\Windows\Installer\c0db5d.msi, In Quarantäne, [35cbe51b23dd6a96bb1e45e6976df30d],
PUP.Optional.SweetIM, C:\Windows\Installer\c0db62.msi, In Quarantäne, [be42ea16837d6d9385543bf03cc8ab55],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\EULA.txt, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\Main\bin\CltMngSvc.exe, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\Main\bin\SPTool.dll, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\Main\bin\SPtool.dll_1387293476223, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\Main\bin\SPtool.dll_1387293476993, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\Main\bin\SPtool.dll_1389813984445, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\Main\bin\SPtool.dll_1389813985430, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\Main\bin\SPtool.dll_1390823775956, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\Main\bin\SPtool.dll_1390823777650, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\Main\bin\uninstall.exe, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\Main\rep\SystemRepository.dat, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\SearchProtect\bin\cltmng.exe, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\SearchProtect\bin\SPTool64.exe, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\SearchProtect\bin\SPVC32.dll, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\SearchProtect\bin\SPVC32Loader.dll, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\SearchProtect\bin\SPVC64.dll, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\SearchProtect\bin\SPVC64Loader.dll, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\bin\cltmngui.exe, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\settings.html, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\style.css, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\bubble\bubble.css, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\bubble\bubble.html, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\bubble\bubble.js, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\bubble\defaults.js, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\Apply-default.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\Apply-onclick.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\Apply-Rollover.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\bg-with-logo.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\bg.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\bgNotif.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\bgSettings.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\bgUninstall.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\btnBlue.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\btnClose.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\btnSilver.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\checkbox.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\checkbox_checked.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\checkbox_def.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\close-win-def.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\close-win-over-click.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\gray-bg.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\hez-def.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\hez-selected.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\hez.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\icon-win.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\info-icon.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\menu-rollover.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\menu-selected.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\radio-button-def.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\radio-button-selected.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\radio-button.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\radio-button2.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\Settings-icon.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\text-field.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\v.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\Images\x.png, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\libs\defaults.js, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\libs\dialogUtils.js, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\libs\jquery.1.7.1.min.js, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\libs\json2.min.js, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\libs\main.js, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\libs\SPDialogAPI.js, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\protection\defaults.js, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\protection\protection.css, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\protection\protection.html, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\protection\protection.js, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\protectionDS\defaults.js, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\protectionDS\protectionDS.css, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\protectionDS\protectionDS.html, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\protectionDS\protectionDS.js, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\settings\defaults.js, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\settings\settings.css, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\settings\settings.html, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\settings\settings.js, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\uninstall\defaults.js, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\uninstall\uninstall.css, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\uninstall\uninstall.html, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect7139822\UI\dialogs\uninstall\uninstall.js, In Quarantäne, [1de359a7ad53e61a129077ddd032b050],
Physische Sektoren: 0
(No malicious items detected)
(end)
ESET Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f8f0b10e07d9384799bfee538ab02e81
# engine=17657
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-28 04:40:39
# local_time=2014-03-28 05:40:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 41510 261448129 34287 0
# compatibility_mode=5893 16776574 100 94 22453229 147654689 0 0
# scanned=471204
# found=8
# cleaned=0
# scan_time=19018
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=6391F475328183373BB2BED2E5704E5088FF5C8A ft=1 fh=3d6e0b0b2f0f489a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=354BDD57F49997D0A1AB3BADA1339CB33765898B ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\cszls3sc.default\Extensions\plugin@yontoo.com.xpi.vir"
sh=BF93273B2A1E4DDC10C5D10D52413D82A5BFEE4E ft=1 fh=268a025deae3f302 vn="multiple threats" ac=I fn="C:\Users\Manuel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L2KUD1Y\YTKaraoke[1]"
sh=27AD6829E4154237BE61EA728F5D481C32E71BC9 ft=1 fh=065c88e2dd8e9374 vn="multiple threats" ac=I fn="C:\Users\Manuel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L2KUD1Y\YTKaraoke_1060-1019_v114[1]"
sh=5CED086BBDE48E96C3F7D4FA383B8F7E41AD67E1 ft=1 fh=155d5e9c05bf4b9d vn="Win32/Adware.Lollipop.H application" ac=I fn="C:\Users\Manuel\AppData\Local\Temp\instloffer.exe"
sh=27AD6829E4154237BE61EA728F5D481C32E71BC9 ft=1 fh=065c88e2dd8e9374 vn="multiple threats" ac=I fn="C:\Users\Manuel\AppData\Local\Temp\tempkar.exe"
sh=E63C0C8579F842EF63AA4349E13E30D88E4AC127 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NNF trojan" ac=I fn="C:\Users\Manuel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\4f5db0ba-7e0900a0"
Da in der Anleitung (von ESET) stand man soll nicht den Remove Found Threats Haken am Anfang machen hab ich die gefunden Sachen auch danach nicht gelöscht (da bekam ich nochmal das Angebot sie zu löschen), ich hoffe das war richtig...? o,0
SecurityCheck - CheckUp: Code:
Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 11
Java version out of Date!
Adobe Flash Player 12.0.0.77
Adobe Reader XI
Mozilla Firefox 19.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
WinZip Malware Protector WinZipMalwareProtector.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Manuel (administrator) on MANUEL-PC on 30-03-2014 23:27:46
Running from C:\Users\Manuel\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Nico Mak Computing) C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [ISW] - "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [MailCheck IE Broker] - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1769536 2013-12-10] (1und1 Mail und Media GmbH)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)
HKU\S-1-5-21-4140085185-833135378-1903668245-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-4140085185-833135378-1903668245-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-4140085185-833135378-1903668245-1000\...\MountPoints2: E - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-4140085185-833135378-1903668245-1000\...\MountPoints2: I - I:\SETUP.EXE
HKU\S-1-5-21-4140085185-833135378-1903668245-1000\...\MountPoints2: {5d19ef2b-6409-11e2-9034-d43d7e336a3a} - I:\StartUp.exe
HKU\S-1-5-21-4140085185-833135378-1903668245-1000\...\MountPoints2: {8b8b7124-63d4-11e2-a11f-806e6f6e6963} - D:\DVDSetup.exe
HKU\S-1-5-21-4140085185-833135378-1903668245-1000\...\MountPoints2: {b7c8adaa-6bdb-11e2-85f8-d43d7e336a3a} - F:\pushinst.exe
Startup: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Manuel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
SearchScopes: HKCU - {1F3613DC-3FFD-4179-82E5-20C74157E22A} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {B5FA112D-72FD-4BDF-8597-B58B563A16AD} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {E2DB4976-5F0E-4397-A0AC-374AF7334A45} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {F22B976B-4028-443F-8A5D-68E54C25519F} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&q={searchTerms}&gu=02163534681b4e178f98431919a87e79&tu=10OW000AZ1B0008&sku=&tstsId=&ver=&&r=460
SearchScopes: HKCU - {F41B6BD3-3914-452B-A1E0-F5F46F3D3E54} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
BHO-x32: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Tube Karaoke - {F351B686-F6AF-45F1-9EB9-684C805B25B1} - C:\Program Files (x86)\YTKaraoke\ytkaraoke.dll No File
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll No File
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
FireFox:
========
FF ProfilePath: C:\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\cszls3sc.default
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\cszls3sc.default\Extensions\youtubeunblocker@unblocker.yt.xpi [2013-02-08]
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKCU\...\Firefox\Extensions: [YTKaraoke@DacSoft.org] - C:\Program Files (x86)\YTKaraoke\FF\
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [lgnhgbflngpggpmpfdkhmhmfdophhepe] - C:\Program Files (x86)\YTKaraoke\Chrome.crx []
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-28] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-09-22] ()
==================== Drivers (Whitelisted) ====================
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-21] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
S3 HRMACPI; SYSTEM32\DRIVERS\HRMACPI.SYS [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 SOFTUSBTESTHUB; SYSTEM32\DRIVERS\SOFTUSBTESTHUB.SYS [X]
S3 SOFTWADP; SYSTEM32\DRIVERS\SOFTWADP.SYS [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WSOFTUSBK; SYSTEM32\DRIVERS\WSOFTUSBK.SYS [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-30 23:26 - 2014-03-30 23:27 - 00014755 _____ () C:\Users\Manuel\Desktop\FRST.txt
2014-03-30 23:22 - 2014-03-30 23:22 - 00001077 _____ () C:\Users\Manuel\Desktop\checkup.txt
2014-03-30 23:15 - 2014-03-30 23:15 - 00987442 _____ () C:\Users\Manuel\Desktop\SecurityCheck.exe
2014-03-28 13:19 - 2014-03-28 13:19 - 02347384 _____ (ESET) C:\Users\Manuel\Desktop\esetsmartinstaller_enu.exe
2014-03-28 13:18 - 2014-03-28 13:18 - 00025816 _____ () C:\Users\Manuel\Desktop\mbam.txt
2014-03-28 12:42 - 2014-03-30 23:06 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 12:40 - 2014-03-28 12:40 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-28 12:40 - 2014-03-28 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 12:40 - 2014-03-28 12:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-28 12:40 - 2014-03-05 10:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-28 12:40 - 2014-03-05 10:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-28 12:40 - 2014-03-05 10:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-28 12:32 - 2014-03-28 12:33 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Manuel\Desktop\mbam-setup-2.0.0.1000.exe
2014-03-28 11:33 - 2014-03-28 11:33 - 00001264 _____ () C:\Users\Manuel\Desktop\Revo Uninstaller.lnk
2014-03-28 11:33 - 2014-03-28 11:33 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-28 11:31 - 2014-03-28 11:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Manuel\Desktop\revosetup95.exe
2014-03-28 10:32 - 2014-03-28 10:32 - 00007484 _____ () C:\Users\Manuel\Desktop\Gmer.txt
2014-03-28 09:48 - 2014-03-28 09:48 - 00000474 _____ () C:\Users\Manuel\Desktop\defogger_disable.log
2014-03-28 09:48 - 2014-03-28 09:48 - 00000168 _____ () C:\Users\Manuel\defogger_reenable
2014-03-28 09:45 - 2014-03-28 09:45 - 00380416 _____ () C:\Users\Manuel\Desktop\Gmer-19357.exe
2014-03-28 09:43 - 2014-03-28 12:38 - 00000000 ____D () C:\Users\Manuel\Desktop\Musik
2014-03-28 09:43 - 2014-03-28 09:43 - 00050477 _____ () C:\Users\Manuel\Desktop\Defogger.exe
2014-03-28 09:28 - 2014-03-30 23:27 - 00000000 ____D () C:\FRST
2014-03-28 09:27 - 2014-03-28 09:28 - 02157056 _____ (Farbar) C:\Users\Manuel\Desktop\FRST64.exe
2014-03-28 09:00 - 2014-03-30 23:03 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-03-28 09:00 - 2014-03-28 09:00 - 00001189 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-03-28 09:00 - 2014-03-28 09:00 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Nico Mak Computing
2014-03-28 09:00 - 2014-03-28 09:00 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-03-28 09:00 - 2014-03-28 09:00 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-03-28 09:00 - 2013-03-15 18:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-03-28 08:59 - 2014-03-30 23:27 - 00000000 ____D () C:\Users\Manuel\Desktop\Schutzsofware
2014-03-28 08:52 - 2014-03-28 08:52 - 00000000 ____D () C:\Windows\ERUNT
2014-03-28 08:34 - 2014-03-28 08:36 - 00000000 ____D () C:\AdwCleaner
2014-03-28 08:29 - 2014-03-28 08:29 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-28 08:11 - 2014-03-28 08:11 - 00281656 _____ () C:\Windows\Minidump\032814-27970-01.dmp
2014-03-28 00:19 - 2014-03-28 08:11 - 515177084 _____ () C:\Windows\MEMORY.DMP
2014-03-28 00:19 - 2014-03-28 08:11 - 00000000 ____D () C:\Windows\Minidump
2014-03-28 00:19 - 2014-03-28 00:19 - 00291144 _____ () C:\Windows\Minidump\032714-20217-01.dmp
2014-03-27 15:47 - 2014-03-27 15:47 - 00000000 ____D () C:\Users\Manuel\Desktop\Unikram
2014-03-20 16:50 - 2014-03-20 16:50 - 00000102 ____H () C:\Users\Manuel\Desktop\.~lock.Ultraproduktiv2.odt#
2014-03-17 15:38 - 2014-03-17 15:38 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-17 15:38 - 2014-03-17 15:38 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-17 15:38 - 2014-03-17 15:38 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Skype
2014-03-12 12:11 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 12:11 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 12:11 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 12:11 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 12:11 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 12:11 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 12:11 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 12:11 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 12:11 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 12:11 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 12:11 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 12:11 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 12:10 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 12:10 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 12:10 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 12:10 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 12:10 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 12:10 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 12:10 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 12:10 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 12:10 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 12:10 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 12:10 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 12:10 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 12:10 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 12:10 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 12:10 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 12:10 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 12:10 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 12:10 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 12:10 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 12:10 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 12:10 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 12:10 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 12:10 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 12:10 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 12:10 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 12:10 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 12:10 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 12:10 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 12:10 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 12:10 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 12:10 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 12:10 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 12:10 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 12:10 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 12:10 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 12:10 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-01 10:38 - 2014-03-01 10:38 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
==================== One Month Modified Files and Folders =======
2014-03-30 23:27 - 2014-03-30 23:26 - 00014755 _____ () C:\Users\Manuel\Desktop\FRST.txt
2014-03-30 23:27 - 2014-03-28 09:28 - 00000000 ____D () C:\FRST
2014-03-30 23:27 - 2014-03-28 08:59 - 00000000 ____D () C:\Users\Manuel\Desktop\Schutzsofware
2014-03-30 23:22 - 2014-03-30 23:22 - 00001077 _____ () C:\Users\Manuel\Desktop\checkup.txt
2014-03-30 23:19 - 2013-01-23 00:23 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Skype
2014-03-30 23:15 - 2014-03-30 23:15 - 00987442 _____ () C:\Users\Manuel\Desktop\SecurityCheck.exe
2014-03-30 23:13 - 2009-07-14 06:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-30 23:13 - 2009-07-14 06:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-30 23:12 - 2013-01-21 16:14 - 01775851 _____ () C:\Windows\WindowsUpdate.log
2014-03-30 23:08 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-03-30 23:08 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-03-30 23:08 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-30 23:06 - 2014-03-28 12:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-30 23:03 - 2014-03-28 09:00 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-03-30 23:03 - 2013-02-22 19:38 - 00000000 ____D () C:\Users\Manuel\AppData\Local\LogMeIn Hamachi
2014-03-30 23:03 - 2013-02-02 16:37 - 00000000 ___RD () C:\Users\Manuel\Dropbox
2014-03-30 23:03 - 2013-02-02 16:32 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Dropbox
2014-03-30 23:02 - 2013-01-23 00:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-30 23:02 - 2013-01-21 22:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-30 23:02 - 2010-11-21 05:47 - 00960676 _____ () C:\Windows\PFRO.log
2014-03-30 23:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-30 23:02 - 2009-07-14 06:51 - 00103963 _____ () C:\Windows\setupact.log
2014-03-28 18:45 - 2013-01-21 16:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 17:16 - 2013-02-24 02:23 - 00000000 ____D () C:\Users\Manuel\Documents\Spiele
2014-03-28 16:40 - 2013-03-28 19:09 - 00000000 ____D () C:\Users\Manuel\Documents\Neuer Ordner
2014-03-28 13:19 - 2014-03-28 13:19 - 02347384 _____ (ESET) C:\Users\Manuel\Desktop\esetsmartinstaller_enu.exe
2014-03-28 13:18 - 2014-03-28 13:18 - 00025816 _____ () C:\Users\Manuel\Desktop\mbam.txt
2014-03-28 13:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security
2014-03-28 12:40 - 2014-03-28 12:40 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-28 12:40 - 2014-03-28 12:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-28 12:40 - 2014-03-28 12:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-28 12:38 - 2014-03-28 09:43 - 00000000 ____D () C:\Users\Manuel\Desktop\Musik
2014-03-28 12:33 - 2014-03-28 12:32 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Manuel\Desktop\mbam-setup-2.0.0.1000.exe
2014-03-28 11:52 - 2013-01-23 16:18 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-28 11:33 - 2014-03-28 11:33 - 00001264 _____ () C:\Users\Manuel\Desktop\Revo Uninstaller.lnk
2014-03-28 11:33 - 2014-03-28 11:33 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-28 11:31 - 2014-03-28 11:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Manuel\Desktop\revosetup95.exe
2014-03-28 10:32 - 2014-03-28 10:32 - 00007484 _____ () C:\Users\Manuel\Desktop\Gmer.txt
2014-03-28 09:48 - 2014-03-28 09:48 - 00000474 _____ () C:\Users\Manuel\Desktop\defogger_disable.log
2014-03-28 09:48 - 2014-03-28 09:48 - 00000168 _____ () C:\Users\Manuel\defogger_reenable
2014-03-28 09:48 - 2013-01-21 16:19 - 00000000 ____D () C:\Users\Manuel
2014-03-28 09:45 - 2014-03-28 09:45 - 00380416 _____ () C:\Users\Manuel\Desktop\Gmer-19357.exe
2014-03-28 09:45 - 2013-02-14 23:54 - 00000000 ____D () C:\Users\Manuel\Documents\Desktopstuff
2014-03-28 09:43 - 2014-03-28 09:43 - 00050477 _____ () C:\Users\Manuel\Desktop\Defogger.exe
2014-03-28 09:28 - 2014-03-28 09:27 - 02157056 _____ (Farbar) C:\Users\Manuel\Desktop\FRST64.exe
2014-03-28 09:00 - 2014-03-28 09:00 - 00001189 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-03-28 09:00 - 2014-03-28 09:00 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\Nico Mak Computing
2014-03-28 09:00 - 2014-03-28 09:00 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-03-28 09:00 - 2014-03-28 09:00 - 00000000 ____D () C:\Program Files (x86)\WinZip Malware Protector
2014-03-28 08:52 - 2014-03-28 08:52 - 00000000 ____D () C:\Windows\ERUNT
2014-03-28 08:36 - 2014-03-28 08:34 - 00000000 ____D () C:\AdwCleaner
2014-03-28 08:35 - 2013-10-17 11:35 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\CheckPoint
2014-03-28 08:32 - 2013-12-18 17:32 - 00000177 _____ () C:\Users\Manuel\AppData\Roaming\WB.CFG
2014-03-28 08:29 - 2014-03-28 08:29 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-28 08:11 - 2014-03-28 08:11 - 00281656 _____ () C:\Windows\Minidump\032814-27970-01.dmp
2014-03-28 08:11 - 2014-03-28 00:19 - 515177084 _____ () C:\Windows\MEMORY.DMP
2014-03-28 08:11 - 2014-03-28 00:19 - 00000000 ____D () C:\Windows\Minidump
2014-03-28 08:09 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-28 02:15 - 2013-12-14 23:35 - 00000000 ____D () C:\Users\Manuel\AppData\Roaming\TS3Client
2014-03-28 00:19 - 2014-03-28 00:19 - 00291144 _____ () C:\Windows\Minidump\032714-20217-01.dmp
2014-03-27 17:26 - 2014-01-27 18:03 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Battle.net
2014-03-27 15:47 - 2014-03-27 15:47 - 00000000 ____D () C:\Users\Manuel\Desktop\Unikram
2014-03-23 23:25 - 2013-01-25 20:34 - 00000288 _____ () C:\Users\Manuel\.dsa4.properties
2014-03-23 23:25 - 2013-01-25 20:27 - 00000000 ____D () C:\Program Files (x86)\Helden-Software
2014-03-22 12:29 - 2014-01-27 18:03 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-20 20:02 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-20 16:50 - 2014-03-20 16:50 - 00000102 ____H () C:\Users\Manuel\Desktop\.~lock.Ultraproduktiv2.odt#
2014-03-17 15:38 - 2014-03-17 15:38 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-17 15:38 - 2014-03-17 15:38 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-17 15:38 - 2014-03-17 15:38 - 00000000 ____D () C:\Users\Manuel\AppData\Local\Skype
2014-03-17 15:38 - 2013-01-23 00:23 - 00000000 ____D () C:\ProgramData\Skype
2014-03-16 20:27 - 2013-08-28 16:54 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-16 17:33 - 2014-01-27 18:16 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-16 17:17 - 2013-01-25 20:34 - 00085645 _____ () C:\Users\Manuel\.heldEinstellungen4_1.xml
2014-03-13 15:22 - 2009-07-14 06:45 - 00294880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 13:45 - 2013-01-21 16:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 13:45 - 2013-01-21 16:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 13:45 - 2013-01-21 16:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-08 13:34 - 2013-01-21 22:41 - 00000000 ____D () C:\Users\Manuel\Documents\The Binding of Isaac
2014-03-05 10:26 - 2014-03-28 12:40 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 10:26 - 2014-03-28 12:40 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 10:26 - 2014-03-28 12:40 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-03 19:05 - 2014-02-04 16:58 - 00000000 ____D () C:\Users\Manuel\Desktop\Hufeland
2014-03-01 10:38 - 2014-03-01 10:38 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-03-01 10:38 - 2013-05-22 22:29 - 00000926 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-03-01 08:05 - 2014-03-12 12:10 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 07:17 - 2014-03-12 12:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 07:16 - 2014-03-12 12:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 06:58 - 2014-03-12 12:11 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 06:52 - 2014-03-12 12:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 06:51 - 2014-03-12 12:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 06:42 - 2014-03-12 12:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 06:40 - 2014-03-12 12:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 06:37 - 2014-03-12 12:10 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 06:33 - 2014-03-12 12:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 06:33 - 2014-03-12 12:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 06:32 - 2014-03-12 12:10 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 06:30 - 2014-03-12 12:11 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 06:23 - 2014-03-12 12:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 06:17 - 2014-03-12 12:10 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 06:11 - 2014-03-12 12:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 06:02 - 2014-03-12 12:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 05:54 - 2014-03-12 12:10 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 05:52 - 2014-03-12 12:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 05:51 - 2014-03-12 12:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 05:47 - 2014-03-12 12:11 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 05:43 - 2014-03-12 12:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 05:43 - 2014-03-12 12:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 05:42 - 2014-03-12 12:10 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 05:40 - 2014-03-12 12:10 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 05:38 - 2014-03-12 12:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 05:37 - 2014-03-12 12:10 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 05:35 - 2014-03-12 12:10 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 05:18 - 2014-03-12 12:10 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 05:16 - 2014-03-12 12:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 05:14 - 2014-03-12 12:10 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 05:10 - 2014-03-12 12:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 05:03 - 2014-03-12 12:11 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 05:00 - 2014-03-12 12:10 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 04:57 - 2014-03-12 12:10 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 04:38 - 2014-03-12 12:10 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 04:32 - 2014-03-12 12:10 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 04:27 - 2014-03-12 12:11 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 04:25 - 2014-03-12 12:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 04:25 - 2014-03-12 12:10 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
Files to move or delete:
====================
C:\ProgramData\CleanupFiles.exe
Some content of TEMP:
====================
C:\Users\Manuel\AppData\Local\Temp\1385723378_wedownload.exe
C:\Users\Manuel\AppData\Local\Temp\39472-666335-guitar-pro.exe
C:\Users\Manuel\AppData\Local\Temp\aoe3-114-german.exe
C:\Users\Manuel\AppData\Local\Temp\AskSLib.dll
C:\Users\Manuel\AppData\Local\Temp\AutoRun.exe
C:\Users\Manuel\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Manuel\AppData\Local\Temp\avgnt.exe
C:\Users\Manuel\AppData\Local\Temp\devcon64.exe
C:\Users\Manuel\AppData\Local\Temp\EAInstall.dll
C:\Users\Manuel\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Manuel\AppData\Local\Temp\InstallAX.exe
C:\Users\Manuel\AppData\Local\Temp\install_flashplayer11x32au_mssa_aih_1.exe
C:\Users\Manuel\AppData\Local\Temp\instloffer.exe
C:\Users\Manuel\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Manuel\AppData\Local\Temp\Quarantine.exe
C:\Users\Manuel\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Manuel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Manuel\AppData\Local\Temp\sonarinst.exe
C:\Users\Manuel\AppData\Local\Temp\standalonepatcher.exe
C:\Users\Manuel\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Manuel\AppData\Local\Temp\tempkar.exe
C:\Users\Manuel\AppData\Local\Temp\uninst1.exe
C:\Users\Manuel\AppData\Local\Temp\uninstaller.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-20 19:52
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Manuel at 2014-03-30 23:28:05
Running from C:\Users\Manuel\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
[translation missing: EVERemoveOnly] (HKLM-x32\...\EVE) (Version: - CCP Games Ltd.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
AIWI (HKLM-x32\...\InstallShield_{B3E74336-F275-40D9-BFAB-2FCB765609F5}) (Version: 1.1.2.05202 - Aibelive Co., Ltd.)
AIWI (x32 Version: 1.1.2.05202 - Aibelive Co., Ltd.) Hidden
AIWI JoyStick (HKLM\...\{48BB9EBA-C929-4D7E-AF43-21B4427373EB}) (Version: 1.0.0 - aibelive)
AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{DD562794-C098-A1E5-66ED-10E8BD1C84C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0504.1554.26509 - Ihr Firmenname) Hidden
Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version: - )
Arma 3 Alpha Lite (HKLM-x32\...\Steam App 228800) (Version: - Bohemia Interactive)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Aufstieg des Hexenkönigs™ (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version: - )
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bastion (HKLM-x32\...\{7AF3D8F2-B2C2-4F8B-AFA4-C90001F56B1A}) (Version: 1.0.2 - Supergiant Games)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - )
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version: - Criterion Games)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - )
Catalyst Control Center (x32 Version: 2012.0504.1554.26509 - Ihr Firmenname) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0504.1553.26509 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0504.1554.26509 - Advanced Micro Devices, Inc.) Hidden
Chivalry - Medieval Warfare (HKLM-x32\...\Chivalry - Medieval Warfare_is1) (Version: - )
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version: - Crytek Studios)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
Dead Space (HKLM-x32\...\Steam App 17470) (Version: - EA Redwood Shores)
Device Simulation Framework 1.0.1 (HKLM\...\{C7966AB3-A8D9-48D5-B7DF-922674C40098}) (Version: 1.0.1 - Microsoft)
Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.57.62 - Electronic Arts)
Dino D-Day (HKLM-x32\...\Steam App 70000) (Version: - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dragon Age Origins GotYE (HKLM-x32\...\Dragon Age Origins GotYE_is1) (Version: - wepa)
Drakensang - Am Fluss der Zeit (HKLM-x32\...\Drakensang_TRoT_is1) (Version: - dtp)
Drakensang (Patch Version 1.02) (HKLM-x32\...\Drakensang_is1) (Version: - dtp AG)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
DSA4 Werkzeug 1.32 (HKLM-x32\...\DSA4 Werkzeug_is1) (Version: - Denny Vrandecic)
Dungeon Crafter v1.4.0 (HKLM-x32\...\ST6UNST #1) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version: - Christian Kindahl)
Java 7 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217011FF}) (Version: 7.0.110 - Oracle)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version: - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.173 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.173 - LogMeIn, Inc.) Hidden
Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios AB)
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 19.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 19.0 (x86 de)) (Version: 19.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 19.0 - Mozilla)
MSI Afterburner 2.2.0 Beta 15 (HKLM-x32\...\Afterburner) (Version: 2.2.0 Beta 15 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
musikCube 1.1 (HKLM-x32\...\musikCube) (Version: 1.1 - Casey Langen)
Neverwinter (HKLM-x32\...\Neverwinter) (Version: - Cryptic Studios)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.34.0 - Black Tree Gaming)
NVIDIA 3D Vision Controller-Treiber 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.90 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Design Garage (HKLM-x32\...\{66C7814A-DBE1-4DE5-85A5-29D5F1D26EC4}) (Version: 1.0.0.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Supersonic Sled demo (HKLM-x32\...\Supersonic Sled) (Version: - )
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.3.2.2730 - Electronic Arts, Inc.)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.0 - Frank Heindörfer, Philip Chinery)
PlanetSide 2 (HKCU\...\soe-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Qtrax Player (HKCU\...\1716480290.portal.qtrax.com) (Version: - portal.qtrax.com)
Qtrax Player (HKLM-x32\...\{2D5BEFA3-889A-4AD5-8771-310BAEB0E2FC}) (Version: 1.00.0001 - Qtrax)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )
Section 8: Prejudice (HKLM-x32\...\GFWL_{544707D4-E543-419D-87B2-5D1000008200}) (Version: 1.0.0000.130 - TimeGate Studios)
Section 8: Prejudice (x32 Version: 1.0.0000.130 - TimeGate Studios) Hidden
Section 8: Prejudice (x32 Version: 1.0.0002.130 - TimeGate Studios) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Silent Hill (HKLM-x32\...\Silent Hill1.2.1) (Version: - )
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Stadtplan Generator 5.40 (HKLM-x32\...\{53328244-E005-46A3-B39F-A15F005FECEB}) (Version: 5.4.0.0 - )
StarForge Alpha (HKLM-x32\...\Steam App 227680) (Version: - CodeHatch)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steamless Left4Dead2 Pack (HKLM-x32\...\Steamless Left4Dead2 Pack) (Version: 1.0 - Steamless)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
Tube Karaoke (HKLM-x32\...\YTKaraoke@DacSoft.org) (Version: - Dacotta SoftEngineering)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
WEB.DE MailCheck für Internet Explorer (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.4.1.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10798 - WinZip International LLC)
Worms Armageddon (HKLM-x32\...\Worms Armageddon) (Version: - )
ZoneAlarm Security Toolbar (x32 Version: 1.8.11.11 - Check Point Software Technologies LTD) Hidden
==================== Restore Points =========================
12-03-2014 22:37:44 Windows Update
21-03-2014 20:29:36 Geplanter Prüfpunkt
28-03-2014 06:28:44 Removed SweetIM for Messenger 3.7
30-03-2014 21:11:26 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {02C3B71F-30E6-4A83-B8A8-17AA5CEF7E34} - \weDownload-updater No Task File
Task: {101E3F08-D2BC-4EF3-9E93-1D569F3C5C8D} - \BitGuard No Task File
Task: {3204C24B-8E69-43A3-9720-55CA5F76DBCF} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {7EBBF41F-01CF-4919-B8E8-C71DB3A7E4BF} - \weDownload-firefoxinstaller No Task File
Task: {88C462E3-D331-4D0E-A173-5556B2576B4D} - \weDownload-chromeinstaller No Task File
Task: {A0FFDB32-E7FC-4821-9E92-5C4A5A076F52} - \weDownload-codedownloader No Task File
Task: {AD925D94-04AB-475D-95BF-0D1FD70B0DAB} - \DealPlyLiveUpdateTaskMachineUA No Task File
Task: {B2E4FAAD-6789-4407-B877-620C29314FB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {C017DFC7-0BCA-4231-84B2-DAB5F2C4B789} - \DealPlyLiveUpdateTaskMachineCore No Task File
Task: {DB0E661C-6972-4038-A563-D90F4EDD6D1E} - \weDownload-enabler No Task File
Task: {DD96C001-B258-4299-AE06-3237A505B600} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-07-15] (Nico Mak Computing)
Task: {FACE4982-1E31-42A5-870B-EA7F4D5C7AEA} - \Dealply No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-01-21 22:03 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-24 23:31 - 2013-09-22 19:20 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-03-08 18:04 - 2012-12-18 10:31 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-03-28 09:00 - 2013-02-28 17:53 - 00886272 _____ () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll
2014-03-28 09:00 - 2013-07-15 17:53 - 01717936 _____ () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll
2014-01-08 15:37 - 2013-12-13 00:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-08 15:37 - 2013-11-05 03:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-03-12 18:10 - 2014-02-11 04:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-01-23 00:43 - 2014-02-25 23:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-01-23 00:43 - 2014-01-11 01:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-01-23 00:43 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-01-23 00:43 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-01-23 00:43 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Manuel\AppData\Roaming\Dropbox\bin\libcef.dll
2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-08-10 17:50 - 2012-08-10 17:50 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
2013-03-08 18:04 - 2012-12-18 10:31 - 00397704 _____ () C:\program files (x86)\avira\antivir desktop\sqlite3.dll
2014-03-12 13:45 - 2014-03-12 13:45 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
2013-03-05 16:42 - 2013-07-07 11:20 - 00835584 _____ () C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
2013-03-05 16:42 - 2013-07-07 11:20 - 00093696 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
2013-03-05 16:42 - 2013-07-07 11:20 - 00094208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
2013-03-05 16:42 - 2013-07-07 11:20 - 00057344 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
2013-03-05 16:42 - 2013-07-07 11:20 - 00096256 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
2013-03-05 16:42 - 2013-07-07 11:20 - 00062976 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
2013-03-05 16:42 - 2013-07-07 11:20 - 00067072 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
2013-03-05 16:42 - 2013-07-07 11:20 - 00158208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2013-03-05 16:42 - 2013-07-07 11:20 - 00312832 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
2013-03-05 16:42 - 2013-07-07 11:20 - 00038912 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
2013-03-05 16:42 - 2013-07-07 11:20 - 00073728 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
2013-03-05 16:42 - 2013-07-07 11:20 - 00101888 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/30/2014 11:11:26 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (03/30/2014 11:11:25 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (03/30/2014 11:10:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (03/30/2014 11:04:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/28/2014 01:19:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (03/28/2014 01:19:51 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (03/28/2014 01:15:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/28/2014 00:10:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/28/2014 00:00:29 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "DeviceIoControl(\\?\Volume{8b8b7121-63d4-11e2-a11f-806e6f6e6963} - 0000000000000130,0x0053c008,0000000000417FB0,0,0000000000418FC0,4096,[0])". hr = 0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.
.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (03/28/2014 11:50:21 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" ; Beschreibung = Revo Uninstaller's restore point - Gratuitous Space Battles; Fehler = 0x81000101).
System errors:
=============
Error: (03/28/2014 00:00:29 PM) (Source: volsnap) (User: )
Description: Die Schattenkopie des erstellten Volumes "C:" konnte nicht installiert werden.
Microsoft Office Sessions:
=========================
Error: (03/30/2014 11:11:26 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
Error: (03/30/2014 11:11:25 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
Error: (03/30/2014 11:10:04 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (03/30/2014 11:04:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/28/2014 01:19:57 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Manuel\Desktop\esetsmartinstaller_enu.exe
Error: (03/28/2014 01:19:51 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Manuel\Desktop\esetsmartinstaller_enu.exe
Error: (03/28/2014 01:15:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/28/2014 00:10:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/28/2014 00:00:29 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{8b8b7121-63d4-11e2-a11f-806e6f6e6963} - 0000000000000130,0x0053c008,0000000000417FB0,0,0000000000418FC0,4096,[0])0x80070079, Das Zeitlimit für die Semaphore wurde erreicht.
Vorgang:
EndPrepareSnapshots wird verarbeitet
Kontext:
Ausführungskontext: System Provider
Error: (03/28/2014 11:50:21 AM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" Revo Uninstaller's restore point - Gratuitous Space Battles0x81000101
CodeIntegrity Errors:
===================================
Date: 2013-10-17 23:20:49.514
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-17 23:09:07.280
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-17 15:31:07.033
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-17 13:51:34.865
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 33%
Total physical RAM: 8190.18 MB
Available physical RAM: 5452.37 MB
Total Pagefile: 16378.54 MB
Available Pagefile: 13219.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:416.7 GB) NTFS
Drive g: () (Removable) (Total:1.86 GB) (Free:1.25 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 0CB92964)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 69737369)
No partition Table on disk 1.
==================== End Of Log ============================
Die erwähnte Datei, die der Revo Uninstaller nicht gefunden hat, hab ich auch manuell nirgends entdeckt... :(
Lohnt es sich ein weiteres/anderes Anti-Viren-Programm (ich habe wie gesagt Avira) zu holen, oder doppeln die sich zu stark?
Editiert: Habe grade nochmal Avira gucken lassen ob der Trojaner (TR/BProtector.gen) jetzt weg ist, allerdings wird der immer noch gefunden :(
LG Manuel |
So funktioniert es:
Malwarebytes Anti-Malware 
SecurityCheck und: