Trojaner-Board - Windows 7: Alle Browser öffnen komische Seiten(online-casinos)

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows 7: Alle Browser öffnen komische Seiten(online-casinos) (https://www.trojaner-board.de/155546-windows-7-alle-browser-oeffnen-komische-seiten-online-casinos.html)

Windows 7: Alle Browser öffnen komische Seiten(online-casinos)

Seit ein paar Tagen öffnen sich bei mir in unregelmäßigen Abständen komische Seiten.Das tritt z.B. auf wenn ich bei google Suchergebnisse anklicke oder generell auf anderen Seiten neue Tabs öffne.

defrogger:

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 10:34 on 21/06/2014 (Max)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

FRST:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01

Ran by Max (administrator) on MAX-PC on 21-06-2014 10:45:52

Running from C:\Users\Max\Desktop

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 8

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe

(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

() C:\Program Files (x86)\Security Updates Service\winupdsvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Program Files (x86)\HypeNet\updateHypeNet.exe

() C:\Program Files (x86)\HypeNet\bin\utilHypeNet.exe

() C:\Program Files (x86)\HypeNet\bin\HypeNet.BrowserAdapter.exe

() C:\Program Files (x86)\HypeNet\bin\HypeNet.PurBrowse64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Users\Max\Desktop\Defogger.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-06] (Realtek Semiconductor)

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1096480 2013-11-29] (NVIDIA Corporation)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-06] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKU\S-1-5-21-3157235878-4259759608-4195695675-1000\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [242688 2013-11-05] (SteelSeries ApS)

Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk

ShortcutTarget: Curse.lnk -> C:\Users\Max\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPxaISMkHdlmbcGktBgceMVIus_zJpLlGeicNvhaZXGmtPuVNQxpia1TPSXHrvFg&q={searchTerms}

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPAQtnBgxwlmUcv8eI13Fy51n8-1q9LK65Y0ixZ4-5fW3qrdz-7DKire2vxYieHb

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6D9B2C8A02E3CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPxaISMkHdlmbcGktBgceMVIus_zJpLlGeicNvhaZXGmtPuVNQxpia1TPSXHrvFg&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383&q={searchTerms}

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383

SearchScopes: HKLM - DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL = hxxp://wow.utop.it/?q={searchTerms}

SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383&q={searchTerms}

SearchScopes: HKLM - {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL = hxxp://wow.utop.it/?q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL = hxxp://wow.utop.it/?q={searchTerms}

SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPxaISMkHdlmbcGktBgceMVIus_zJpLlGeicNvhaZXGmtPuVNQxpia1TPSXHrvFn&q={searchTerms}

SearchScopes: HKLM-x32 - {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL = hxxp://wow.utop.it/?q={searchTerms}

SearchScopes: HKCU - DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL = hxxp://wow.utop.it/?q={searchTerms}

SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPxaISMkHdlmbcGktBgceMVIus_zJpLlGeicNvhaZXGmtPuVNQxpia1TPSXHrvFg&q={searchTerms}

SearchScopes: HKCU - {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL = hxxp://wow.utop.it/?q={searchTerms}

BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: EZ YouTube Video Downloader 1.0 - {FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A} - C:\Program Files (x86)\EZ YouTube Video Downloader\yvd.dll (XtensionPlus)

Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File

Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default

FF NewTab: chrome://quick_start/content/index.html

FF DefaultSearchEngine: wow search

FF SearchEngineOrder.1: wow search

FF SelectedSearchEngine: wow search

FF Homepage: hxxp://www.facebook.com/

FF Keyword.URL: hxxp://wow.utop.it/?q={searchTerms}

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\searchplugins\search_engine.xml

FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\searchplugins\Web Search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qone8.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Quick Start - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\Extensions\quick_start@gmail.com [2014-04-13]

FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-16]

FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox

FF HKLM\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}

FF Extension: EZ YouTube Video Downloader - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B} [2014-04-13]

FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com

FF Extension: Quick Start - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com [2014-04-13]

FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox

FF HKLM-x32\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}

FF Extension: EZ YouTube Video Downloader - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B} [2014-04-13]
 

Chrome: 

=======

CHR HomePage: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPAQtnBgxwlmUcv8eI13Fy51n8-1q9LK65Y0ixZ4-5fW3qrdz-7DKire2vxYieHb

CHR StartupUrls: "hxxp://google.de/", "hxxp://www.twitch.tv/marcelamariaeuw"

CHR NewTab: "chrome-extension://mnhlhlpdiiefbhhmoljklbejhnlgniop/index.html"

CHR DefaultSearchKeyword: wow.utop.it

CHR DefaultSearchProvider: wow search

CHR DefaultSearchURL: hxxp://wow.utop.it/?q={searchTerms}

CHR DefaultNewTabURL: 

CHR Extension: (Google Docs) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-02]

CHR Extension: (Google Drive) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-02]

CHR Extension: (YouTube) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-02]

CHR Extension: (Google-Suche) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-02]

CHR Extension: (AdBlock) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-01]

CHR Extension: (Google Wallet) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-02]

CHR Extension: (Google Mail) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-02]

CHR Extension: (EZ YouTube Video Downloader) - C:\Users\Max\AppData\Local\EZ YouTube Video Downloader [2014-06-15]

CHR Extension: (Tab Plus) - C:\Users\Max\AppData\Local\ChromeTabExtension [2014-06-15]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-06] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-06] (Avira Operations GmbH & Co. KG)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-02-07] () [File not signed]

R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)

R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-01-11] ()

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-01] ()

R2 Security Updates Service; C:\Program Files (x86)\Security Updates Service\winupdsvc.exe [2019840 2014-06-11] () [File not signed]

R2 Update HypeNet; C:\Program Files (x86)\HypeNet\updateHypeNet.exe [317720 2014-06-21] ()

R2 Util HypeNet; C:\Program Files (x86)\HypeNet\bin\utilHypeNet.exe [317720 2014-06-21] ()

R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [566272 2014-04-11] (Cherished Technololgy LIMITED) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [47512 2013-01-10] (Asmedia Technology)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-06] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-06] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)

R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-27] (Intel Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)

R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

R1 {b1ce3ece-1927-4e6e-b064-2f9628964a7a}Gw64; C:\Windows\System32\drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}Gw64.sys [61112 2014-05-22] (StdLib)

R1 {b1ce3ece-1927-4e6e-b064-2f9628964a7a}w64; C:\Windows\System32\drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}w64.sys [61112 2014-06-09] (StdLib)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-06-21 10:45 - 2014-06-21 10:45 - 00020507 _____ () C:\Users\Max\Desktop\FRST.txt

2014-06-21 10:45 - 2014-06-21 10:45 - 00000000 ____D () C:\FRST

2014-06-21 10:35 - 2014-06-21 10:36 - 02083328 _____ (Farbar) C:\Users\Max\Desktop\FRST64.exe

2014-06-21 10:34 - 2014-06-21 10:34 - 00000468 _____ () C:\Users\Max\Desktop\defogger_disable.log

2014-06-21 10:34 - 2014-06-21 10:34 - 00000000 _____ () C:\Users\Max\defogger_reenable

2014-06-21 10:25 - 2014-06-21 10:25 - 00050477 _____ () C:\Users\Max\Desktop\Defogger.exe

2014-06-20 18:12 - 2014-06-21 02:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-06-15 16:07 - 2014-06-15 16:07 - 00000000 ____D () C:\Users\Max\AppData\Local\EZ YouTube Video Downloader

2014-06-15 13:06 - 2014-06-15 13:06 - 00000000 ____D () C:\Users\Max\AppData\Local\ChromeTabExtension

2014-06-14 11:41 - 2014-06-09 12:08 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}w64.sys

2014-06-08 18:15 - 2014-06-08 18:15 - 02624008 _____ () C:\Users\Max\Downloads\Fraps-Crack-by-HZHD.rar

2014-06-08 18:15 - 2014-06-08 18:15 - 00000562 _____ () C:\Users\Public\Desktop\Fraps.lnk

2014-06-08 18:15 - 2014-06-08 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps

2014-06-08 18:15 - 2014-06-08 18:15 - 00000000 ____D () C:\Fraps

2014-06-08 18:12 - 2014-06-08 18:12 - 00001038 _____ () C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk

2014-06-08 18:12 - 2014-06-08 18:12 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Publish Providers

2014-06-08 18:12 - 2014-06-08 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

2014-06-08 18:11 - 2014-06-08 18:11 - 00000000 ____D () C:\Program Files\Sony

2014-06-08 18:11 - 2014-06-08 18:11 - 00000000 ____D () C:\Program Files (x86)\Sony

2014-06-08 18:06 - 2014-06-08 18:06 - 36764204 _____ () C:\Users\Max\Downloads\SonyVegas Pro 12 crack.zip

2014-06-08 18:02 - 2014-06-08 18:02 - 00000212 _____ () C:\Users\Max\Desktop\Magic 2014.url

2014-06-08 17:58 - 2014-06-08 18:11 - 00000000 ____D () C:\Users\Max\AppData\Local\Sony

2014-06-08 17:55 - 2014-06-08 17:55 - 00699056 _____ () C:\Users\Max\Downloads\Vegas Pro 12 Patch (64-bit) by MultiThemaster.rar

2014-06-08 17:43 - 2014-06-08 18:11 - 00000000 ____D () C:\ProgramData\Sony

2014-06-08 17:42 - 2014-06-08 18:12 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Sony

2014-06-08 11:22 - 2014-06-08 11:22 - 00000000 ____D () C:\Users\Max\AppData\Local\Ubisoft

2014-06-07 15:16 - 2014-06-07 15:17 - 64841770 _____ () C:\Users\Max\Downloads\Pentakill-SmiteandIgnite-320kbps.zip

2014-06-01 15:31 - 2014-06-01 15:31 - 00000212 _____ () C:\Users\Max\Desktop\Tom Clancy's Ghost Recon Phantoms - EU.url

2014-05-31 13:56 - 2014-06-21 01:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-31 13:56 - 2014-05-31 13:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-05-29 15:33 - 2014-05-29 15:33 - 00000470 _____ () C:\Users\Max\Downloads\listen-dsl.asx

2014-05-28 22:30 - 2014-05-28 22:30 - 00000000 ____D () C:\Users\Max\Desktop\King

2014-05-28 18:48 - 2014-05-28 18:48 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Wargaming.net

2014-05-25 21:44 - 2014-05-25 21:44 - 00003846 _____ () C:\Users\Max\Downloads\CSGO Updated1345394917.rar

2014-05-24 13:29 - 2014-05-24 13:29 - 00000658 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk

2014-05-24 13:29 - 2014-05-24 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2

2014-05-24 13:23 - 2014-05-24 13:23 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Guild Wars 2

2014-05-24 13:03 - 2014-05-24 13:23 - 00000000 ____D () C:\Users\Max\Documents\Guild Wars 2

2014-05-23 23:47 - 2014-05-22 18:18 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}Gw64.sys
 

==================== One Month Modified Files and Folders =======
 

2014-06-21 10:45 - 2014-06-21 10:45 - 00020507 _____ () C:\Users\Max\Desktop\FRST.txt

2014-06-21 10:45 - 2014-06-21 10:45 - 00000000 ____D () C:\FRST

2014-06-21 10:40 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-21 10:40 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-21 10:36 - 2014-06-21 10:35 - 02083328 _____ (Farbar) C:\Users\Max\Desktop\FRST64.exe

2014-06-21 10:34 - 2014-06-21 10:34 - 00000468 _____ () C:\Users\Max\Desktop\defogger_disable.log

2014-06-21 10:34 - 2014-06-21 10:34 - 00000000 _____ () C:\Users\Max\defogger_reenable

2014-06-21 10:34 - 2013-11-16 21:08 - 00000000 ____D () C:\Users\Max

2014-06-21 10:30 - 2014-04-11 18:00 - 00000278 _____ () C:\Windows\Tasks\FF Watcher {ED9A41AF-730A-47FF-9DBC-ABE9E7AC2D22}.job

2014-06-21 10:25 - 2014-06-21 10:25 - 00050477 _____ () C:\Users\Max\Desktop\Defogger.exe

2014-06-21 10:20 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini

2014-06-21 10:18 - 2011-04-12 09:43 - 00696622 _____ () C:\Windows\system32\perfh007.dat

2014-06-21 10:18 - 2011-04-12 09:43 - 00147918 _____ () C:\Windows\system32\perfc007.dat

2014-06-21 10:18 - 2009-07-14 07:13 - 01612464 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-21 10:15 - 2013-11-16 21:15 - 00674384 _____ () C:\Windows\WindowsUpdate.log

2014-06-21 10:12 - 2013-11-17 14:14 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-21 10:12 - 2013-11-16 23:51 - 00048118 _____ () C:\Windows\setupact.log

2014-06-21 10:12 - 2013-11-16 21:39 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-06-21 10:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-21 02:32 - 2014-06-20 18:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-06-21 01:54 - 2013-11-17 14:14 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-21 01:49 - 2014-05-31 13:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-20 18:47 - 2014-05-16 14:32 - 00000000 ____D () C:\Users\Max\AppData\Roaming\vlc

2014-06-20 16:49 - 2013-11-17 14:14 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-06-20 16:49 - 2013-11-17 14:14 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-06-20 15:28 - 2014-04-11 17:56 - 00000000 ____D () C:\Program Files (x86)\HypeNet

2014-06-20 15:20 - 2014-04-18 21:58 - 01525193 _____ () C:\ProgramData\yvd_firefox_se.exe

2014-06-20 15:18 - 2014-05-16 11:00 - 02501961 _____ () C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.1.9.exe

2014-06-20 15:18 - 2014-04-18 21:58 - 02032309 _____ () C:\ProgramData\yvd_chrome_se.exe

2014-06-20 15:18 - 2014-04-18 21:58 - 00837543 _____ () C:\ProgramData\yvd_ie_se.exe

2014-06-15 18:29 - 2013-11-16 23:47 - 00000000 ____D () C:\Users\Max\AppData\Roaming\TS3Client

2014-06-15 16:07 - 2014-06-15 16:07 - 00000000 ____D () C:\Users\Max\AppData\Local\EZ YouTube Video Downloader

2014-06-15 13:06 - 2014-06-15 13:06 - 00000000 ____D () C:\Users\Max\AppData\Local\ChromeTabExtension

2014-06-15 13:06 - 2014-04-18 22:01 - 00761485 _____ () C:\ProgramData\ChromeTabExtension.crx

2014-06-13 23:27 - 2014-04-16 19:05 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Skype

2014-06-09 12:08 - 2014-06-14 11:41 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}w64.sys

2014-06-08 18:15 - 2014-06-08 18:15 - 02624008 _____ () C:\Users\Max\Downloads\Fraps-Crack-by-HZHD.rar

2014-06-08 18:15 - 2014-06-08 18:15 - 00000562 _____ () C:\Users\Public\Desktop\Fraps.lnk

2014-06-08 18:15 - 2014-06-08 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps

2014-06-08 18:15 - 2014-06-08 18:15 - 00000000 ____D () C:\Fraps

2014-06-08 18:12 - 2014-06-08 18:12 - 00001038 _____ () C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk

2014-06-08 18:12 - 2014-06-08 18:12 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Publish Providers

2014-06-08 18:12 - 2014-06-08 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

2014-06-08 18:12 - 2014-06-08 17:42 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Sony

2014-06-08 18:11 - 2014-06-08 18:11 - 00000000 ____D () C:\Program Files\Sony

2014-06-08 18:11 - 2014-06-08 18:11 - 00000000 ____D () C:\Program Files (x86)\Sony

2014-06-08 18:11 - 2014-06-08 17:58 - 00000000 ____D () C:\Users\Max\AppData\Local\Sony

2014-06-08 18:11 - 2014-06-08 17:43 - 00000000 ____D () C:\ProgramData\Sony

2014-06-08 18:06 - 2014-06-08 18:06 - 36764204 _____ () C:\Users\Max\Downloads\SonyVegas Pro 12 crack.zip

2014-06-08 18:02 - 2014-06-08 18:02 - 00000212 _____ () C:\Users\Max\Desktop\Magic 2014.url

2014-06-08 18:00 - 2014-05-09 13:39 - 00000555 _____ () C:\Windows\cdplayer.ini

2014-06-08 18:00 - 2014-05-09 13:11 - 00001534 _____ () C:\ProgramData\ss.ini

2014-06-08 17:55 - 2014-06-08 17:55 - 00699056 _____ () C:\Users\Max\Downloads\Vegas Pro 12 Patch (64-bit) by MultiThemaster.rar

2014-06-08 11:22 - 2014-06-08 11:22 - 00000000 ____D () C:\Users\Max\AppData\Local\Ubisoft

2014-06-07 15:17 - 2014-06-07 15:16 - 64841770 _____ () C:\Users\Max\Downloads\Pentakill-SmiteandIgnite-320kbps.zip

2014-06-06 20:16 - 2014-04-07 12:00 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-06-06 20:16 - 2014-04-07 12:00 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-06-01 22:35 - 2014-04-23 18:08 - 00000000 ____D () C:\Users\Max\Desktop\Stronk

2014-06-01 15:31 - 2014-06-01 15:31 - 00000212 _____ () C:\Users\Max\Desktop\Tom Clancy's Ghost Recon Phantoms - EU.url

2014-05-31 13:58 - 2013-11-23 15:08 - 00000000 ____D () C:\ProgramData\Origin

2014-05-31 13:56 - 2014-05-31 13:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-05-31 13:56 - 2013-11-16 21:58 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-05-31 13:56 - 2013-11-16 21:58 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-05-30 21:57 - 2013-12-15 03:44 - 00000000 ____D () C:\Users\Max\AppData\Local\Battle.net

2014-05-29 15:33 - 2014-05-29 15:33 - 00000470 _____ () C:\Users\Max\Downloads\listen-dsl.asx

2014-05-28 22:30 - 2014-05-28 22:30 - 00000000 ____D () C:\Users\Max\Desktop\King

2014-05-28 22:30 - 2014-05-01 01:59 - 00000000 ____D () C:\Users\Max\Desktop\Instalok

2014-05-28 18:48 - 2014-05-28 18:48 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Wargaming.net

2014-05-25 21:44 - 2014-05-25 21:44 - 00003846 _____ () C:\Users\Max\Downloads\CSGO Updated1345394917.rar

2014-05-24 13:29 - 2014-05-24 13:29 - 00000658 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk

2014-05-24 13:29 - 2014-05-24 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2

2014-05-24 13:23 - 2014-05-24 13:23 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Guild Wars 2

2014-05-24 13:23 - 2014-05-24 13:03 - 00000000 ____D () C:\Users\Max\Documents\Guild Wars 2

2014-05-22 18:18 - 2014-05-23 23:47 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}Gw64.sys
 

Files to move or delete:

====================

C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.1.5.exe

C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.1.7.exe

C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.1.8.exe

C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.1.9.exe

C:\ProgramData\yvd_chrome_se.exe

C:\ProgramData\yvd_firefox_se.exe

C:\ProgramData\yvd_ie_se.exe
 
 

Some content of TEMP:

====================

C:\Users\Max\AppData\Local\Temp\avgnt.exe

C:\Users\Max\AppData\Local\Temp\BMW 320I user guide provided through pdfretriever.com.exe

C:\Users\Max\AppData\Local\Temp\Gw2.exe

C:\Users\Max\AppData\Local\Temp\PrefJsonCpp.exe

C:\Users\Max\AppData\Local\Temp\Shockwave_Installer_FF.exe

C:\Users\Max\AppData\Local\Temp\sonarinst.exe

C:\Users\Max\AppData\Local\Temp\sqlite3.exe

C:\Users\Max\AppData\Local\Temp\ubiE690.tmp.exe

C:\Users\Max\AppData\Local\Temp\ubiF780.tmp.exe

C:\Users\Max\AppData\Local\Temp\x2blapi.dll

C:\Users\Max\AppData\Local\Temp\_is3C44.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-06-20 15:38
 

==================== End Of Log ============================

GMER:

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2014-06-21 10:53:34

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1 Samsung_SSD_840_EVO_120GB rev.EXT0BB0Q 111,79GB

Running: 0zbcbesq.exe; Driver: C:\Users\Max\AppData\Local\Temp\uwldypow.sys
 
 

---- User code sections - GMER 2.1 ----
 

.text    C:\ProgramData\IePluginService\PluginService.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                   00000000760c1465 2 bytes [0C, 76]

.text    C:\ProgramData\IePluginService\PluginService.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                  00000000760c14bb 2 bytes [0C, 76]

.text    ...                                                                                                                                                                                                              * 2

.text    C:\Windows\SysWOW64\PnkBstrA.exe[1948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                                                                          00000000734b1a22 2 bytes [4B, 73]

.text    C:\Windows\SysWOW64\PnkBstrA.exe[1948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                                                                          00000000734b1ad0 2 bytes [4B, 73]

.text    C:\Windows\SysWOW64\PnkBstrA.exe[1948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                                                                          00000000734b1b08 2 bytes [4B, 73]

.text    C:\Windows\SysWOW64\PnkBstrA.exe[1948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                                                                          00000000734b1bba 2 bytes [4B, 73]

.text    C:\Windows\SysWOW64\PnkBstrA.exe[1948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                                                                          00000000734b1bda 2 bytes [4B, 73]

.text    C:\Windows\SysWOW64\PnkBstrA.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                   00000000760c1465 2 bytes [0C, 76]

.text    C:\Windows\SysWOW64\PnkBstrA.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                  00000000760c14bb 2 bytes [0C, 76]

.text    ...                                                                                                                                                                                                              * 2

.text    C:\Program Files (x86)\Security Updates Service\winupdsvc.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                      00000000760c1465 2 bytes [0C, 76]

.text    C:\Program Files (x86)\Security Updates Service\winupdsvc.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                     00000000760c14bb 2 bytes [0C, 76]

.text    ...                                                                                                                                                                                                              * 2

.text    C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[3032] C:\Windows\SYSTEM32\ntdll.dll!DbgBreakPoint                                                                                          0000000076d80530 3 bytes [8B, 40, 30]

.text    C:\Program Files (x86)\HypeNet\bin\utilHypeNet.exe[2312] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                                                 00000000760c1465 2 bytes [0C, 76]

.text    C:\Program Files (x86)\HypeNet\bin\utilHypeNet.exe[2312] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                                                00000000760c14bb 2 bytes [0C, 76]

.text    ...                                                                                                                                                                                                              * 2

.text    C:\Program Files (x86)\HypeNet\bin\HypeNet.BrowserAdapter.exe[4488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                      00000000760c1465 2 bytes [0C, 76]

.text    C:\Program Files (x86)\HypeNet\bin\HypeNet.BrowserAdapter.exe[4488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                     00000000760c14bb 2 bytes [0C, 76]

.text    ...                                                                                                                                                                                                              * 2

.text    C:\Users\Max\Desktop\Defogger.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                  00000000760c1465 2 bytes [0C, 76]

.text    C:\Users\Max\Desktop\Defogger.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                 00000000760c14bb 2 bytes [0C, 76]

.text    ...                                                                                                                                                                                                              * 2

---- Processes - GMER 2.1 ----
 

Process  C:\ProgramData\WPM\wprotectmanager.exe (*** suspicious ***) @ C:\ProgramData\WPM\wprotectmanager.exe [1340] (WPM Service/Cherished Technololgy LIMITED)(2                                                        0000000000970000

Library  C:\Users\Max\AppData\Local\Temp\10d2ca4a-28d7-4d81-8c1e-dc42bb6c83fc\CliSecureRT64.dll (*** suspicious ***) @ C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [3032](2013-12-07 18:31:02)  0000000180000000
 

---- EOF - GMER 2.1 ----

Addition:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2014 01

Ran by Max at 2014-06-21 10:46:04

Running from C:\Users\Max\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)

Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.001 - Asmedia Technology)

Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.672 - Avira)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)

Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version:  - Alactro LLC)

Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version:  - )

Call of Duty: Ghosts (HKLM-x32\...\Steam App 209160) (Version:  - Infinity Ward)

CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)

Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)

Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)

DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)

ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)

EZ YouTube Video Downloader (HKLM-x32\...\EZ YouTube Video Downloader) (Version: 1.1.9 - XtensionPlus)

Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )

Free YouTube to MP3 Converter version 3.12.16.1030 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.16.1030 - DVDVideoSoft Ltd.)

FreeRIP MP3 Converter 4.5.2 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.5.2 - GreenTree Applications SRL)

GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)

HypeNet (HKLM\...\HypeNet) (Version: 2014.04.09.194757 - HypeNet) <==== ATTENTION

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)

Intel(R) Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)

Intel(R) Network Connections 18.1.59.0 (Version: 18.1.59.0 - Intel) Hidden

Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden

Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.5.2 - www.leaguereplays.com)

Magic 2014  (HKLM-x32\...\Steam App 213850) (Version:  - Stainless Games)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)

MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden

NVIDIA 3D Vision Controller-Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.82 - NVIDIA Corporation)

NVIDIA GeForce Experience 1.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8 - NVIDIA Corporation)

NVIDIA Grafiktreiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden

NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden

NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)

NVIDIA ShadowPlay 10.10.5 (Version: 10.10.5 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3182 - NVIDIA Corporation) Hidden

NVIDIA Systemsteuerung 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden

NVIDIA Update 10.10.5 (Version: 10.10.5 - NVIDIA Corporation) Hidden

NVIDIA Update Core (Version: 10.10.5 - NVIDIA Corporation) Hidden

NVIDIA Virtual Audio 1.2.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.12 - NVIDIA Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6971 - Realtek Semiconductor Corp.)

SHIELD Streaming (Version: 1.6.75 - NVIDIA Corporation) Hidden

Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)

Sniper Elite: Zombie Army (HKLM-x32\...\Steam App 235700) (Version:  - Rebellion)

Sniper Elite: Zombie Army 2 (HKLM-x32\...\Steam App 247930) (Version:  - Rebellion)

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.171.34768 - SteelSeries)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)

The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)

Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version:  - Ubisoft Singapore)

Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.00 - Ubisoft)

Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)

VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden

Vegas Pro 12.0 (64-bit) (HKLM\...\{BE94768F-5232-11E3-BD78-F04DA23A5C58}) (Version: 12.0.770 - Sony)

VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)

WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

WPM18.8.0.212 (HKLM-x32\...\WPM) (Version: 18.8.0.212 - Cherished Technololgy LIMITED) <==== ATTENTION
 

==================== Restore Points  =========================
 

07-06-2014 17:12:20 Geplanter Prüfpunkt

08-06-2014 09:22:41 DirectX wurde installiert

08-06-2014 15:51:07 Removed Vegas Pro 12.0 (64-bit)

08-06-2014 16:09:53 Removed Vegas Pro 12.0 (64-bit)

20-06-2014 13:45:50 Geplanter Prüfpunkt
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {7D49358C-55B8-4C6C-B295-E70725125544} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-31] (Adobe Systems Incorporated)

Task: {870D26A0-66C9-4604-AA36-F9E9A6A9D46A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-17] (Google Inc.)

Task: {AD125081-7A73-43AD-9701-B5C65B42D65C} - System32\Tasks\FF Watcher {ED9A41AF-730A-47FF-9DBC-ABE9E7AC2D22} => C:\Program Files\V-bates\PrefHelper.exe

Task: {B2891B86-717A-483B-B6CD-0AE3A23505AD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)

Task: {C8455E10-39F3-4FF9-9ADE-5BC260747D54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-17] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FF Watcher {ED9A41AF-730A-47FF-9DBC-ABE9E7AC2D22}.job => C:\Program Files\V-bates\PrefHelper.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-11-16 21:15 - 2012-10-29 09:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe

2013-11-16 21:39 - 2013-11-11 17:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2013-11-23 17:18 - 2014-03-01 13:42 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-06-11 05:33 - 2014-06-11 05:33 - 02019840 _____ () C:\Program Files (x86)\Security Updates Service\winupdsvc.exe

2013-11-05 19:19 - 2013-11-05 19:19 - 00708096 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll

2013-11-05 19:19 - 2013-11-05 19:19 - 00175104 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll

2013-12-07 20:31 - 2013-12-07 20:31 - 00089915 _____ () C:\Users\Max\AppData\Local\Temp\10d2ca4a-28d7-4d81-8c1e-dc42bb6c83fc\CliSecureRT64.dll

2013-11-05 19:19 - 2013-11-05 19:19 - 00280064 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll

2013-11-05 19:19 - 2013-11-05 19:19 - 00139776 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll

2013-11-05 19:19 - 2013-11-05 19:19 - 00148480 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll

2013-11-05 19:19 - 2013-11-05 19:19 - 00145408 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll

2013-01-10 07:46 - 2013-01-10 07:46 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll

2013-11-05 19:19 - 2013-11-05 19:19 - 09562112 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll

2013-01-10 07:46 - 2013-01-10 07:46 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll

2013-11-05 19:19 - 2013-11-05 19:19 - 00209408 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CustomWPFColorPicker.dll

2013-11-05 19:19 - 2013-11-05 19:19 - 00349696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll

2013-11-05 19:19 - 2013-11-05 19:19 - 00171008 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll

2013-11-05 19:19 - 2013-11-05 19:19 - 00173056 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll

2013-11-05 19:19 - 2013-11-05 19:19 - 00171008 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll

2013-11-05 19:19 - 2013-11-05 19:19 - 00307200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll

2013-11-05 19:19 - 2013-11-05 19:19 - 00154624 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll

2013-11-05 19:19 - 2013-11-05 19:19 - 00170496 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll

2013-11-05 19:19 - 2013-11-05 19:19 - 00169472 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll

2013-11-05 19:19 - 2013-11-05 19:19 - 00169984 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll

2013-11-05 19:19 - 2013-11-05 19:19 - 00157184 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll

2013-11-05 19:19 - 2013-11-05 19:19 - 00170496 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll

2013-11-05 19:19 - 2013-11-05 19:19 - 00169984 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll

2014-04-09 21:48 - 2014-06-21 10:19 - 00317720 _____ () C:\Program Files (x86)\HypeNet\updateHypeNet.exe

2014-04-11 18:56 - 2014-06-21 10:20 - 00317720 _____ () C:\Program Files (x86)\HypeNet\bin\utilHypeNet.exe

2014-04-11 19:26 - 2014-06-21 00:27 - 00096536 _____ () C:\Program Files (x86)\HypeNet\bin\HypeNet.BrowserAdapter.exe

2014-05-23 23:47 - 2014-06-09 12:08 - 00287000 _____ () C:\Program Files (x86)\HypeNet\bin\HypeNet.PurBrowse64.exe

2014-06-21 10:25 - 2014-06-21 10:25 - 00050477 _____ () C:\Users\Max\Desktop\Defogger.exe

2013-11-16 21:15 - 2014-06-21 10:12 - 00031232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll

2013-11-16 21:15 - 2012-05-07 18:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll

2014-04-11 19:26 - 2014-06-21 00:27 - 00183576 _____ () C:\Program Files (x86)\HypeNet\bin\HypeNetBAApp.dll

2014-06-13 16:55 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll

2014-06-13 16:55 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll

2014-06-13 16:55 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll

2014-06-13 16:55 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll

2014-06-13 16:55 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

2013-11-16 21:24 - 2013-03-12 14:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

2014-06-13 16:55 - 2014-06-05 15:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== EXE Association (whitelisted) =============
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 
 

==================== Faulty Device Manager Devices =============
 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft-Teredo-Tunneling-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (06/21/2014 10:14:17 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/20/2014 03:59:56 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7abf9

Name des fehlerhaften Moduls: WMALFXGFXDSP.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be0e3

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0000000000002679

ID des fehlerhaften Prozesses: 0x450

Startzeit der fehlerhaften Anwendung: 0xAUDIODG.EXE0

Pfad der fehlerhaften Anwendung: AUDIODG.EXE1

Pfad des fehlerhaften Moduls: AUDIODG.EXE2

Berichtskennung: AUDIODG.EXE3
 

Error: (06/20/2014 03:21:10 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 540
 

Startzeit: 01cf8c8a24e71a67
 

Endzeit: 0
 

Anwendungspfad: D:\Programme\League of Legends\RADS\system\rads_user_kernel.exe
 

Berichts-ID: bcc5186c-f87d-11e3-9f27-d850e64bcc19
 

Error: (06/20/2014 03:18:50 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/15/2014 01:06:41 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/15/2014 01:30:46 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/14/2014 11:40:27 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/13/2014 03:59:41 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/09/2014 07:06:01 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/09/2014 01:02:19 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (06/21/2014 10:12:32 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
 

Error: (06/20/2014 08:24:08 PM) (Source: BROWSER) (EventID: 8032) (User: )

Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{280D77AA-DA65-42CB-ABBC-D8B19806795C}" zu oft fehl.

Der Sicherungssuchdienst wird beendet.
 

Error: (06/20/2014 03:18:39 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
 

Error: (06/15/2014 01:06:37 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
 

Error: (06/15/2014 01:30:34 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
 

Error: (06/14/2014 11:40:23 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
 

Error: (06/13/2014 03:59:34 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
 

Error: (06/09/2014 07:06:00 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
 

Error: (06/09/2014 01:02:15 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: ComputerstandardLokalAktivierung{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
 

Error: (06/08/2014 10:36:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
 
 

Microsoft Office Sessions:

=========================

Error: (06/21/2014 10:14:17 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/20/2014 03:59:56 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: AUDIODG.EXE6.1.7601.175144ce7abf9WMALFXGFXDSP.dll6.1.7600.163854a5be0e3c0000005000000000000267945001cf8c8a1fc3740aC:\Windows\system32\AUDIODG.EXEC:\Windows\system32\WMALFXGFXDSP.dll28a13c7a-f883-11e3-9f27-d850e64bcc19
 

Error: (06/20/2014 03:21:10 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: rads_user_kernel.exe0.0.0.054001cf8c8a24e71a670D:\Programme\League of Legends\RADS\system\rads_user_kernel.exebcc5186c-f87d-11e3-9f27-d850e64bcc19
 

Error: (06/20/2014 03:18:50 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/15/2014 01:06:41 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/15/2014 01:30:46 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/14/2014 11:40:27 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/13/2014 03:59:41 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/09/2014 07:06:01 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (06/09/2014 01:02:19 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 18%

Total physical RAM: 16321.83 MB

Available physical RAM: 13355.95 MB

Total Pagefile: 32641.86 MB

Available Pagefile: 29296.15 MB

Total Virtual: 8192 MB

Available Virtual: 8191.8 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:111.69 GB) (Free:11.11 GB) NTFS

Drive d: (Lokaler Datenträger) (Fixed) (Total:931.51 GB) (Free:518.88 GB) NTFS

Drive f: (GW2_DVD2) (CDROM) (Total:4.8 GB) (Free:0 GB) UDF
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2DCF3411)

Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 7419F44A)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

hi,

Adware & Co. deinstallieren

Lade Dir bitte von hier http://deeprybka.trojaner-board.de/b...ninstaller.pngRevo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:
http://deeprybka.trojaner-board.de/b.../revo/add1.png
diesen Zusatz haben:
http://deeprybka.trojaner-board.de/b...e/revo/att.PNG
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
http://deeprybka.trojaner-board.de/b.../uninstall.PNG http://deeprybka.trojaner-board.de/b...o/moderat2.PNG
Reste löschen:
Klicke auf http://deeprybka.trojaner-board.de/b.../selectall.PNG dann auf http://deeprybka.trojaner-board.de/b...evo/delete.PNG und dann auf http://deeprybka.trojaner-board.de/b...evo/weiter.PNG.

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo
Erstmal danke für die schnelle Antwort. Ich habe alle Schritte so ausgefürht wie gesagt leider konnte ich mit dem Revo Uninstaller nur eins der beiden Programme finden, also hab ich einfach weitergemacht. HypeNet konnte ich nicht finden falls dass irgendwie hilft. Das Problem besteht auch weiterhin.

ComboFix:

Code:

ComboFix 14-06-21.02 - Max 21.06.2014  13:09:56.1.8 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.16322.13688 [GMT 2:00]

ausgeführt von:: c:\users\Max\Desktop\ComboFix.exe

AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}

SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Java\jre7\bin\jp2ssv.dll

c:\programdata\Setup_EZ_YouTube_Video_Downloader_v1.1.5.exe

c:\programdata\Setup_EZ_YouTube_Video_Downloader_v1.1.7.exe

c:\programdata\Setup_EZ_YouTube_Video_Downloader_v1.1.8.exe

c:\programdata\Setup_EZ_YouTube_Video_Downloader_v1.1.9.exe

c:\programdata\yvd_chrome_se.exe

c:\programdata\yvd_firefox_se.exe

c:\programdata\yvd_ie_se.exe

c:\users\Max\AppData\Local\Microsoft\Windows\Temporary Internet Files\HypeNet_iels

c:\users\Max\AppData\Local\Temp\10d2ca4a-28d7-4d81-8c1e-dc42bb6c83fc\CliSecureRT64.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-05-21 bis 2014-06-21  ))))))))))))))))))))))))))))))

.

.

2014-06-21 11:11 . 2014-06-21 11:11        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-06-21 10:59 . 2014-06-21 10:59        --------        d-----w-        c:\program files (x86)\VS Revo Group

2014-06-21 08:45 . 2014-06-21 08:46        --------        d-----w-        C:\FRST

2014-06-15 14:07 . 2014-06-15 14:07        --------        d-----w-        c:\users\Max\AppData\Local\EZ YouTube Video Downloader

2014-06-15 11:06 . 2014-06-15 11:06        --------        d-----w-        c:\users\Max\AppData\Local\ChromeTabExtension

2014-06-14 09:41 . 2014-06-09 10:08        61112        ----a-w-        c:\windows\system32\drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}w64.sys

2014-06-08 16:15 . 2014-06-08 16:15        --------        d-----w-        C:\Fraps

2014-06-08 16:12 . 2014-06-08 16:12        --------        d-----w-        c:\users\Max\AppData\Roaming\Publish Providers

2014-06-08 16:11 . 2014-06-08 16:11        --------        d-----w-        c:\program files\Sony

2014-06-08 16:11 . 2014-06-08 16:11        --------        d-----w-        c:\program files (x86)\Sony

2014-06-08 15:58 . 2014-06-08 16:11        --------        d-----w-        c:\users\Max\AppData\Local\Sony

2014-06-08 15:43 . 2014-06-08 16:11        --------        d-----w-        c:\programdata\Sony

2014-06-08 15:42 . 2014-06-08 16:12        --------        d-----w-        c:\users\Max\AppData\Roaming\Sony

2014-06-08 09:22 . 2014-06-08 09:22        --------        d-----w-        c:\users\Max\AppData\Local\Ubisoft

2014-05-28 16:48 . 2014-05-28 16:48        --------        d-----w-        c:\users\Max\AppData\Roaming\Wargaming.net

2014-05-24 11:23 . 2014-05-24 11:23        --------        d-----w-        c:\users\Max\AppData\Roaming\Guild Wars 2

2014-05-23 21:47 . 2014-05-22 16:18        61112        ----a-w-        c:\windows\system32\drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}Gw64.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-06-06 18:16 . 2014-04-07 10:00        130584        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2014-06-06 18:16 . 2014-04-07 10:00        112080        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2014-05-31 11:56 . 2013-11-16 19:58        70832        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-05-31 11:56 . 2013-11-16 19:58        692400        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2014-04-25 12:49 . 2014-05-09 11:09        20312        ----a-w-        c:\windows\system32\roboot64.exe

2014-04-15 17:11 . 2013-11-23 15:18        214392        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2014-04-14 21:29 . 2014-04-14 21:29        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-04-11 09:02 . 2014-04-11 09:03        84720        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]

2014-04-11 02:07        513648        ----a-w-        c:\program files (x86)\SupTab\SupTab.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SteelSeries Engine"="c:\program files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" [2013-11-05 242688]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-06-06 737872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

c:\users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Curse.lnk - c:\users\Max\AppData\Roaming\Curse Client\Bin\Curse.exe /startup [2014-4-23 8529160]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 IePluginService;IePlugin Service;c:\programdata\IePluginService\PluginService.exe;c:\programdata\IePluginService\PluginService.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]

S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S1 {b1ce3ece-1927-4e6e-b064-2f9628964a7a}Gw64;{b1ce3ece-1927-4e6e-b064-2f9628964a7a}Gw64;c:\windows\system32\drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}Gw64.sys;c:\windows\SYSNATIVE\drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}Gw64.sys [x]

S1 {b1ce3ece-1927-4e6e-b064-2f9628964a7a}w64;{b1ce3ece-1927-4e6e-b064-2f9628964a7a}w64;c:\windows\system32\drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}w64.sys;c:\windows\SYSNATIVE\drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}w64.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [x]

S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]

S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]

S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 Security Updates Service;Security Updates Service;c:\program files (x86)\Security Updates Service\winupdsvc.exe;c:\program files (x86)\Security Updates Service\winupdsvc.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 Update HypeNet;Update HypeNet;c:\program files (x86)\HypeNet\updateHypeNet.exe;c:\program files (x86)\HypeNet\updateHypeNet.exe [x]

S2 Util HypeNet;Util HypeNet;c:\program files (x86)\HypeNet\bin\utilHypeNet.exe;c:\program files (x86)\HypeNet\bin\utilHypeNet.exe [x]

S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]

S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]

S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys;c:\windows\SYSNATIVE\DRIVERS\SAlpham64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-06-13 14:54        1091912        ----a-w-        c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2014-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-16 11:56]

.

2014-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-17 12:14]

.

2014-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-17 12:14]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-07-06 7192792]

"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]

"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-29 1096480]

"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-11-29 2273056]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPAQtnBgxwlmUcv8eI13Fy51n8-1q9LK65Y0ixZ4-5fW3qrdz-7DKire2vxYieHb

mDefault_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383&q={searchTerms}

mDefault_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383

mStart Page = hxxp://start.qone8.com/?type=hp&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = hxxp://www.qone8.com/web/?type=ds&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383&q={searchTerms}

uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPxaISMkHdlmbcGktBgceMVIus_zJpLlGeicNvhaZXGmtPuVNQxpia1TPSXHrvFg&q={searchTerms}

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\

FF - prefs.js: browser.search.selectedEngine - wow search

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://wow.utop.it/?q={searchTerms}

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2014-06-21  13:13:28

ComboFix-quarantined-files.txt  2014-06-21 11:13

.

Vor Suchlauf: 10 Verzeichnis(se), 11.888.103.424 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 12.692.672.512 Bytes frei

.

- - End Of File - - 162B630BF1B7CB138FE72119A6986291

A36C5E4F47E84449FF07ED3517B43A31

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

MBAM:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 22.06.2014

Suchlauf-Zeit: 10:49:55

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.2.1012

Malware Datenbank: v2014.06.22.01

Rootkit Datenbank: v2014.06.20.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Self-protection: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: Max
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 272931

Verstrichene Zeit: 3 Min, 59 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristics: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 6

PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, 1356, Löschen bei Neustart, [17624f2c413a8aacb8ca3426f30e7090]

PUP.Optional.WindowsUpdateService.A, C:\Program Files (x86)\Security Updates Service\winupdsvc.exe, 2348, Löschen bei Neustart, [9edb2a51700b83b3cd8724258a76a55b]

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\updateHypeNet.exe, 2516, Löschen bei Neustart, [5d1c05765a2178bea9b20e56c8397c84]

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\utilHypeNet.exe, 2824, Löschen bei Neustart, [6c0d245732493bfb0556560ef60be21e]

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\HypeNet.BrowserAdapter.exe, 5928, Löschen bei Neustart, [24550675bbc064d2de24a71b4ab854ac]

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\HypeNet.PurBrowse64.exe, 5076, Löschen bei Neustart, [24550675bbc064d2de24a71b4ab854ac]
 

Module: 3

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\HypeNetBAApp.dll, Löschen bei Neustart, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}.dll, Löschen bei Neustart, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}.dll, Löschen bei Neustart, [24550675bbc064d2de24a71b4ab854ac], 
 

Registrierungsschlüssel: 32

PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService, In Quarantäne, [17624f2c413a8aacb8ca3426f30e7090], 

PUP.Optional.WindowsUpdateService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Security Updates Service, In Quarantäne, [9edb2a51700b83b3cd8724258a76a55b], 

PUP.Optional.HypeNet.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update HypeNet, In Quarantäne, [5d1c05765a2178bea9b20e56c8397c84], 

PUP.Optional.HypeNet.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util HypeNet, In Quarantäne, [6c0d245732493bfb0556560ef60be21e], 

PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [750487f488f3ba7c53579edd010160a0], 

PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [750487f488f3ba7c53579edd010160a0], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [96e3d0ab7803e056edb0ab9b10f2728e], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [96e3d0ab7803e056edb0ab9b10f2728e], 

PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, In Quarantäne, [9adfbac159229f970f958bbd56ac11ef], 

PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, In Quarantäne, [9adfbac159229f970f958bbd56ac11ef], 

PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, In Quarantäne, [9adfbac159229f970f958bbd56ac11ef], 

PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, In Quarantäne, [9adfbac159229f970f958bbd56ac11ef], 

PUP.Optional.WowSearch.A, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}, Löschen bei Neustart, [40398af18fec5cdae78877ce9a683bc5], 

PUP.Optional.WowSearch.A, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB2C1CC-4A7D-4CD5-BCE9-0CA5F9FF8391}, Löschen bei Neustart, [40398af18fec5cdae78877ce9a683bc5], 

PUP.Optional.WowSearch.A, HKU\S-1-5-21-3157235878-4259759608-4195695675-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB2C1CC-4A7D-4CD5-BCE9-0CA5F9FF8391}, Löschen bei Neustart, [40398af18fec5cdae78877ce9a683bc5], 

PUP.Optional.WowSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB2C1CC-4A7D-4CD5-BCE9-0CA5F9FF8391}, In Quarantäne, [40398af18fec5cdae78877ce9a683bc5], 

PUP.Optional.WowSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB2C1CC-4A7D-4CD5-BCE9-0CA5F9FF8391}, In Quarantäne, [40398af18fec5cdae78877ce9a683bc5], 

PUP.Optional.HypeNet.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HypeNet, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{ac225167-00fc-452d-94c5-bb93600e7d9a}, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [adcc691267141125622e4c9f3bc8a55b], 

PUP.Optional.HypeNet.A, HKLM\SOFTWARE\WOW6432NODE\HypeNet, In Quarantäne, [5a1f0279ccaf3afc8e760bb739c94bb5], 

PUP.Optional.Qone8.A, HKLM\SOFTWARE\WOW6432NODE\qone8Software, In Quarantäne, [1f5aaecda2d97bbbe55843a7897add23], 

PUP.Optional.HypeNet.A, HKU\S-1-5-21-3157235878-4259759608-4195695675-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\HypeNet, Löschen bei Neustart, [cbae7cff1962d75fa45f923043bf7789], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-3157235878-4259759608-4195695675-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Löschen bei Neustart, [502933483447fa3cd0f2ccfd49b99b65], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-3157235878-4259759608-4195695675-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Löschen bei Neustart, [19603348f18ae155349d8e51946f857b], 
 

Registrierungswerte: 7

PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, In Quarantäne, [0574304b9dde49edd245fd4b7a883dc3], 

PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, In Quarantäne, [0574304b9dde49edd245fd4b7a883dc3]

PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, In Quarantäne, [0574304b9dde49edd245fd4b7a883dc3]

PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, In Quarantäne, [0970d7a44d2e290d9d7a1b2d936f7090], 

PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com, In Quarantäne, [0871d3a89fdc9d99686d6954ff03ca36]

PUP.Optional.InstallCore.A, HKU\S-1-5-21-3157235878-4259759608-4195695675-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X2O1C0R2R1R, Löschen bei Neustart, [19603348f18ae155349d8e51946f857b]

PUP.Optional.QuickStart.A, HKU\S-1-5-21-3157235878-4259759608-4195695675-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, Löschen bei Neustart, [5f1ae497d9a2d066b6e0d3d325dd6997]
 

Registrierungsdaten: 8

Hijack.StartPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.qone8.com/?type=hp&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383, Gut: (hxxp://www.google.com), Schlecht: (hxxp://start.qone8.com/?type=hp&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383),Ersetzt,[8aef9cdff388f14558dfceaa30d453ad]

Hijack.StartPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://start.qone8.com/?type=hp&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383, Gut: (hxxp://www.google.com), Schlecht: (hxxp://start.qone8.com/?type=hp&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383),Ersetzt,[78016615611ac76f41f8c4b452b246ba]

Hijack.StartPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.qone8.com/?type=hp&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383, Gut: (hxxp://www.google.com), Schlecht: (hxxp://start.qone8.com/?type=hp&ts=1397231746&from=sien&uid=WDCXWD10EZRX-22L4HB0_WD-WCC4J096138361383),Ersetzt,[10695c1f0c6fc96dbd7a0e6a1de703fd]

PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPxaISMkHdlmbcGktBgceMVIus_zJpLlGeicNvhaZXGmtPuVNQxpia1TPSXHrvFn&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPxaISMkHdlmbcGktBgceMVIus_zJpLlGeicNvhaZXGmtPuVNQxpia1TPSXHrvFn&q={searchTerms}),Ersetzt,[d3a6fa81e695dd597e5eafc8f60e8878]

PUP.Optional.Snapdo, HKU\S-1-5-21-3157235878-4259759608-4195695675-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPAQtnBgxwlmUcv8eI13Fy51n8-1q9LK65Y0ixZ4-5fW3qrdz-7DKire2vxYieHb, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPAQtnBgxwlmUcv8eI13Fy51n8-1q9LK65Y0ixZ4-5fW3qrdz-7DKire2vxYieHb),Löschen bei Neustart,[3148dba09fdcce68e1625a270cf831cf]

PUP.Optional.Snapdo, HKU\S-1-5-21-3157235878-4259759608-4195695675-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPxaISMkHdlmbcGktBgceMVIus_zJpLlGeicNvhaZXGmtPuVNQxpia1TPSXHrvFg&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPxaISMkHdlmbcGktBgceMVIus_zJpLlGeicNvhaZXGmtPuVNQxpia1TPSXHrvFg&q={searchTerms}),Löschen bei Neustart,[7702cdae047763d3c282275ac53f16ea]

PUP.Optional.Snapdo, HKU\S-1-5-21-3157235878-4259759608-4195695675-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPxaISMkHdlmbcGktBgceMVIus_zJpLlGeicNvhaZXGmtPuVNQxpia1TPSXHrvFg&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPxaISMkHdlmbcGktBgceMVIus_zJpLlGeicNvhaZXGmtPuVNQxpia1TPSXHrvFg&q={searchTerms}),Löschen bei Neustart,[1f5a3b405a21e3534ff6f78a51b312ee]

PUP.Optional.SnapDo.A, HKU\S-1-5-21-3157235878-4259759608-4195695675-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPxaISMkHdlmbcGktBgceMVIus_zJpLlGeicNvhaZXGmtPuVNQxpia1TPSXHrvFg&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPxaISMkHdlmbcGktBgceMVIus_zJpLlGeicNvhaZXGmtPuVNQxpia1TPSXHrvFg&q={searchTerms}),Löschen bei Neustart,[007989f2fd7ec076b627b1c68c788e72]
 

Ordner: 65

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet, Löschen bei Neustart, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin, Löschen bei Neustart, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\plugins, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\TEMP, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.RegCleanerPro.A, C:\Users\Max\AppData\Roaming\Systweak\RegClean Pro, In Quarantäne, [4138730834470036f320721d2dd5c23e], 

PUP.Optional.RegCleanerPro.A, C:\Users\Max\AppData\Roaming\Systweak\RegClean Pro\Version 6.1, In Quarantäne, [4138730834470036f320721d2dd5c23e], 

PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, Löschen bei Neustart, [4138dc9fc3b8bc7a12439af7d52df808], 

PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [4138dc9fc3b8bc7a12439af7d52df808], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\content, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\content\include, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\content\include\tools, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\content\js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\en, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\en-US, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\es, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\es-419, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\fr, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\fr-BE, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\fr-CA, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\fr-CH, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\fr-LU, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\it, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\it-CH, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\pl, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\pt-BR, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\ru, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\ru-MO, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\tr, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\vi, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\zh-CN, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\zh-TW, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\skin, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\skin\weather, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\defaults, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\defaults\preferences, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\modules, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.SecurityUpdatesService.A, C:\Program Files (x86)\Security Updates Service, Löschen bei Neustart, [caaf1368de9d1b1b147410939b6736ca], 
 

Dateien: 151

PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Löschen bei Neustart, [17624f2c413a8aacb8ca3426f30e7090], 

PUP.Optional.WindowsUpdateService.A, C:\Program Files (x86)\Security Updates Service\winupdsvc.exe, Löschen bei Neustart, [9edb2a51700b83b3cd8724258a76a55b], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\updateHypeNet.exe, Löschen bei Neustart, [5d1c05765a2178bea9b20e56c8397c84], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\utilHypeNet.exe, Löschen bei Neustart, [6c0d245732493bfb0556560ef60be21e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [96e3d0ab7803e056edb0ab9b10f2728e], 

PUP.Optional.SupTab.A, C:\Users\Max\AppData\Roaming\SupTab\SupTab.dll, In Quarantäne, [4c2da4d7d8a374c2f46ca293b34d37c9], 

PUP.Optional.Superfish.A, C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Löschen bei Neustart, [5b1e9fdc6d0e04324aaf58582fd30ef2], 

PUP.Optional.Superfish.A, C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [e594601bc5b690a6906989276c96dd23], 

PUP.Optional.WebSearch.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\searchplugins\Web Search.xml, In Quarantäne, [8ced2e4d72092f0730a23788986ad42c], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\HypeNet.ico, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\0, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\7za.exe, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\HypeNetUn.exe, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\HypeNetUninstall.exe, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\updateHypeNet.InstallState, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\7za.exe, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\BrowserAdapterS.7z, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\HypeNet.BrowserAdapter.exe, Löschen bei Neustart, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\HypeNet.PurBrowse.zip, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\HypeNet.PurBrowse64.exe, Löschen bei Neustart, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\HypeNet.PurBrowseG.zip, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\HypeNetBAApp.dll, Löschen bei Neustart, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\sqlite3.dll, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\utilHypeNet.InstallState, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}.dll, Löschen bei Neustart, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\plugins\HypeNet.Bromon.dll, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\plugins\HypeNet.BroStats.dll, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\plugins\HypeNet.BrowserAdapterS.dll, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\plugins\HypeNet.CompatibilityChecker.dll, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\plugins\HypeNet.FFUpdate.dll, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\plugins\HypeNet.IEUpdate.dll, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\plugins\HypeNet.PurBrowse.dll, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\plugins\HypeNet.PurBrowseG.dll, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.HypeNet.A, C:\Program Files (x86)\HypeNet\bin\plugins\HypeNet.Repmon.dll, In Quarantäne, [24550675bbc064d2de24a71b4ab854ac], 

PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [58214b3082f9a492a00feed5e61c40c0], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\search.png, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\sliders.png, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [d4a5c1ba3744db5b43432a9ce51d06fa], 

PUP.Optional.Qone8.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\qone8.xml, In Quarantäne, [d5a495e62b505dd941fbdd0d788bd62a], 

PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, In Quarantäne, [4138dc9fc3b8bc7a12439af7d52df808], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome.manifest, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\install.rdf, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\content\index.html, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\content\quick_start.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\content\js\common.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\content\js\doT.min.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\content\js\ga.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\content\js\jquery-2.1.0.min.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\content\js\jquery.autocomplete.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\content\js\js.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\content\js\xagainit.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\skin\arrow.png, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\skin\default_add_logo.png, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\skin\default_add_logo_hover.png, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\skin\googlelogo2.png, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\skin\icon.png, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\skin\loading.gif, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\skin\logo.ico, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\skin\logo.png, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\skin\logo32.ico, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\skin\style.css, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\chrome\skin\weather\0.png, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\modules\addonmanager.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\modules\aes.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\modules\config.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\modules\dialogs.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\modules\last_tab.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\modules\misc.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\modules\properties.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\modules\remoterequest.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\modules\restoreprefs.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.QuickStart.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\extensions\quick_start@gmail.com\modules\settings.js, In Quarantäne, [4f2a0873116aa096b24414802cd6d12f], 

PUP.Optional.SecurityUpdatesService.A, C:\Program Files (x86)\Security Updates Service\search_checker.exe, In Quarantäne, [caaf1368de9d1b1b147410939b6736ca], 

PUP.Optional.Snapdo.A, C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (   "homepage": "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPAQtnBgxwlmUcv8eI13Fy51n8-1q9LK65Y0ixZ4-5fW3qrdz-7DKire2vxYieHb",), Ersetzt,[3940dd9ec4b732043139832ca06407f9]

PUP.Optional.WowSearch.A, C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://wow.utop.it/?q={searchTerms}");), Ersetzt,[d9a00f6c19623105ffbda30c27ddc23e]
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

AdwCleaner:

Code:

# AdwCleaner v3.212 - Bericht erstellt am 22/06/2014 um 11:00:14

# Aktualisiert 05/06/2014 von Xplode

# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)

# Benutzername : Max - MAX-PC

# Gestartet von : C:\Users\Max\Desktop\adwcleaner_3.212.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\Program Files (x86)\FreeRIP

Ordner Gelöscht : C:\Program Files (x86)\RegClean Pro

Ordner Gelöscht : C:\Users\Max\AppData\Roaming\qone8

Ordner Gelöscht : C:\Users\Max\AppData\Roaming\SupTab

Ordner Gelöscht : C:\Users\Max\AppData\Roaming\Systweak

Datei Gelöscht : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

Datei Gelöscht : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FreeRIP3_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKCU\Software\systweak

Schlüssel Gelöscht : HKLM\Software\IePlugin

Schlüssel Gelöscht : HKLM\Software\SupTab

Schlüssel Gelöscht : HKLM\Software\supWPM

Schlüssel Gelöscht : HKLM\Software\systweak

Schlüssel Gelöscht : HKLM\Software\Wpm

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
 

***** [ Browser ] *****
 

-\\ Internet Explorer v8.0.7601.17514
 

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
 

-\\ Mozilla Firefox v29.0.1 (de)
 

[ Datei : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\prefs.js ]
 

Zeile gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
 

-\\ Google Chrome v35.0.1916.153
 

[ Datei : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 

Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPxaISMkHdlmbcGktBgceMVIus_zJpLlGeicNvhaZXGmtPuVNQxpia1TPSXHrvFn&q={searchTerms}

Gelöscht [Homepage] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPHRo0PyGG1_Kxr4dEqi2tMc9XvzeUiwAdwAQWGgFfaATxqSEOj-zgOl4nGHu2dbgC4ZyyEXkQsG9Ob3y4nN29Z3ayUwXcFkZfPB_dAhPAQtnBgxwlmUcv8eI13Fy51n8-1q9LK65Y0ixZ4-5fW3qrdz-7DKire2vxYieHb
 

*************************
 

AdwCleaner[R0].txt - [4858 octets] - [22/06/2014 10:59:41]

AdwCleaner[S0].txt - [4322 octets] - [22/06/2014 11:00:14]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4382 octets] ##########

JRT:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Ultimate x64

Ran by Max on 22.06.2014 at 11:02:10,83

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\ojkhbsfc.default\minidumps [37 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 22.06.2014 at 11:04:19,46

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01

Ran by Max (administrator) on MAX-PC on 22-06-2014 11:06:45

Running from C:\Users\Max\Desktop

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 8

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-06] (Realtek Semiconductor)

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1096480 2013-11-29] (NVIDIA Corporation)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-06] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKU\S-1-5-21-3157235878-4259759608-4195695675-1000\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [242688 2013-11-05] (SteelSeries ApS)

Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk

ShortcutTarget: Curse.lnk -> C:\Users\Max\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6D9B2C8A02E3CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL = 

SearchScopes: HKLM-x32 - DefaultScope value is missing.

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File

BHO-x32: EZ YouTube Video Downloader 1.0 - {FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A} - C:\Program Files (x86)\EZ YouTube Video Downloader\yvd.dll (XtensionPlus)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default

FF NewTab: chrome://quick_start/content/index.html

FF DefaultSearchEngine: wow search

FF SearchEngineOrder.1: wow search

FF SelectedSearchEngine: wow search

FF Homepage: hxxp://www.facebook.com/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\searchplugins\search_engine.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-16]

FF HKLM\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}

FF Extension: EZ YouTube Video Downloader - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B} [2014-04-13]

FF HKLM-x32\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}

FF Extension: EZ YouTube Video Downloader - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B} [2014-04-13]
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR StartupUrls: "hxxp://google.de/", "hxxp://www.twitch.tv/marcelamariaeuw"

CHR NewTab: "chrome-extension://mnhlhlpdiiefbhhmoljklbejhnlgniop/index.html"

CHR DefaultSearchKeyword: wow.utop.it

CHR DefaultSearchProvider: wow search

CHR DefaultSearchURL: hxxp://wow.utop.it/?q={searchTerms}

CHR DefaultNewTabURL: 

CHR Extension: (Google Docs) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-02]

CHR Extension: (Google Drive) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-02]

CHR Extension: (YouTube) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-02]

CHR Extension: (Google-Suche) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-02]

CHR Extension: (AdBlock) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-01]

CHR Extension: (Google Wallet) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-02]

CHR Extension: (Google Mail) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-02]

CHR Extension: (Tab Plus) - C:\Users\Max\AppData\Local\ChromeTabExtension [2014-06-15]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-06] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-06] (Avira Operations GmbH & Co. KG)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-02-07] () [File not signed]

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)

R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-01-11] ()

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-01] ()
 

==================== Drivers (Whitelisted) ====================
 

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [47512 2013-01-10] (Asmedia Technology)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-06] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-06] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)

R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-27] (Intel Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)

R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

R1 {b1ce3ece-1927-4e6e-b064-2f9628964a7a}Gw64; C:\Windows\System32\drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}Gw64.sys [61112 2014-05-22] (StdLib)

R1 {b1ce3ece-1927-4e6e-b064-2f9628964a7a}w64; C:\Windows\System32\drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}w64.sys [61112 2014-06-09] (StdLib)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-06-22 11:06 - 2014-06-22 11:06 - 00014039 _____ () C:\Users\Max\Desktop\FRST.txt

2014-06-22 11:04 - 2014-06-22 11:04 - 00000819 _____ () C:\Users\Max\Desktop\JRT.txt

2014-06-22 11:02 - 2014-06-22 11:02 - 00000000 ____D () C:\Windows\ERUNT

2014-06-22 11:01 - 2014-06-22 11:01 - 00004474 _____ () C:\Users\Max\Desktop\AdwCleaner[S0].txt

2014-06-22 10:59 - 2014-06-22 11:00 - 00000000 ____D () C:\AdwCleaner

2014-06-22 10:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-06-22 10:58 - 2014-06-22 10:58 - 00049803 _____ () C:\Users\Max\Desktop\mbam.txt

2014-06-22 10:45 - 2014-06-22 10:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-22 10:44 - 2014-06-22 10:44 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-22 10:44 - 2014-06-22 10:44 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-22 10:44 - 2014-06-22 10:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-22 10:44 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-06-22 10:44 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-06-22 10:44 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-06-22 10:31 - 2014-06-22 10:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Max\Desktop\mbam-setup-2.0.2.1012.exe

2014-06-22 10:28 - 2014-06-22 11:05 - 00000000 ____D () C:\Users\Max\Desktop\AntiVir

2014-06-22 10:25 - 2014-06-22 10:27 - 01016261 _____ (Thisisu) C:\Users\Max\Desktop\JRT.exe

2014-06-22 10:25 - 2014-06-22 10:26 - 01333465 _____ () C:\Users\Max\Desktop\adwcleaner_3.212.exe

2014-06-21 13:13 - 2014-06-21 13:13 - 00013982 _____ () C:\ComboFix.txt

2014-06-21 13:09 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-06-21 13:09 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-06-21 13:09 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-06-21 13:09 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-06-21 13:09 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-06-21 13:09 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-06-21 13:09 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-06-21 13:09 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-06-21 13:08 - 2014-06-21 13:13 - 00000000 ____D () C:\Qoobox

2014-06-21 13:08 - 2014-06-21 13:12 - 00000000 ____D () C:\Windows\erdnt

2014-06-21 12:59 - 2014-06-21 12:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-06-21 10:45 - 2014-06-22 11:06 - 00000000 ____D () C:\FRST

2014-06-21 10:35 - 2014-06-21 10:36 - 02083328 _____ (Farbar) C:\Users\Max\Desktop\FRST64.exe

2014-06-21 10:34 - 2014-06-21 10:34 - 00000000 _____ () C:\Users\Max\defogger_reenable

2014-06-20 18:12 - 2014-06-22 10:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-06-15 16:07 - 2014-06-15 16:07 - 00000000 ____D () C:\Users\Max\AppData\Local\EZ YouTube Video Downloader

2014-06-15 13:06 - 2014-06-15 13:06 - 00000000 ____D () C:\Users\Max\AppData\Local\ChromeTabExtension

2014-06-14 11:41 - 2014-06-09 12:08 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}w64.sys

2014-06-08 18:15 - 2014-06-08 18:15 - 00000562 _____ () C:\Users\Public\Desktop\Fraps.lnk

2014-06-08 18:15 - 2014-06-08 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps

2014-06-08 18:15 - 2014-06-08 18:15 - 00000000 ____D () C:\Fraps

2014-06-08 18:12 - 2014-06-08 18:12 - 00001038 _____ () C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk

2014-06-08 18:12 - 2014-06-08 18:12 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Publish Providers

2014-06-08 18:12 - 2014-06-08 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

2014-06-08 18:11 - 2014-06-08 18:11 - 00000000 ____D () C:\Program Files\Sony

2014-06-08 18:11 - 2014-06-08 18:11 - 00000000 ____D () C:\Program Files (x86)\Sony

2014-06-08 18:02 - 2014-06-08 18:02 - 00000212 _____ () C:\Users\Max\Desktop\Magic 2014.url

2014-06-08 17:58 - 2014-06-08 18:11 - 00000000 ____D () C:\Users\Max\AppData\Local\Sony

2014-06-08 17:43 - 2014-06-08 18:11 - 00000000 ____D () C:\ProgramData\Sony

2014-06-08 17:42 - 2014-06-08 18:12 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Sony

2014-06-08 11:22 - 2014-06-08 11:22 - 00000000 ____D () C:\Users\Max\AppData\Local\Ubisoft

2014-06-01 15:31 - 2014-06-01 15:31 - 00000212 _____ () C:\Users\Max\Desktop\Tom Clancy's Ghost Recon Phantoms - EU.url

2014-05-31 13:56 - 2014-06-22 10:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-31 13:56 - 2014-05-31 13:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-05-28 22:30 - 2014-05-28 22:30 - 00000000 ____D () C:\Users\Max\Desktop\King

2014-05-28 18:48 - 2014-05-28 18:48 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Wargaming.net

2014-05-24 13:29 - 2014-05-24 13:29 - 00000658 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk

2014-05-24 13:29 - 2014-05-24 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2

2014-05-24 13:23 - 2014-05-24 13:23 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Guild Wars 2

2014-05-24 13:03 - 2014-05-24 13:23 - 00000000 ____D () C:\Users\Max\Documents\Guild Wars 2

2014-05-23 23:47 - 2014-05-22 18:18 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}Gw64.sys
 

==================== One Month Modified Files and Folders =======
 

2014-06-22 11:06 - 2014-06-22 11:06 - 00014039 _____ () C:\Users\Max\Desktop\FRST.txt

2014-06-22 11:06 - 2014-06-21 10:45 - 00000000 ____D () C:\FRST

2014-06-22 11:05 - 2014-06-22 10:28 - 00000000 ____D () C:\Users\Max\Desktop\AntiVir

2014-06-22 11:04 - 2014-06-22 11:04 - 00000819 _____ () C:\Users\Max\Desktop\JRT.txt

2014-06-22 11:02 - 2014-06-22 11:02 - 00000000 ____D () C:\Windows\ERUNT

2014-06-22 11:01 - 2014-06-22 11:01 - 00004474 _____ () C:\Users\Max\Desktop\AdwCleaner[S0].txt

2014-06-22 11:01 - 2013-11-28 19:24 - 00174074 _____ () C:\Windows\PFRO.log

2014-06-22 11:01 - 2013-11-17 14:14 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-22 11:01 - 2013-11-16 23:51 - 00049126 _____ () C:\Windows\setupact.log

2014-06-22 11:01 - 2013-11-16 21:39 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-06-22 11:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-22 11:00 - 2014-06-22 10:59 - 00000000 ____D () C:\AdwCleaner

2014-06-22 11:00 - 2013-11-16 21:15 - 00694059 _____ () C:\Windows\WindowsUpdate.log

2014-06-22 11:00 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-22 11:00 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-22 10:58 - 2014-06-22 10:58 - 00049803 _____ () C:\Users\Max\Desktop\mbam.txt

2014-06-22 10:56 - 2014-06-22 10:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-22 10:56 - 2013-11-17 04:04 - 00000000 ____D () C:\Windows\Panther

2014-06-22 10:54 - 2013-11-17 14:14 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-22 10:49 - 2014-05-31 13:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-22 10:44 - 2014-06-22 10:44 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-22 10:44 - 2014-06-22 10:44 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-22 10:44 - 2014-06-22 10:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-22 10:40 - 2014-06-22 10:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Max\Desktop\mbam-setup-2.0.2.1012.exe

2014-06-22 10:32 - 2014-05-16 14:32 - 00000000 ____D () C:\Users\Max\AppData\Roaming\vlc

2014-06-22 10:30 - 2014-04-23 18:08 - 00000000 ____D () C:\Users\Max\Desktop\Stronk

2014-06-22 10:27 - 2014-06-22 10:25 - 01016261 _____ (Thisisu) C:\Users\Max\Desktop\JRT.exe

2014-06-22 10:27 - 2014-06-20 18:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-06-22 10:26 - 2014-06-22 10:25 - 01333465 _____ () C:\Users\Max\Desktop\adwcleaner_3.212.exe

2014-06-22 10:16 - 2011-04-12 09:43 - 00696622 _____ () C:\Windows\system32\perfh007.dat

2014-06-22 10:16 - 2011-04-12 09:43 - 00147918 _____ () C:\Windows\system32\perfc007.dat

2014-06-22 10:16 - 2009-07-14 07:13 - 01612464 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-22 10:14 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini

2014-06-22 00:09 - 2013-11-16 23:47 - 00000000 ____D () C:\Users\Max\AppData\Roaming\TS3Client

2014-06-21 18:13 - 2014-05-01 01:59 - 00000000 ____D () C:\Users\Max\Desktop\Instalok

2014-06-21 18:13 - 2013-12-20 16:55 - 00000000 ____D () C:\Users\Max\Desktop\Musik

2014-06-21 14:11 - 2014-05-01 02:09 - 00000000 ____D () C:\Users\Max\Desktop\LoL

2014-06-21 14:11 - 2014-05-01 02:02 - 00000000 ____D () C:\Users\Max\Desktop\Charts

2014-06-21 14:11 - 2014-05-01 01:59 - 00000000 ____D () C:\Users\Max\Desktop\Mixes

2014-06-21 14:11 - 2014-03-24 13:53 - 00000000 ____D () C:\Users\Max\Desktop\Kollegah

2014-06-21 13:13 - 2014-06-21 13:13 - 00013982 _____ () C:\ComboFix.txt

2014-06-21 13:13 - 2014-06-21 13:08 - 00000000 ____D () C:\Qoobox

2014-06-21 13:12 - 2014-06-21 13:08 - 00000000 ____D () C:\Windows\erdnt

2014-06-21 13:12 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-06-21 12:59 - 2014-06-21 12:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-06-21 10:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-06-21 10:36 - 2014-06-21 10:35 - 02083328 _____ (Farbar) C:\Users\Max\Desktop\FRST64.exe

2014-06-21 10:34 - 2014-06-21 10:34 - 00000000 _____ () C:\Users\Max\defogger_reenable

2014-06-21 10:34 - 2013-11-16 21:08 - 00000000 ____D () C:\Users\Max

2014-06-20 16:49 - 2013-11-17 14:14 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-06-20 16:49 - 2013-11-17 14:14 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-06-15 16:07 - 2014-06-15 16:07 - 00000000 ____D () C:\Users\Max\AppData\Local\EZ YouTube Video Downloader

2014-06-15 13:06 - 2014-06-15 13:06 - 00000000 ____D () C:\Users\Max\AppData\Local\ChromeTabExtension

2014-06-15 13:06 - 2014-04-18 22:01 - 00761485 _____ () C:\ProgramData\ChromeTabExtension.crx

2014-06-13 23:27 - 2014-04-16 19:05 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Skype

2014-06-09 12:08 - 2014-06-14 11:41 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}w64.sys

2014-06-08 18:15 - 2014-06-08 18:15 - 00000562 _____ () C:\Users\Public\Desktop\Fraps.lnk

2014-06-08 18:15 - 2014-06-08 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps

2014-06-08 18:15 - 2014-06-08 18:15 - 00000000 ____D () C:\Fraps

2014-06-08 18:12 - 2014-06-08 18:12 - 00001038 _____ () C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk

2014-06-08 18:12 - 2014-06-08 18:12 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Publish Providers

2014-06-08 18:12 - 2014-06-08 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

2014-06-08 18:12 - 2014-06-08 17:42 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Sony

2014-06-08 18:11 - 2014-06-08 18:11 - 00000000 ____D () C:\Program Files\Sony

2014-06-08 18:11 - 2014-06-08 18:11 - 00000000 ____D () C:\Program Files (x86)\Sony

2014-06-08 18:11 - 2014-06-08 17:58 - 00000000 ____D () C:\Users\Max\AppData\Local\Sony

2014-06-08 18:11 - 2014-06-08 17:43 - 00000000 ____D () C:\ProgramData\Sony

2014-06-08 18:02 - 2014-06-08 18:02 - 00000212 _____ () C:\Users\Max\Desktop\Magic 2014.url

2014-06-08 18:00 - 2014-05-09 13:39 - 00000555 _____ () C:\Windows\cdplayer.ini

2014-06-08 18:00 - 2014-05-09 13:11 - 00001534 _____ () C:\ProgramData\ss.ini

2014-06-08 11:22 - 2014-06-08 11:22 - 00000000 ____D () C:\Users\Max\AppData\Local\Ubisoft

2014-06-06 20:16 - 2014-04-07 12:00 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-06-06 20:16 - 2014-04-07 12:00 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-06-01 15:31 - 2014-06-01 15:31 - 00000212 _____ () C:\Users\Max\Desktop\Tom Clancy's Ghost Recon Phantoms - EU.url

2014-05-31 13:58 - 2013-11-23 15:08 - 00000000 ____D () C:\ProgramData\Origin

2014-05-31 13:56 - 2014-05-31 13:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-05-31 13:56 - 2013-11-16 21:58 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-05-31 13:56 - 2013-11-16 21:58 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-05-30 21:57 - 2013-12-15 03:44 - 00000000 ____D () C:\Users\Max\AppData\Local\Battle.net

2014-05-28 22:30 - 2014-05-28 22:30 - 00000000 ____D () C:\Users\Max\Desktop\King

2014-05-28 18:48 - 2014-05-28 18:48 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Wargaming.net

2014-05-24 13:29 - 2014-05-24 13:29 - 00000658 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk

2014-05-24 13:29 - 2014-05-24 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2

2014-05-24 13:23 - 2014-05-24 13:23 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Guild Wars 2

2014-05-24 13:23 - 2014-05-24 13:03 - 00000000 ____D () C:\Users\Max\Documents\Guild Wars 2
 

Some content of TEMP:

====================

C:\Users\Max\AppData\Local\Temp\avgnt.exe

C:\Users\Max\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-06-20 15:38
 

==================== End Of Log ============================

--- --- ---

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hey wollte nur kurz Bescheid geben dass ich erst am Wochenende wieder an meinen PC komme dann melde ich mich wieder.

So da bin ich wieder ;) Nochmal danke für deine Hilfe.Die Probleme treten dank dir nicht mehr auf trotzdem lade ich dir die logs nochmal hoch.

ESET:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7587

# api_version=3.0.2

# EOSSerial=75c55080a0302c45b5e6d55d0b166c49

# engine=18920

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-06-27 04:47:22

# local_time=2014-06-27 06:47:22 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Avira Desktop'

# compatibility_mode=1810 16777213 100 100 5168 10569978 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 101293419 155517492 0 0

# scanned=270840

# found=2

# cleaned=0

# scan_time=3107

sh=9A633D558E433D2044964C67F1965C0969222357 ft=1 fh=be4168e8927294fe vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\systweakasp.exe.vir"

sh=B9A96D9AE94C4B42CA5499933F6DF218B3903768 ft=1 fh=966b3592656dc188 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe"

checkup:

Code:

 Results of screen317's Security Check version 0.99.83  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 ``````````````Antivirus/Firewall Check:`````````````` 

Avira Desktop   

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Call of Duty: Ghosts  

 Call of Duty: Ghosts - Multiplayer 

 Java 7 Update 51  

 Java version out of Date! 

 Adobe Flash Player 13.0.0.214  

 Adobe Reader XI  

 Mozilla Firefox (29.0.1) 

 Google Chrome 35.0.1916.114  

 Google Chrome 35.0.1916.153  
 ````````Process Check: objlist.exe by Laurent````````  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2014

Ran by Max (administrator) on MAX-PC on 27-06-2014 18:55:32

Running from C:\Users\Max\Desktop

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 8

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe

(Valve Corporation) D:\Programme\Steam\Steam.exe

() D:\Programme\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe

(Valve Corporation) D:\Programme\Steam\GameOverlayUI.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-06] (Realtek Semiconductor)

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1096480 2013-11-29] (NVIDIA Corporation)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKU\S-1-5-21-3157235878-4259759608-4195695675-1000\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [242688 2013-11-05] (SteelSeries ApS)

Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk

ShortcutTarget: Curse.lnk -> C:\Users\Max\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6D9B2C8A02E3CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391} URL = 

SearchScopes: HKLM-x32 - DefaultScope value is missing.

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File

BHO-x32: EZ YouTube Video Downloader 1.0 - {FDBFEA30-EC51-4B8D-B4F0-8CA4F7253C0A} - C:\Program Files (x86)\EZ YouTube Video Downloader\yvd.dll (XtensionPlus)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
 

FireFox:

========

FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default

FF NewTab: chrome://quick_start/content/index.html

FF DefaultSearchEngine: wow search

FF SearchEngineOrder.1: wow search

FF SelectedSearchEngine: wow search

FF Homepage: hxxp://www.facebook.com/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\searchplugins\search_engine.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\ojkhbsfc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-16]

FF HKLM\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}

FF Extension: EZ YouTube Video Downloader - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B} [2014-04-13]

FF HKLM-x32\...\Firefox\Extensions: [{8167E8F2-A770-4EFB-BA53-8A511051CD9B}] - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B}

FF Extension: EZ YouTube Video Downloader - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B} [2014-04-13]
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR StartupUrls: "hxxp://google.de/", "hxxp://www.twitch.tv/marcelamariaeuw"

CHR Extension: (Google Docs) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-02]

CHR Extension: (Google Drive) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-02]

CHR Extension: (YouTube) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-02]

CHR Extension: (Google-Suche) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-02]

CHR Extension: (AdBlock) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-01]

CHR Extension: (Google Wallet) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-02]

CHR Extension: (Google Mail) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-02]

CHR Extension: (Tab Plus) - C:\Users\Max\AppData\Local\ChromeTabExtension [2014-06-15]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-02-07] () [File not signed]

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)

R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-01-11] ()

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-01] ()
 

==================== Drivers (Whitelisted) ====================
 

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [47512 2013-01-10] (Asmedia Technology)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-06] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)

R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-27] (Intel Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)

R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)

R1 {b1ce3ece-1927-4e6e-b064-2f9628964a7a}Gw64; C:\Windows\System32\drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}Gw64.sys [61112 2014-05-22] (StdLib)

R1 {b1ce3ece-1927-4e6e-b064-2f9628964a7a}w64; C:\Windows\System32\drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}w64.sys [61112 2014-06-09] (StdLib)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-06-27 18:55 - 2014-06-27 18:55 - 00013909 _____ () C:\Users\Max\Desktop\FRST.txt

2014-06-27 18:55 - 2014-06-27 18:55 - 00000000 ____D () C:\Users\Max\Desktop\FRST-OlderVersion

2014-06-27 18:54 - 2014-06-27 18:54 - 00000945 _____ () C:\Users\Max\Desktop\checkup.txt

2014-06-27 18:38 - 2014-06-27 18:40 - 00000000 ____D () C:\Users\Max\AppData\Local\PAYDAY 2

2014-06-27 18:38 - 2014-06-27 18:38 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

2014-06-27 17:21 - 2014-06-27 17:22 - 00854367 _____ () C:\Users\Max\Desktop\SecurityCheck.exe

2014-06-27 17:20 - 2014-06-27 17:22 - 02347384 _____ (ESET) C:\Users\Max\Desktop\esetsmartinstaller_deu.exe

2014-06-24 08:44 - 2014-06-24 08:44 - 00000209 _____ () C:\Users\Max\Desktop\Counter-Strike Source.url

2014-06-24 08:43 - 2014-06-24 08:43 - 00000212 _____ () C:\Users\Max\Desktop\7 Days to Die.url

2014-06-22 11:02 - 2014-06-22 11:02 - 00000000 ____D () C:\Windows\ERUNT

2014-06-22 10:59 - 2014-06-22 11:00 - 00000000 ____D () C:\AdwCleaner

2014-06-22 10:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-06-22 10:45 - 2014-06-22 11:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-22 10:44 - 2014-06-22 10:44 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-22 10:44 - 2014-06-22 10:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-22 10:44 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-06-22 10:44 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-06-22 10:44 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-06-22 10:28 - 2014-06-27 17:34 - 00000000 ____D () C:\Users\Max\Desktop\AntiVir

2014-06-21 13:13 - 2014-06-21 13:13 - 00013982 _____ () C:\ComboFix.txt

2014-06-21 13:09 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-06-21 13:09 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-06-21 13:09 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-06-21 13:09 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-06-21 13:09 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-06-21 13:09 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-06-21 13:09 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-06-21 13:09 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-06-21 13:08 - 2014-06-21 13:13 - 00000000 ____D () C:\Qoobox

2014-06-21 13:08 - 2014-06-21 13:12 - 00000000 ____D () C:\Windows\erdnt

2014-06-21 12:59 - 2014-06-21 12:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-06-21 10:45 - 2014-06-27 18:55 - 00000000 ____D () C:\FRST

2014-06-21 10:35 - 2014-06-27 18:55 - 02082816 _____ (Farbar) C:\Users\Max\Desktop\FRST64.exe

2014-06-21 10:34 - 2014-06-21 10:34 - 00000000 _____ () C:\Users\Max\defogger_reenable

2014-06-20 18:12 - 2014-06-22 10:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-06-15 16:07 - 2014-06-15 16:07 - 00000000 ____D () C:\Users\Max\AppData\Local\EZ YouTube Video Downloader

2014-06-15 13:06 - 2014-06-15 13:06 - 00000000 ____D () C:\Users\Max\AppData\Local\ChromeTabExtension

2014-06-14 11:41 - 2014-06-09 12:08 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}w64.sys

2014-06-08 18:15 - 2014-06-08 18:15 - 00000562 _____ () C:\Users\Public\Desktop\Fraps.lnk

2014-06-08 18:15 - 2014-06-08 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps

2014-06-08 18:15 - 2014-06-08 18:15 - 00000000 ____D () C:\Fraps

2014-06-08 18:12 - 2014-06-08 18:12 - 00001038 _____ () C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk

2014-06-08 18:12 - 2014-06-08 18:12 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Publish Providers

2014-06-08 18:12 - 2014-06-08 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

2014-06-08 18:11 - 2014-06-08 18:11 - 00000000 ____D () C:\Program Files\Sony

2014-06-08 18:11 - 2014-06-08 18:11 - 00000000 ____D () C:\Program Files (x86)\Sony

2014-06-08 18:02 - 2014-06-08 18:02 - 00000212 _____ () C:\Users\Max\Desktop\Magic 2014.url

2014-06-08 17:58 - 2014-06-08 18:11 - 00000000 ____D () C:\Users\Max\AppData\Local\Sony

2014-06-08 17:43 - 2014-06-08 18:11 - 00000000 ____D () C:\ProgramData\Sony

2014-06-08 17:42 - 2014-06-08 18:12 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Sony

2014-06-08 11:22 - 2014-06-08 11:22 - 00000000 ____D () C:\Users\Max\AppData\Local\Ubisoft

2014-06-01 15:31 - 2014-06-01 15:31 - 00000212 _____ () C:\Users\Max\Desktop\Tom Clancy's Ghost Recon Phantoms - EU.url

2014-05-31 13:56 - 2014-06-27 18:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-31 13:56 - 2014-05-31 13:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-05-28 22:30 - 2014-05-28 22:30 - 00000000 ____D () C:\Users\Max\Desktop\King

2014-05-28 18:48 - 2014-05-28 18:48 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Wargaming.net
 

==================== One Month Modified Files and Folders =======
 

2014-06-27 18:55 - 2014-06-27 18:55 - 00013909 _____ () C:\Users\Max\Desktop\FRST.txt

2014-06-27 18:55 - 2014-06-27 18:55 - 00000000 ____D () C:\Users\Max\Desktop\FRST-OlderVersion

2014-06-27 18:55 - 2014-06-21 10:45 - 00000000 ____D () C:\FRST

2014-06-27 18:55 - 2014-06-21 10:35 - 02082816 _____ (Farbar) C:\Users\Max\Desktop\FRST64.exe

2014-06-27 18:54 - 2014-06-27 18:54 - 00000945 _____ () C:\Users\Max\Desktop\checkup.txt

2014-06-27 18:54 - 2013-11-17 14:14 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-27 18:49 - 2014-05-31 13:56 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-27 18:40 - 2014-06-27 18:38 - 00000000 ____D () C:\Users\Max\AppData\Local\PAYDAY 2

2014-06-27 18:38 - 2014-06-27 18:38 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies

2014-06-27 18:38 - 2013-11-16 21:39 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-06-27 17:56 - 2014-05-16 14:32 - 00000000 ____D () C:\Users\Max\AppData\Roaming\vlc

2014-06-27 17:34 - 2014-06-22 10:28 - 00000000 ____D () C:\Users\Max\Desktop\AntiVir

2014-06-27 17:24 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-06-27 17:24 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-06-27 17:22 - 2014-06-27 17:21 - 00854367 _____ () C:\Users\Max\Desktop\SecurityCheck.exe

2014-06-27 17:22 - 2014-06-27 17:20 - 02347384 _____ (ESET) C:\Users\Max\Desktop\esetsmartinstaller_deu.exe

2014-06-27 17:22 - 2011-04-12 09:43 - 00696622 _____ () C:\Windows\system32\perfh007.dat

2014-06-27 17:22 - 2011-04-12 09:43 - 00147918 _____ () C:\Windows\system32\perfc007.dat

2014-06-27 17:22 - 2009-07-14 07:13 - 01612464 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-27 17:20 - 2013-11-16 21:15 - 00712094 _____ () C:\Windows\WindowsUpdate.log

2014-06-27 17:17 - 2013-11-17 14:14 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-27 17:17 - 2013-11-16 23:51 - 00050022 _____ () C:\Windows\setupact.log

2014-06-27 17:17 - 2013-11-16 21:39 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-06-27 17:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-24 14:43 - 2014-04-07 12:00 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-06-24 09:54 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-06-24 08:44 - 2014-06-24 08:44 - 00000209 _____ () C:\Users\Max\Desktop\Counter-Strike Source.url

2014-06-24 08:43 - 2014-06-24 08:43 - 00000212 _____ () C:\Users\Max\Desktop\7 Days to Die.url

2014-06-22 16:29 - 2013-11-16 23:47 - 00000000 ____D () C:\Users\Max\AppData\Roaming\TS3Client

2014-06-22 11:15 - 2014-06-22 10:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-22 11:02 - 2014-06-22 11:02 - 00000000 ____D () C:\Windows\ERUNT

2014-06-22 11:01 - 2013-11-28 19:24 - 00174074 _____ () C:\Windows\PFRO.log

2014-06-22 11:00 - 2014-06-22 10:59 - 00000000 ____D () C:\AdwCleaner

2014-06-22 10:56 - 2013-11-17 04:04 - 00000000 ____D () C:\Windows\Panther

2014-06-22 10:44 - 2014-06-22 10:44 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-22 10:44 - 2014-06-22 10:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-22 10:30 - 2014-04-23 18:08 - 00000000 ____D () C:\Users\Max\Desktop\Stronk

2014-06-22 10:27 - 2014-06-20 18:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-06-22 10:14 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini

2014-06-21 18:13 - 2014-05-01 01:59 - 00000000 ____D () C:\Users\Max\Desktop\Instalok

2014-06-21 18:13 - 2013-12-20 16:55 - 00000000 ____D () C:\Users\Max\Desktop\Musik

2014-06-21 14:11 - 2014-05-01 02:09 - 00000000 ____D () C:\Users\Max\Desktop\LoL

2014-06-21 14:11 - 2014-05-01 02:02 - 00000000 ____D () C:\Users\Max\Desktop\Charts

2014-06-21 14:11 - 2014-05-01 01:59 - 00000000 ____D () C:\Users\Max\Desktop\Mixes

2014-06-21 14:11 - 2014-03-24 13:53 - 00000000 ____D () C:\Users\Max\Desktop\Kollegah

2014-06-21 13:13 - 2014-06-21 13:13 - 00013982 _____ () C:\ComboFix.txt

2014-06-21 13:13 - 2014-06-21 13:08 - 00000000 ____D () C:\Qoobox

2014-06-21 13:12 - 2014-06-21 13:08 - 00000000 ____D () C:\Windows\erdnt

2014-06-21 13:12 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-06-21 12:59 - 2014-06-21 12:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-06-21 10:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-06-21 10:34 - 2014-06-21 10:34 - 00000000 _____ () C:\Users\Max\defogger_reenable

2014-06-21 10:34 - 2013-11-16 21:08 - 00000000 ____D () C:\Users\Max

2014-06-20 16:49 - 2013-11-17 14:14 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-06-20 16:49 - 2013-11-17 14:14 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-06-15 16:07 - 2014-06-15 16:07 - 00000000 ____D () C:\Users\Max\AppData\Local\EZ YouTube Video Downloader

2014-06-15 13:06 - 2014-06-15 13:06 - 00000000 ____D () C:\Users\Max\AppData\Local\ChromeTabExtension

2014-06-15 13:06 - 2014-04-18 22:01 - 00761485 _____ () C:\ProgramData\ChromeTabExtension.crx

2014-06-13 23:27 - 2014-04-16 19:05 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Skype

2014-06-09 12:08 - 2014-06-14 11:41 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}w64.sys

2014-06-08 18:15 - 2014-06-08 18:15 - 00000562 _____ () C:\Users\Public\Desktop\Fraps.lnk

2014-06-08 18:15 - 2014-06-08 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps

2014-06-08 18:15 - 2014-06-08 18:15 - 00000000 ____D () C:\Fraps

2014-06-08 18:12 - 2014-06-08 18:12 - 00001038 _____ () C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk

2014-06-08 18:12 - 2014-06-08 18:12 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Publish Providers

2014-06-08 18:12 - 2014-06-08 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

2014-06-08 18:12 - 2014-06-08 17:42 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Sony

2014-06-08 18:11 - 2014-06-08 18:11 - 00000000 ____D () C:\Program Files\Sony

2014-06-08 18:11 - 2014-06-08 18:11 - 00000000 ____D () C:\Program Files (x86)\Sony

2014-06-08 18:11 - 2014-06-08 17:58 - 00000000 ____D () C:\Users\Max\AppData\Local\Sony

2014-06-08 18:11 - 2014-06-08 17:43 - 00000000 ____D () C:\ProgramData\Sony

2014-06-08 18:02 - 2014-06-08 18:02 - 00000212 _____ () C:\Users\Max\Desktop\Magic 2014.url

2014-06-08 18:00 - 2014-05-09 13:39 - 00000555 _____ () C:\Windows\cdplayer.ini

2014-06-08 18:00 - 2014-05-09 13:11 - 00001534 _____ () C:\ProgramData\ss.ini

2014-06-08 11:22 - 2014-06-08 11:22 - 00000000 ____D () C:\Users\Max\AppData\Local\Ubisoft

2014-06-06 20:16 - 2014-04-07 12:00 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-06-01 15:31 - 2014-06-01 15:31 - 00000212 _____ () C:\Users\Max\Desktop\Tom Clancy's Ghost Recon Phantoms - EU.url

2014-05-31 13:58 - 2013-11-23 15:08 - 00000000 ____D () C:\ProgramData\Origin

2014-05-31 13:56 - 2014-05-31 13:56 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-05-31 13:56 - 2013-11-16 21:58 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-05-31 13:56 - 2013-11-16 21:58 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-05-30 21:57 - 2013-12-15 03:44 - 00000000 ____D () C:\Users\Max\AppData\Local\Battle.net

2014-05-28 22:30 - 2014-05-28 22:30 - 00000000 ____D () C:\Users\Max\Desktop\King

2014-05-28 18:48 - 2014-05-28 18:48 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Wargaming.net
 

Some content of TEMP:

====================

C:\Users\Max\AppData\Local\Temp\avgnt.exe

C:\Users\Max\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-06-20 15:38
 

==================== End Of Log ============================

--- --- ---

Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

R1 {b1ce3ece-1927-4e6e-b064-2f9628964a7a}Gw64; C:\Windows\System32\drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}Gw64.sys [61112 2014-05-22] (StdLib)

R1 {b1ce3ece-1927-4e6e-b064-2f9628964a7a}w64; C:\Windows\System32\drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}w64.sys [61112 2014-06-09] (StdLib)

C:\Windows\System32\drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}Gw64.sys

C:\Windows\System32\drivers\{b1ce3ece-1927-4e6e-b064-2f9628964a7a}w64.sys

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.