Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Proxy-Einstellungen ändern sich, Musik im Hintergrund und langsamer PC (https://www.trojaner-board.de/157941-proxy-einstellungen-aendern-musik-hintergrund-langsamer-pc.html)

PeterZwegat 24.08.2014 11:39
Proxy-Einstellungen ändern sich, Musik im Hintergrund und langsamer PC
 
Hallo liebes Trojaner-Team,

Ich habe folgendes Problem. Seit ungefähr einem Monat habe ich (denke ich zumindest) einen Virus auf meinem PC. Ich höre manchmal irgendeine Musik im Hintergrund wenn ich den Browser starte die nicht aufhört bis ich den PC neustarte. Außerdem ändern sich desöfteren die Proxy-Einstellungen, die ich nur manchmal wieder umstellen kann. Seitdem dieser "Virus" da ist ist auch der PC langsamer geworden.

Ich bitte um Hilfe.

MFG
PeterZwegat

M-K-D-B 24.08.2014 11:40
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!





Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


PeterZwegat 24.08.2014 12:26
Hier die .txt-dateien die du haben wolltest.

Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 01
Ran by Botan at 2014-08-24 13:24:29
Running from C:\Users\Botan\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.11 - GIGABYTE)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{13351E83-6DCD-4E97-2A8C-5D496259A47F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0830.1944.33589 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.80830.1925 - Advanced Micro Devices, Inc.) Hidden
Any Video Converter 5.6.3 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast License by ZeNiX [2012-06-29] (HKLM-x32\...\Avast_2050_ZeNiX [2012-06-29]_is1) (Version:  - )
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
China Localization Patcher (HKLM-x32\...\{7000FFAF-A527-457E-9D0F-933F66E9668E}) (Version: 1.7.1.0 - LokiReborn)
Cisco EAP-FAST Module (HKLM-x32\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Cross Fire En (HKLM-x32\...\Cross Fire_is1) (Version:  - Z8Games.com)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.3.0.0254 - Disc Soft Ltd)
DC Universe Online (HKCU\...\SOE-DC Universe Online) (Version: 1.0.3.183 - Sony Online Entertainment)
Dr. Hardware 2013 13.0d (HKLM-x32\...\Dr. Hardware 2013_is1) (Version:  - Peter A. Gebhard)
Driver Genius (HKLM-x32\...\Driver Genius_is1) (Version: 14.0 - Driver-Soft Inc.)
DriverEasy 4.7.1.19920 (HKLM\...\DriverEasy_is1) (Version: 4.7.1.19920 - Easeware)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Easy Tune 6 B11.0427.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.0427.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Video to MP3 Converter version 5.0.23.320 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
High-Definition Video Playback (x32 Version: 7.1.13900.47.0 - Nero AG) Hidden
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Kingdoms of Amalur™ Reckoning DELUXE EDITION (HKLM-x32\...\Kingdoms of Amalur™ Reckoning DELUXE EDITION_is1) (Version: 1.0.0.2 - QfG)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LevelOne WUA-0605 Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0113 - LevelOne)
Linkey (HKCU\...\Linkey) (Version: 0.0.0.469 - Aztec Media Inc) <==== ATTENTION
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mass Effect Deluxe Edition (HKLM-x32\...\{A5C7818C-27AC-4A71-BEDF-BA5652D2CC36}_is1) (Version: v1.02 - The Most Electrifying Man)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
mHotspot version 6.4.0.0 (HKLM-x32\...\{beeb7906-9268-4520-8850-8d8af9b1c7c8}_is1) (Version: 6.4.0.0 - mHotspot, Inc.)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 17.0.5 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.5 (x86 de)) (Version: 17.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version:  - CyberConnect 2)
Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted_is1) (Version:  - )
Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.2.10000.11.0 - Nero AG)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10000.0.0 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG)
Nero Control Center 10 (x32 Version: 10.2.11900.1.9 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.18400.9.0 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11900.20.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.5.10400 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.071 - Deutsche Telekom AG)
Netzmanager (Version: 1.071 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Opera Stable 20.0.1387.82 (HKLM-x32\...\Opera 20.0.1387.82) (Version: 20.0.1387.82 - Opera Software ASA)
Orbit Downloader (HKLM-x32\...\Orbit_is1) (Version:  - www.orbitdownloader.com)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RIFT (HKCU\...\RIFT) (Version:  - Trion Worlds, Inc.)
Rise of Incarnates (HKLM-x32\...\Steam App 258160) (Version:  - )
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version:  - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.13001 - Aztec Media Inc) <==== ATTENTION
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.5.201304180917 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.155 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.155 - Sony)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Spotydl 0.9.36.0 (HKLM-x32\...\Spotydl_is1) (Version: 0.9.36.0 - spotydl.com)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
System Update kb70007 (x32 Version: 1.0.0 - MRS) Hidden <==== ATTENTION
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
Thread Manager 2.4.0.0 (HKLM-x32\...\{78F4E027-355C-45C0-90DC-F89DFC618761}_is1) (Version: 2.4.0.0 - Digital Generation)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1D53FB73-9826-4541-B2E0-A239C6EBA718}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{34726474-50D6-49FC-B8AC-35411459D27A}) (Version:  - Microsoft)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xara 3D Maker 7 (HKLM-x32\...\MAGIX_{19B9DAD6-5E6E-4B80-8EFE-314B5638D6D4}) (Version: 7.0.0.442 - Xara Group Ltd)
Xara 3D Maker 7 (Version: 7.0.0.442 - Xara Group Ltd) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1789832465-2975819574-3199883490-1007_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Botan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1789832465-2975819574-3199883490-1007_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1789832465-2975819574-3199883490-1007_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1789832465-2975819574-3199883490-1007_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1789832465-2975819574-3199883490-1007_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

09-07-2014 11:21:02 Windows Update
14-08-2014 21:00:08 Windows Update
15-08-2014 01:00:11 Windows Update
19-08-2014 07:14:05 Windows Update
20-08-2014 08:40:29 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {037DF9E7-FADB-45C4-B37F-AB10B1FD36D1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {08C53256-84E4-4A93-9D31-4012A0E1265A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {248AD0D2-7E7E-4D32-81AB-FA015E15B550} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {288B306F-32A8-4549-A947-48EB6FED05CD} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2014-05-29] (Easeware)
Task: {32E2FB49-08D2-4DBE-93C7-4EC65EC0EC27} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {349B0F97-B431-456B-B666-EB392A49DA97} - System32\Tasks\{EB1A13EA-FB01-4D59-99CA-D755078280C9} => Firefox.exe
Task: {358D2FBC-F05A-4FC4-AE91-FC65E464D2C0} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {47BE5527-7413-4007-8AE1-58D880ABDC6C} - System32\Tasks\{71648FD7-4FA0-49B9-8947-65FE8AC42285} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?page=tsProgressBar
Task: {4D706DDF-EC04-4E4E-BA67-1F48DEAD41DF} - System32\Tasks\{7636DB98-A8B0-4C6C-B62E-77A875639331} => Firefox.exe
Task: {58F81692-446D-455E-ABFE-A125C2E829E0} - \GPUpdate No Task File <==== ATTENTION
Task: {9503C1BF-E2EA-4760-BD4F-F7647B362EEA} - System32\Tasks\{BE28D158-551B-4294-9100-DA3EFCA27DD3} => Firefox.exe
Task: {982FADA8-D5E4-464E-9591-CB24ED9A8085} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-22] (AVAST Software)
Task: {B463C9EE-9821-4903-8D31-3266E2131E4A} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMPMNJLMMJMMKMLJJJCNOMKMJJKMCNLMIMNJHMCNGMOMOMJMCNLMLJNJHMPMNMOJIMJJHMKMOMJNJICMIMCNGMCNPMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMPMCNNMJNPICMPMFMFMNMHMHMJNHICMEKMICNJJCKJNBJCMNLAJLIOJBJJNKJCMJNNICMJNDJCMLJKJ"
Task: {C9235D0C-6F53-4B69-AC9C-53FC28D920D7} - System32\Tasks\{3AD24F87-9E1D-4000-88A5-34C6683E7650} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.59.104/de/abandoninstall?page=tsProgressBar
Task: {C9B8C181-8DAF-4D2C-8348-E98858C7AFC3} - System32\Tasks\{AA3F5CC6-8BEB-4F7D-816A-AB8F6E018898} => C:\Riot Games\League of Legends\lol.launcher.exe [2013-06-12] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-07 10:24 - 2014-06-11 17:05 - 00662544 _____ () C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll
2013-08-30 19:47 - 2013-08-30 19:47 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 14:41 - 2012-10-22 14:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 14:42 - 2012-10-22 14:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-08-30 19:47 - 2013-08-30 19:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-06-01 16:12 - 2013-06-01 16:12 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-06-01 16:12 - 2013-06-01 16:12 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2013-08-30 19:47 - 2013-08-30 19:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-06-12 18:11 - 2014-04-22 18:33 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2014-04-22 18:34 - 2014-08-15 02:00 - 05534200 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.215\deploy\LoLLauncher.exe
2014-04-22 18:50 - 2014-04-22 18:50 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.104\deploy\LolClient.exe
2014-07-07 10:24 - 2014-06-11 17:05 - 00488464 _____ () C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
2014-08-23 22:54 - 2014-08-23 22:54 - 02801152 _____ () C:\Program Files\AVAST Software\Avast\defs\14082303\algo.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-23 14:26 - 2010-03-23 14:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2014-07-07 10:24 - 2014-06-11 17:04 - 00019472 _____ () C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll
2014-06-22 17:20 - 2014-06-22 17:20 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-03-26 00:02 - 2009-12-09 15:20 - 00126976 ____R () C:\Program Files (x86)\LevelOne\WUA-0605\EnumDevLib.dll
2014-08-24 00:00 - 2014-07-17 07:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-22 18:34 - 2014-08-15 02:00 - 01635832 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.215\deploy\RiotLauncher.dll
2014-07-09 13:01 - 2014-07-09 13:01 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/24/2014 10:40:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7
Name des fehlerhaften Moduls: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7
Ausnahmecode: 0x40000015
Fehleroffset: 0x0007d28a
ID des fehlerhaften Prozesses: 0x898
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3

Error: (08/24/2014 10:40:21 AM) (Source: Reinstaller) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ArgumentException: Das Token darf nicht 0 (null) sein.
  bei System.Security.Principal.WindowsIdentity.CreateFromToken(IntPtr userToken)
  bei System.Security.Principal.WindowsIdentity..ctor(IntPtr userToken, String authType, Int32 isAuthenticated)
  bei System.Security.Principal.WindowsIdentity..ctor(IntPtr userToken)
  bei WindowsUpdater.Reinstaller.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (08/24/2014 10:40:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 2.0.23.0, Zeitstempel: 0x52f2947e
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x41c
Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0
Pfad der fehlerhaften Anwendung: mbamscheduler.exe1
Pfad des fehlerhaften Moduls: mbamscheduler.exe2
Berichtskennung: mbamscheduler.exe3

Error: (08/24/2014 01:52:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 308c

Startzeit: 01cfbf2d36572075

Endzeit: 6

Anwendungspfad: C:\Windows\system32\rundll32.exe

Berichts-ID: 7aa0a329-2b20-11e4-acc4-50e549d5f581

Error: (08/24/2014 01:51:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 191c

Startzeit: 01cfbf2d0cf67adb

Endzeit: 11

Anwendungspfad: C:\Windows\system32\rundll32.exe

Berichts-ID: 5537102c-2b20-11e4-acc4-50e549d5f581

Error: (08/24/2014 01:50:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2350

Startzeit: 01cfbf2d0023d24a

Endzeit: 2

Anwendungspfad: C:\Windows\system32\rundll32.exe

Berichts-ID: 477d3888-2b20-11e4-acc4-50e549d5f581

Error: (08/23/2014 11:43:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768, Zeitstempel: 0x4d688122
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000077a1009f
ID des fehlerhaften Prozesses: 0x8ac
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (08/23/2014 10:50:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7
Name des fehlerhaften Moduls: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7
Ausnahmecode: 0x40000015
Fehleroffset: 0x0007d28a
ID des fehlerhaften Prozesses: 0xd54
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3

Error: (08/23/2014 10:49:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 2.0.23.0, Zeitstempel: 0x52f2947e
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xa64
Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0
Pfad der fehlerhaften Anwendung: mbamscheduler.exe1
Pfad des fehlerhaften Moduls: mbamscheduler.exe2
Berichtskennung: mbamscheduler.exe3

Error: (08/22/2014 04:01:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7
Name des fehlerhaften Moduls: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7
Ausnahmecode: 0x40000015
Fehleroffset: 0x0007d28a
ID des fehlerhaften Prozesses: 0x900
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3


System errors:
=============
Error: (08/24/2014 10:42:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (08/24/2014 10:41:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535

Error: (08/24/2014 10:41:58 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535

Error: (08/24/2014 10:41:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535

Error: (08/24/2014 10:41:58 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535

Error: (08/24/2014 10:41:58 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (08/24/2014 10:41:58 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (08/24/2014 10:41:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535

Error: (08/24/2014 10:41:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535

Error: (08/24/2014 10:41:49 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD FX(tm)-6100 Six-Core Processor
Percentage of memory in use: 66%
Total physical RAM: 4093.55 MB
Available physical RAM: 1386.39 MB
Total Pagefile: 8185.25 MB
Available Pagefile: 4986.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:101.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6312B514)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 01
Ran by Botan (administrator) on XEBAT-PC on 24-08-2014 13:23:03
Running from C:\Users\Botan\Downloads
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Realtek) C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe
(Aztec Media Inc) C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
(Aztec Media Inc) C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\LevelOne\WUA-0605\RtWLan.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Aztec Media Inc) C:\Program Files (x86)\Settings Manager\systemk\systemku.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.215\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.104\deploy\LolClient.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-14] (AVAST Software)
HKU\S-1-5-21-1789832465-2975819574-3199883490-1007\...\Run: [Spotify Web Helper] => C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-07-09] (Spotify Ltd)
HKU\S-1-5-21-1789832465-2975819574-3199883490-1007\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1789832465-2975819574-3199883490-1007\...\Run: [uTorrent] => C:\Users\Botan\AppData\Roaming\uTorrent\updates\3.4.2_32126.exe [1322832 2014-07-03] (BitTorrent Inc.)
HKU\S-1-5-21-1789832465-2975819574-3199883490-1007\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3198224 2014-04-28] (Disc Soft Ltd)
HKU\S-1-5-21-1789832465-2975819574-3199883490-1007\...\Run: [EzispAbafe] => regsvr32.exe "C:\ProgramData\EzispAbafe\EzispAbafe.dat"
HKU\S-1-5-21-1789832465-2975819574-3199883490-1007\...\MountPoints2: {517d9f9d-ece5-11e3-bcc5-50e549d5f581} - F:\setup.exe
AppInit_DLLs: C:\Users\Botan\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => C:\Users\Botan\AppData\Local\Linkey\IEExtension\iedll64.dll [202768 2014-06-01] (Aztec Media Inc)
AppInit_DLLs-x32: C:\Users\Botan\AppData\Local\Linkey\IEEXTE~1\iedll.dll => C:\Users\Botan\AppData\Local\Linkey\IEExtension\iedll.dll [175632 2014-06-01] (Aztec Media Inc)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\Bekir&Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.default-search.net?sid=503&aid=102&itype=n&ver=13001&tm=401&src=hmp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://cn.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-CN
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=102&itype=n&ver=13001&tm=401&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=102&itype=n&ver=13001&tm=401&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=102&itype=n&ver=13001&tm=401&src=ds&p={searchTerms}
BHO: CostMin -> {4A87B975-1796-C3B9-774C-AF9F5D878AC0} -> C:\Program Files (x86)\CostMin\WA.x64.dll No File
BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\Botan\AppData\Local\Linkey\IEExtension\iedll64.dll (Aztec Media Inc)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO-x32: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\Botan\AppData\Local\Linkey\IEExtension\iedll.dll (Aztec Media Inc)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Botan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\searchplugins\default-search.xml
FF SearchPlugin: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WEB.DE MailCheck - C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\Extensions\toolbar@web.de [2014-08-14]
FF Extension: ImTranslator - C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-08-23]
FF Extension: Adblock Plus - C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-22]

Chrome:
=======
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: default-search.net
CHR DefaultSearchURL: hxxp://www.default-search.net/search?sid=503&aid=102&itype=n&ver=13001&tm=401&src=ds&p={searchTerms}
CHR DefaultSuggestURL:
CHR Extension: (CostMin) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin [2014-06-05]
CHR Extension: (Google Wallet) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-15]
CHR Extension: (Grooveshark Downloader) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooblpjoncpjmbncgocjlnannofkjjhnp [2014-04-28]
CHR Extension: (CostMin) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin\2.2 [2014-06-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-22] (AVAST Software)
R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [813328 2014-04-28] (Disc Soft Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-06-01] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2013-06-01] ()
R2 Realtek11nSU; C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe [45056 2010-01-21] (Realtek) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SystemkService; C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe [3572240 2014-06-11] (Aztec Media Inc)
S2 SystemUpdatekb70007; C:\Users\Botan\AppData\Roaming\MRS\SystemUpdatekb70007\WindowsUpdater.exe [29184 2014-05-29] () [File not signed]
S4 fpvoixdaog64; C:\Program Files\002\fpvoixdaog64.exe run options=01110010020000000000000000000000 sourceguid=106056F7-36E2-4861-97FC-AD47C9832713 [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AODDriver; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-22] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [14760 2011-12-06] ()
R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [14760 2011-12-06] ()
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2014-06-05] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-26] (DT Soft Ltd)
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc2.cfg [41872 2014-06-11] (Aztec Media Inc)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-05-04] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61736 2014-02-28] (NetFilterSDK.com)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [969696 2014-05-11] (TENCENT)
S1 dgztwemx; \??\C:\Windows\system32\drivers\dgztwemx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 opuaoowl; \??\C:\Windows\system32\drivers\opuaoowl.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 13:23 - 2014-08-24 13:24 - 00021435 _____ () C:\Users\Botan\Downloads\FRST.txt
2014-08-24 13:22 - 2014-08-24 13:23 - 00000000 ____D () C:\FRST
2014-08-24 13:21 - 2014-08-24 13:21 - 02103296 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe
2014-08-24 01:11 - 2014-08-24 01:11 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-24 00:03 - 2014-08-24 00:03 - 00244408 _____ () C:\Users\Botan\Downloads\Firefox Setup Stub 31.0 (1).exe
2014-08-23 23:59 - 2014-08-23 23:59 - 00244408 _____ () C:\Users\Botan\Downloads\Firefox Setup Stub 31.0.exe
2014-08-23 23:54 - 2014-08-23 23:54 - 32047680 _____ () C:\Users\Botan\Downloads\Firefox_Setup_de31.0.exe
2014-08-23 23:43 - 2014-08-23 23:43 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-23 23:43 - 2014-08-23 23:43 - 00000000 ____D () C:\ProgramData\EzispAbafe
2014-08-22 23:13 - 2014-06-19 07:53 - 00000000 ____D () C:\Users\Botan\Desktop\Breaking Point LP
2014-08-22 18:30 - 2014-08-22 19:10 - 171742722 _____ () C:\Users\Botan\Downloads\Breaking Point LP.rar
2014-08-21 16:46 - 2012-01-01 07:27 - 00000000 ____D () C:\Users\Botan\Desktop\2Pac Drake J Cole Mopreme Shakur Sade Notori (DatPiff.com)
2014-08-21 15:27 - 2014-08-21 15:29 - 143094349 _____ () C:\Users\Botan\Downloads\2pac_-_2012-(DatPiff.com).zip
2014-08-21 15:23 - 2012-03-04 12:23 - 00000000 ____D () C:\Users\Botan\Desktop\Eminem - POMATIC presents Eminem Mash Hitz LP 200 (DatPiff.com)
2014-08-21 15:15 - 2014-08-21 15:17 - 129641900 _____ () C:\Users\Botan\Downloads\POMATIC_presents_Eminem_Mash_Hitz_LP_2009-(DatPiff.com).zip
2014-08-21 13:32 - 2014-08-18 11:25 - 00000000 ____D () C:\Users\Botan\Desktop\Eminem & Jay-Z - Renegades (2010)
2014-08-21 11:38 - 2014-08-21 12:44 - 201999846 _____ () C:\Users\Botan\Downloads\Eminem & Jay-Z - Renegades (2010).rar
2014-08-20 13:05 - 2014-08-20 13:05 - 00000091 _____ () C:\Users\Botan\Desktop\Flash.txt
2014-08-19 09:16 - 2014-08-19 09:16 - 00000000 ____D () C:\5b842a6c0c5b343bb402adf5
2014-08-15 23:59 - 2014-08-23 23:43 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-08-15 11:11 - 2014-08-15 11:11 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\roi
2014-08-15 00:18 - 2014-08-24 01:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 13:24 - 2014-08-24 13:23 - 00021435 _____ () C:\Users\Botan\Downloads\FRST.txt
2014-08-24 13:24 - 2014-07-07 10:24 - 00000000 ____D () C:\ProgramData\systemk
2014-08-24 13:23 - 2014-08-24 13:22 - 00000000 ____D () C:\FRST
2014-08-24 13:21 - 2014-08-24 13:21 - 02103296 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe
2014-08-24 13:18 - 2014-01-17 21:43 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Skype
2014-08-24 13:11 - 2013-06-10 22:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-24 13:01 - 2013-03-26 00:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-24 12:26 - 2013-03-25 23:44 - 01423791 _____ () C:\Windows\WindowsUpdate.log
2014-08-24 10:45 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-24 10:45 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-24 10:41 - 2014-06-05 17:05 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\uTorrent
2014-08-24 10:40 - 2013-06-10 22:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-24 10:39 - 2013-03-26 00:21 - 01619102 _____ () C:\Windows\PFRO.log
2014-08-24 10:39 - 2013-03-26 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-24 10:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-24 10:39 - 2009-07-14 06:51 - 00102355 _____ () C:\Windows\setupact.log
2014-08-24 01:11 - 2014-08-24 01:11 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-24 01:11 - 2014-08-15 00:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-24 00:03 - 2014-08-24 00:03 - 00244408 _____ () C:\Users\Botan\Downloads\Firefox Setup Stub 31.0 (1).exe
2014-08-23 23:59 - 2014-08-23 23:59 - 00244408 _____ () C:\Users\Botan\Downloads\Firefox Setup Stub 31.0.exe
2014-08-23 23:57 - 2014-06-09 13:48 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-23 23:54 - 2014-08-23 23:54 - 32047680 _____ () C:\Users\Botan\Downloads\Firefox_Setup_de31.0.exe
2014-08-23 23:43 - 2014-08-23 23:43 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-23 23:43 - 2014-08-23 23:43 - 00000000 ____D () C:\ProgramData\EzispAbafe
2014-08-23 23:43 - 2014-08-15 23:59 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-08-22 19:10 - 2014-08-22 18:30 - 171742722 _____ () C:\Users\Botan\Downloads\Breaking Point LP.rar
2014-08-21 15:29 - 2014-08-21 15:27 - 143094349 _____ () C:\Users\Botan\Downloads\2pac_-_2012-(DatPiff.com).zip
2014-08-21 15:17 - 2014-08-21 15:15 - 129641900 _____ () C:\Users\Botan\Downloads\POMATIC_presents_Eminem_Mash_Hitz_LP_2009-(DatPiff.com).zip
2014-08-21 12:44 - 2014-08-21 11:38 - 201999846 _____ () C:\Users\Botan\Downloads\Eminem & Jay-Z - Renegades (2010).rar
2014-08-21 11:23 - 2014-06-22 17:21 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-20 13:05 - 2014-08-20 13:05 - 00000091 _____ () C:\Users\Botan\Desktop\Flash.txt
2014-08-19 09:16 - 2014-08-19 09:16 - 00000000 ____D () C:\5b842a6c0c5b343bb402adf5
2014-08-18 11:25 - 2014-08-21 13:32 - 00000000 ____D () C:\Users\Botan\Desktop\Eminem & Jay-Z - Renegades (2010)
2014-08-15 11:11 - 2014-08-15 11:11 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\roi
2014-08-15 03:10 - 2013-09-07 18:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 03:00 - 2009-10-14 07:12 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-05 09:20 - 2009-10-14 07:13 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Botan\AppData\Local\Temp\121ak54j86a12.jpg.exe
C:\Users\Botan\AppData\Local\Temp\16212516.exe
C:\Users\Botan\AppData\Local\Temp\181ak54j86a18.jpg.exe
C:\Users\Botan\AppData\Local\Temp\18be6784_.exe
C:\Users\Botan\AppData\Local\Temp\294823_.exe
C:\Users\Botan\AppData\Local\Temp\361ak54j86a36.jpg.exe
C:\Users\Botan\AppData\Local\Temp\551ak54j86a55.jpg.exe
C:\Users\Botan\AppData\Local\Temp\5ctpkqjp.bcw.exe
C:\Users\Botan\AppData\Local\Temp\7za.exe
C:\Users\Botan\AppData\Local\Temp\aqti2lh3.ivz.exe
C:\Users\Botan\AppData\Local\Temp\fko43i5d.w11.exe
C:\Users\Botan\AppData\Local\Temp\GPUpd539586B30.exe
C:\Users\Botan\AppData\Local\Temp\MediaPlayer__3936_il3753.exe
C:\Users\Botan\AppData\Local\Temp\Quarantine.exe
C:\Users\Botan\AppData\Local\Temp\setup.exe
C:\Users\Botan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Botan\AppData\Local\Temp\TXPltSafeInit.dll
C:\Users\Botan\AppData\Local\Temp\vjm16.exe
C:\Users\Botan\AppData\Local\Temp\wml1zt5s.thn.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-22 23:03

==================== End Of Log ============================
--- --- ---

--- --- ---

M-K-D-B 24.08.2014 12:28
Zukünftig:
Zitat:
Running from C:\Users\Botan\Downloads
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

PeterZwegat 24.08.2014 15:15
Code:
ComboFix 14-08-24.01 - Botan 24.08.2014  15:46:25.1.6 - x64
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.4094.1669 [GMT 2:00]
ausgeführt von:: c:\users\Botan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20130724.txt
c:\cflog\EPLog.txt
C:\install.exe
c:\users\Botan\AppData\Roaming\apachesrvin.vbs
c:\windows\SysWow64\trzB089.tmp
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TESSAFE
-------\Service_TesSafe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-07-24 bis 2014-08-24  ))))))))))))))))))))))))))))))
.
.
2014-08-24 14:05 . 2014-08-24 14:05        75888        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6059D21-D68B-4E86-AB93-A6AC69FBAFE4}\offreg.dll
2014-08-24 11:22 . 2014-08-24 11:25        --------        d-----w-        C:\FRST
2014-08-23 21:43 . 2014-08-23 21:43        --------        d-----w-        c:\programdata\EzispAbafe
2014-08-22 14:16 . 2014-08-21 03:43        11319192        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6059D21-D68B-4E86-AB93-A6AC69FBAFE4}\mpengine.dll
2014-08-19 07:16 . 2014-08-19 07:16        --------        d-----w-        C:\5b842a6c0c5b343bb402adf5
2014-08-15 21:59 . 2014-08-23 21:43        --------        d--h--w-        c:\programdata\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-08-15 09:11 . 2014-08-15 09:11        --------        d-----w-        c:\users\Botan\AppData\Roaming\roi
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-15 01:00 . 2009-10-14 05:12        99218768        ----a-w-        c:\windows\system32\MRT.exe
2014-08-05 07:20 . 2009-10-14 05:13        270496        ------w-        c:\windows\system32\MpSigStub.exe
2014-07-09 11:01 . 2013-03-25 22:13        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 11:01 . 2013-03-25 22:13        699056        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-22 15:38 . 2014-06-22 15:21        1039096        ----a-w-        c:\windows\system32\drivers\aswsnx.sys
2014-06-22 15:38 . 2014-06-22 15:21        423240        ----a-w-        c:\windows\system32\drivers\aswsp.sys
2014-06-22 15:38 . 2014-06-22 15:21        85328        ----a-w-        c:\windows\system32\drivers\aswstm.sys
2014-06-22 15:20 . 2014-06-22 15:21        208416        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2014-06-22 15:20 . 2014-06-22 15:21        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2014-06-22 15:20 . 2014-06-22 15:21        79184        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-06-22 15:20 . 2014-06-22 15:21        29208        ----a-w-        c:\windows\system32\drivers\aswHwid.sys
2014-06-22 15:20 . 2014-06-22 15:21        93568        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2014-06-22 15:20 . 2014-06-22 15:21        334648        ----a-w-        c:\windows\system32\aswBoot.exe
2014-06-22 15:20 . 2014-06-22 15:20        43152        ----a-w-        c:\windows\avastSS.scr
2014-06-15 11:14 . 2014-06-15 11:14        1187697        ----a-w-        c:\windows\unins000.exe
2014-06-14 11:27 . 2013-03-25 23:05        25640        ----a-w-        c:\windows\gdrv.sys
2014-06-14 11:20 . 2014-06-14 11:20        21712        ----a-w-        c:\windows\SysWow64\drivers\DrvAgent64.SYS
2014-06-05 19:46 . 2014-06-05 19:24        95        ----a-w-        c:\users\Botan\AppData\Roaming\die.bat
2014-06-05 19:20 . 2014-06-05 19:20        29696        ----a-w-        c:\windows\system32\drivers\dtscsibus.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}]
2014-06-01 10:56        175632        ----a-w-        c:\users\Botan\AppData\Local\Linkey\IEEXTE~1\iedll.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-09 1176632]
"uTorrent"="c:\users\Botan\AppData\Roaming\uTorrent\updates\3.4.2_32126.exe" [2014-07-03 1322832]
"DAEMON Tools Ultra Agent"="c:\program files (x86)\DAEMON Tools Ultra\DTAgent.exe" [2014-04-28 3198224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-08-30 766208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-14 3890208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\users\Botan\AppData\Local\Linkey\IEEXTE~1\iedll.dll
.
R1 dgztwemx;dgztwemx;c:\windows\system32\drivers\dgztwemx.sys;c:\windows\SYSNATIVE\drivers\dgztwemx.sys [x]
R1 opuaoowl;opuaoowl;c:\windows\system32\drivers\opuaoowl.sys;c:\windows\SYSNATIVE\drivers\opuaoowl.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TelekomNM6;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 X6va013;X6va013;c:\windows\SysWOW64\Drivers\X6va013;c:\windows\SysWOW64\Drivers\X6va013 [x]
R3 X6va016;X6va016;c:\windows\SysWOW64\Drivers\X6va016;c:\windows\SysWOW64\Drivers\X6va016 [x]
R3 X6va017;X6va017;c:\windows\SysWOW64\Drivers\X6va017;c:\windows\SysWOW64\Drivers\X6va017 [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 fpvoixdaog64;fpvoixdaog64;c:\program files\002\fpvoixdaog64.exe run options=01110010020000000000000000000000 sourceguid=106056F7-36E2-4861-97FC-AD47C9832713;c:\program files\002\fpvoixdaog64.exe run options=01110010020000000000000000000000 sourceguid=106056F7-36E2-4861-97FC-AD47C9832713 [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622;c:\program files (x86)\Settings Manager\systemk\x64\systemkmgrc2.cfg;c:\program files (x86)\Settings Manager\systemk\x64\systemkmgrc2.cfg [x]
S1 netfilter64;netfilter64;c:\windows\system32\drivers\netfilter64.sys;c:\windows\SYSNATIVE\drivers\netfilter64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DRHARD64;DRHARD64;c:\windows\system32\drivers\DRHARD64.sys;c:\windows\SYSNATIVE\drivers\DRHARD64.sys [x]
S2 DRHMSR64;DRHMSR64;c:\windows\system32\drivers\DRHMSR64.sys;c:\windows\SYSNATIVE\drivers\DRHMSR64.sys [x]
S2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe ;c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe  [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\LevelOne\WUA-0605\RtlService.exe;c:\program files (x86)\LevelOne\WUA-0605\RtlService.exe [x]
S2 SystemkService;Systemk Service;c:\program files (x86)\Settings Manager\systemk\SystemkService.exe;c:\program files (x86)\Settings Manager\systemk\SystemkService.exe [x]
S2 SystemUpdatekb70007;SystemUpdatekb70007;c:\users\Botan\AppData\Roaming\MRS\SystemUpdatekb70007\WindowsUpdater.exe;c:\users\Botan\AppData\Roaming\MRS\SystemUpdatekb70007\WindowsUpdater.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-25 11:01]
.
2014-06-14 c:\windows\Tasks\DriverEasy Scheduled Scan.job
- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2014-06-14 10:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-06-22 15:20        290888        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\users\Botan\AppData\Local\Linkey\IEEXTE~1\iedll64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.default-search.net?sid=503&aid=102&itype=n&ver=13001&tm=401&src=hmp
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-EzispAbafe - c:\programdata\EzispAbafe\EzispAbafe.dat
BHO-{4A87B975-1796-C3B9-774C-AF9F5D878AC0} - c:\program files (x86)\CostMin\WA.x64.dll
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\F06DEFF2-5B9C-490D-910F-35D3A9119622]
"ImagePath"="\??\c:\program files (x86)\Settings Manager\systemk\x64\systemkmgrc2.cfg"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va013]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va013"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va016]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va016"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va017]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va017"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\LevelOne\WUA-0605\RtWlan.exe
c:\program files (x86)\Settings Manager\systemk\systemku.exe
c:\users\Botan\AppData\Local\MRS\winsystem.exe
c:\users\Botan\AppData\Local\MRS\svcsystem.exe
c:\program files (x86)\MRS\pvx\privoxy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-08-24  16:12:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-08-24 14:12
.
Vor Suchlauf: 27 Verzeichnis(se), 135.767.461.888 Bytes frei
Nach Suchlauf: 32 Verzeichnis(se), 137.631.911.936 Bytes frei
.
- - End Of File - - 33072D9F50C86D283A9AE4AB54E80ED4
A36C5E4F47E84449FF07ED3517B43A31

M-K-D-B 25.08.2014 08:40
Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.






Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM,
  • die beiden neuen Logdateien von FRST.

PeterZwegat 25.08.2014 18:42
AdwCleaner[S0]
Code:
# AdwCleaner v3.212 - Bericht erstellt am 09/06/2014 um 13:38:26
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate  (64 bits)
# Benutzername : Botan - XEBAT-PC
# Gestartet von : C:\Users\Botan\Downloads\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : IePluginServices
[#] Dienst Gelöscht : RrFilterService64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Tencent
Ordner Gelöscht : C:\Windows\Installer\{813BA625-B0FA-48D8-9B75-59759C88C219}
Ordner Gelöscht : C:\Program Files\002
Ordner Gelöscht : C:\Program Files\RrFilter
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\torch
Ordner Gelöscht : C:\Users\Botan\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Botan\AppData\Local\torch
Ordner Gelöscht : C:\Users\Botan\AppData\Roaming\GetPrivate
Ordner Gelöscht : C:\Users\Botan\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Botan\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch
Ordner Gelöscht : C:\Users\Schule\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Schule\AppData\Local\torch
Ordner Gelöscht : C:\Users\Xebat\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Xebat\AppData\Local\torch
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp
Ordner Gelöscht : C:\Users\Schule\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Bekir&Botan\daemonprocess.txt
Datei Gelöscht : C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk
Datei Gelöscht : C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk
Datei Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
Datei Gelöscht : C:\Windows\System32\Tasks\GPUpdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CostMin.CostMin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CostMin.CostMin.2.2
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\PlurPush
Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx
Schlüssel Gelöscht : HKCU\Software\TENCENT
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Rr Savings
Schlüssel Gelöscht : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\Software\PlurPush
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\TENCENT
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F5F003B-C71B-72E3-42B4-DE51AB079EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\RrSavings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{813BA625-B0FA-48D8-9B75-59759C88C219}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlurPush
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\526AB318AF0B8D84B9579557C9882C91
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\526AB318AF0B8D84B9579557C9882C91

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16476

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Bekir&Botan\AppData\Roaming\Mozilla\Firefox\Profiles\yxwdkydi.default\prefs.js ]


[ Datei : C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\prefs.js ]

Zeile gelöscht : user_pref("extensions.cskn.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.ne[...]

[ Datei : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\kh6wqhhj.default\prefs.js ]


[ Datei : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ Datei : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://www.nationzoom.com/web/?type=ds&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053&q={searchTerms}
Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiHNiYBLXFYk_-w9a654dXDEgIToDQLPUIDYB4w_Aqlr8KCfMtMCDM,&q={searchTerms}
Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir=
Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c0b4d54d-99ca-aa89-23c5-24b59b538e10&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000

[ Datei : C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c0b4d54d-99ca-aa89-23c5-24b59b538e10&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000
Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiHNiYBLXFYk_-w9a654dXDEgIToDQLPUIDYB4w_Aqlr8KCfMtMCDM,&q={searchTerms}
Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir=
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh

[ Datei : C:\Users\Schule\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c0b4d54d-99ca-aa89-23c5-24b59b538e10&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000
Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiHNiYBLXFYk_-w9a654dXDEgIToDQLPUIDYB4w_Aqlr8KCfMtMCDM,&q={searchTerms}
Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir=
Gelöscht [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Gelöscht [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Gelöscht [Extension] : iagcajndpnfncplednpbnkahadegklfa
Gelöscht [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Gelöscht [Extension] : khialnikbocfgkohdegnebhmmaifoglp
Gelöscht [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Gelöscht [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Gelöscht [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [14281 octets] - [09/06/2014 13:36:40]
AdwCleaner[S0].txt - [13164 octets] - [09/06/2014 13:38:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13225 octets] ##########

AdwCleaner[S1]

Code:
# AdwCleaner v3.308 - Bericht erstellt am 25/08/2014 um 18:31:29
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate  (64 bits)
# Benutzername : Botan - XEBAT-PC
# Gestartet von : C:\Users\Botan\Downloads\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : F06DEFF2-5B9C-490D-910F-35D3A9119622
[#] Dienst Gelöscht : netfilter64
[#] Dienst Gelöscht : SystemkService
[#] Dienst Gelöscht : SystemUpdatekb70007

***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\ProgramData\systemk
Ordner Gelöscht : C:\Program Files (x86)\driver-soft
Ordner Gelöscht : C:\Program Files (x86)\orbitdownloader
[!] Ordner Gelöscht : C:\Program Files (x86)\Settings Manager
Ordner Gelöscht : C:\Users\Botan\AppData\Local\eSupport.com
Ordner Gelöscht : C:\Users\Botan\AppData\Local\Linkey
Ordner Gelöscht : C:\Users\Botan\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Botan\AppData\Roaming\Settings Manager
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
Ordner Gelöscht : C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
Ordner Gelöscht : C:\Users\Schule\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
Ordner Gelöscht : C:\Users\Xebat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Schule\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Xebat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Schule\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Xebat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Schule\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Xebat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Schule\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Xebat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Schule\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Xebat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Schule\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
[!] Ordner Gelöscht : C:\Users\Xebat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhppdleieideemfkfeknjlaigifdbmin
Datei Gelöscht : C:\Windows\System32\drivers\netfilter64.sys
Datei Gelöscht : C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\invalidprefs.js
Datei Gelöscht : C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\searchplugins\default-search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml

***** [ Tasks ] *****

Task Gelöscht : GPUpdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Wert Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe]
Wert Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe]
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Orbit
Schlüssel Gelöscht : HKCU\Software\SystemK
Schlüssel Gelöscht : HKLM\SOFTWARE\Driver-Soft
Schlüssel Gelöscht : HKLM\SOFTWARE\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\Orbit
Schlüssel Gelöscht : HKLM\SOFTWARE\SystemK
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Linkey
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\Users\Botan\AppData\Local\Linkey\IEEXTE~1\iedll.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\Users\Botan\AppData\Local\Linkey\IEEXTE~1\iedll64.dll
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\115C6526B05609952AB1C87ACA053FEB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5A93AE7EBC5B6D65D835F3062297F148
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B3AC1089BC9C1C5A9750316017EA5D6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF767AE36C8829547ACD71A4249A42B9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B86779929E3507352B061D4EF922EBA6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FC6BF115B02E27354AAFD44E1670EE11
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\526AB318AF0B8D84B9579557C9882C91
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16476

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Bekir&Botan\AppData\Roaming\Mozilla\Firefox\Profiles\yxwdkydi.default\prefs.js ]


[ Datei : C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\prefs.js ]


[ Datei : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\kh6wqhhj.default\prefs.js ]


[ Datei : C:\Users\Xebat\AppData\Roaming\Mozilla\Firefox\Profiles\9nlsrkz3.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ Datei : C:\Users\Bekir&Botan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://www.default-search.net/search?sid=503&aid=102&itype=n&ver=13001&tm=401&src=ds&p={searchTerms}
Gelöscht [Extension] : jhppdleieideemfkfeknjlaigifdbmin

[ Datei : C:\Users\Schule\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Gelöscht [Extension] : jhppdleieideemfkfeknjlaigifdbmin

*************************

AdwCleaner[R0].txt - [14281 octets] - [09/06/2014 13:36:40]
AdwCleaner[R1].txt - [14703 octets] - [25/08/2014 18:27:26]
AdwCleaner[S0].txt - [13350 octets] - [09/06/2014 13:38:26]
AdwCleaner[S1].txt - [14507 octets] - [25/08/2014 18:31:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [14568 octets] ##########
mbam.txt
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 25.08.2014
Suchlauf-Zeit: 18:57:24
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.25.03
Rootkit Datenbank: v2014.08.21.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: Botan

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 490547
Verstrichene Zeit: 17 Min, 18 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 57
PUP.Optional.Babylon.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [7552bb0fafccbb7b9ca40c66ec162ad6],
PUP.Optional.Babylon.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}, In Quarantäne, [7552bb0fafccbb7b9ca40c66ec162ad6],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [b710b317f98265d144e7edc22fd344bc],
PUP.Optional.Delta.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, In Quarantäne, [5a6d6466f08ba690a30fd0dae02255ab],
PUP.Optional.Delta.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, In Quarantäne, [5a6d6466f08ba690a30fd0dae02255ab],
PUP.Optional.Delta.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, In Quarantäne, [a225d7f3d1aa8fa72f824961d929758b],
PUP.Optional.Delta.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, In Quarantäne, [a225d7f3d1aa8fa72f824961d929758b],
PUP.Optional.MixiDJToolbar.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}, In Quarantäne, [398e92380c6f2d09ae3f446704febd43],
PUP.Optional.MixiDJToolbar.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}, In Quarantäne, [398e92380c6f2d09ae3f446704febd43],
PUP.Optional.MixiDJToolbar.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}, In Quarantäne, [cff827a36912e4526a84f6b53bc7c43c],
PUP.Optional.MixiDJToolbar.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}, In Quarantäne, [cff827a36912e4526a84f6b53bc7c43c],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [ac1bdeec4f2c5dd92c15ccdf71914bb5],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [ac1bdeec4f2c5dd92c15ccdf71914bb5],
PUP.Optional.SystemK.A, HKLM\SOFTWARE\WOW6432NODE\SystemK, In Quarantäne, [a81fecde3546e056006410dc3ec440c0],
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AEB719FD-EDB0-43E9-B524-90F97C1E6499}, In Quarantäne, [339417b32a512610b5c1d61522e09a66],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK\General, In Quarantäne, [d7f0f7d3a1da31056cc31febf80bd729],
PUP.Optional.RRSavings.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\fpvoixdaog64, In Quarantäne, [6d5a478308735dd9b4a827ddda29ad53],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, In Quarantäne, [5b6cdcee1566c17568496587db27c937],
PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven 2.5, In Quarantäne, [329551797b002d09ae17888ab350718f],
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, In Quarantäne, [2d9ab416eb9084b23c0f82af70942dd3],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, In Quarantäne, [6067a822c5b69b9b443ac26bba4a639d],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [f5d2feccb0cb51e5324b35f853b13ec2],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, In Quarantäne, [12b58248e89347ef38793fada959728e],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [f9cebd0d611afb3b37bb97aa2ed6e020],
PUP.Optional.Feven.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven 2.5, In Quarantäne, [5b6c91391b60a1959c29ca48f310d42c],
PUP.Optional.Delta.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DELTA\DELTA, In Quarantäne, [c700c307e89364d248d536f693717e82],
PUP.Optional.Delta.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DELTA\DELTA\IESTRG, In Quarantäne, [62659733f18a94a2225a87ad20e413ed],
PUP.Optional.BProtector.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, In Quarantäne, [9b2c66642c4f989edff0c36d4abaa25e],
PUP.Optional.MixiDJToolbar.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MIXIDJ\MIXIDJ, In Quarantäne, [f0d720aa354651e55430b17db74dec14],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [765103c7d7a4b77fe9958383ed1601ff],
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, In Quarantäne, [0bbcd1f92b50eb4b0249ca6943c108f8],
PUP.Optional.Wajam.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM, In Quarantäne, [c601b317bcbfc07660956fc154b036ca],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, In Quarantäne, [6364f6d4bbc08fa7bbc340ed31d30ff1],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [e3e4fecc3d3eef479fdefb327292f50b],
PUP.Optional.SProtector.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SProtector, In Quarantäne, [6265cefcd1aa48eede427eb2d0346f91],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [1daa0bbf12690432b73bb190768e9070],
PUP.Optional.Feven.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven 2.5, In Quarantäne, [bf084387a0dbc076d9eccd453bc8c040],
PUP.Optional.Babylon.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, In Quarantäne, [8047ba1042391422641daf7f0ff5e719],
PUP.Optional.FilesFrog.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BI, In Quarantäne, [1cabe5e5037823131605c66d0103f010],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [a324efdbb6c5da5c4539ff07bb48a45c],
PUP.Optional.Somoto.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOMOTO\SDP, In Quarantäne, [2e99705a4932fb3b3a14161c867e13ed],
PUP.Optional.AdvancedSystemProtector.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\Advanced System Protector, In Quarantäne, [03c44a80fb80f14533e6c720ea18e719],
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, In Quarantäne, [1ea95773b6c55adcd675ae85808454ac],
PUP.Optional.SmartBar, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarBackup, In Quarantäne, [a225ab1ff08b46f09152be87af55ee12],
PUP.Optional.SmartBar, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarLog, In Quarantäne, [a32412b8daa191a507db0a3b1de7a55b],
PUP.Optional.SProtector.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SProtector, In Quarantäne, [c502e9e1aecd72c4a27e59d7679d04fc],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [f1d6f0da07747cba4fa35ee3689ceb15],
PUP.Optional.Feven.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven 2.5, In Quarantäne, [586fb317215a241293328c8627dc36ca],
PUP.Optional.Feven.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Feven, In Quarantäne, [f9ce7357afccc96ddbf6e556fc08aa56],
PUP.Optional.Qone8, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [6364903a4239de58291ed564db29ad53],
PUP.Optional.Linkury.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, In Quarantäne, [b71076547b00e254b9832bbe6999d52b],
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, In Quarantäne, [36913c8e81fa181ede6ddc57c14314ec],
PUP.Optional.Costmin, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4A87B975-1796-C3B9-774C-AF9F5D878AC0}, In Quarantäne, [854215b5adceda5c6ce9eef721e30df3],
PUP.Optional.Costmin, HKLM\SOFTWARE\CLASSES\CLSID\{4A87B975-1796-C3B9-774C-AF9F5D878AC0}, In Quarantäne, [854215b5adceda5c6ce9eef721e30df3],
PUP.Optional.Costmin, HKU\S-1-5-21-1789832465-2975819574-3199883490-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4A87B975-1796-C3B9-774C-AF9F5D878AC0}, In Quarantäne, [854215b5adceda5c6ce9eef721e30df3],
PUP.Optional.Costmin, HKU\S-1-5-21-1789832465-2975819574-3199883490-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4A87B975-1796-C3B9-774C-AF9F5D878AC0}, In Quarantäne, [854215b5adceda5c6ce9eef721e30df3],
PUP.Optional.Costmin, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{4A87B975-1796-C3B9-774C-AF9F5D878AC0}, In Quarantäne, [854215b5adceda5c6ce9eef721e30df3],

Registrierungswerte: 21
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK|browser,  ie ff cr, In Quarantäne, [8641dcee4c2f67cf66ca6b9f26dd57a9]
PUM.Bad.Proxy, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8118;https=127.0.0.1:8118, In Quarantäne, [715616b4d3a8c76f5d1a5299f40e9868]
PUM.Bad.Proxy, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8118;https=127.0.0.1:8118, In Quarantäne, [dbec3c8e06754beb46315b9046bc5da3]
PUP.Optional.Delta.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DELTA\DELTA|tlbrSrchUrl, In Quarantäne, [c700c307e89364d248d536f693717e82],
PUP.Optional.Delta.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DELTA\DELTA\IESTRG|tlbrsrchurl, In Quarantäne, [62659733f18a94a2225a87ad20e413ed],
PUP.BProtector, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mntrId=96D250E549D5F581, In Quarantäne, [b5128347007b162029560924de2601ff]
PUP.BProtector, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [a91e4e7caecd8aac47394de012f2ad53]
PUM.Bad.Proxy, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8118;https=127.0.0.1:8118, In Quarantäne, [a3248a40a3d835013740ea01679b7b85]
PUP.Optional.MixiDJToolbar.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MIXIDJ\MIXIDJ|tlbrSrchUrl, In Quarantäne, [f0d720aa354651e55430b17db74dec14],
PUP.Optional.Wajam.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}, C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi, In Quarantäne, [f0d7705ab6c506303eac2cd146bcf907]
PUP.Optional.Wajam.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM|affiliate_id, 5921, In Quarantäne, [c601b317bcbfc07660956fc154b036ca]
PUP.Optional.FilesFrog.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BI|ui_path_filesfrog, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker, In Quarantäne, [1cabe5e5037823131605c66d0103f010]
PUM.Bad.Proxy, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8118;https=127.0.0.1:8118, In Quarantäne, [e4e305c5d9a2cf67680f07e4a45e946c]
PUP.Optional.FilesFrog, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SDP, C:\Users\Schule\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto , In Quarantäne, [01c66f5b7704e84e5325ca77996bbc44]
Trojan.Agent.Gen, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Windows Defender, C:\ProgramData\Windows\System32\Windows Defender\Definition Update\windef.exe, In Quarantäne, [5572eedc9edd300627a37f3c9a693bc5]
PUP.Optional.Somoto.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOMOTO\SDP|affid, network_adworkmedia_1, In Quarantäne, [2e99705a4932fb3b3a14161c867e13ed]
PUM.Bad.Proxy, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8118;https=127.0.0.1:8118, In Quarantäne, [5f68eddda1da76c0fb7c6982c43e23dd]
PUP.Optional.SmartBar.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Browser Infrastructure Helper, C:\Users\Bekir&Botan\AppData\Local\Smartbar\Application\Smartbar.exe startup, In Quarantäne, [be09b1193447ca6cc98b13194aba30d0]
PUP.Optional.NextLive.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NextLive, C:\Windows\SysWOW64\rundll32.exe "C:\Users\Bekir&Botan\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l, In Quarantäne, [d7f0d6f45922e3537f6e7c9ba06305fb]
PUP.Optional.Linkury.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|Publisher, YahooOC, In Quarantäne, [b71076547b00e254b9832bbe6999d52b]
PUM.Bad.Proxy, HKU\S-1-5-21-1789832465-2975819574-3199883490-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8118;https=127.0.0.1:8118, In Quarantäne, [a324c9019fdcd75f2057ac3f2fd333cd]

Registrierungsdaten: 9
PUP.Optional.SnapDo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiHNiYBLXFYk_-w9a654dXDEgIToDQLPUIDYB4w_Aqlr8KCfMtMCDM,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnmyiODzEX4hIHeBL1Zbq1jhO8_n0ss1DSeCUXx51M6srOmpDrKkYTlsO3Uf6OCcr3Ut0xobjnr2QBlhVqGiUdFnhGc5ILdELcvqWDYiHNiYBLXFYk_-w9a654dXDEgIToDQLPUIDYB4w_Aqlr8KCfMtMCDM,&q={searchTerms}),Ersetzt,[be098446740787afae8de0f58e76f40c]
PUP.Optional.StartPage, HKU\S-1-5-21-1789832465-2975819574-3199883490-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mntrId=96D250E549D5F581, Gut: (www.google.com), Schlecht: (hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mntrId=96D250E549D5F581),Ersetzt,[19aedfeb81fa53e301b84e900ff5e020]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c0b4d54d-99ca-aa89-23c5-24b59b538e10&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c0b4d54d-99ca-aa89-23c5-24b59b538e10&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000),Ersetzt,[65627159413a7cba59f7815410f4e020]
PUP.Optional.NationZoom.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.nationzoom.com/?type=hp&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053, Gut: (www.google.com), Schlecht: (hxxp://www.nationzoom.com/?type=hp&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053),Ersetzt,[7f4877533348bb7bbaccf1e435cfbe42]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c0b4d54d-99ca-aa89-23c5-24b59b538e10&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c0b4d54d-99ca-aa89-23c5-24b59b538e10&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000),Ersetzt,[0cbb45855c1fed497dd28c49d52fe31d]
PUP.Optional.NationZoom.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.nationzoom.com/?type=hp&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053, Gut: (www.google.com), Schlecht: (hxxp://www.nationzoom.com/?type=hp&ts=1389996519&from=tugs&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUD11505315053),Ersetzt,[d8eff8d2e19a092dc7be25b0867e24dc]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c0b4d54d-99ca-aa89-23c5-24b59b538e10&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c0b4d54d-99ca-aa89-23c5-24b59b538e10&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000),Ersetzt,[4d7a5872a4d7fa3ca4ae14c1c0446f91]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c0b4d54d-99ca-aa89-23c5-24b59b538e10&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c0b4d54d-99ca-aa89-23c5-24b59b538e10&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000),Ersetzt,[b80f3b8f81fab77f83d08e47ed175ea2]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-1789832465-2975819574-3199883490-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c0b4d54d-99ca-aa89-23c5-24b59b538e10&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=c0b4d54d-99ca-aa89-23c5-24b59b538e10&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=14/01/2014&type=hp1000),Ersetzt,[ddea96343f3c47ef4fff01d430d4ac54]

Ordner: 1
PUP.Optional.SystemUpdate.A, C:\Users\Botan\AppData\Roaming\MRS\SystemUpdatekb70007, In Quarantäne, [349397337704b680ee9d13c162a0f30d],

Dateien: 29
Trojan.Agent.ED, C:\ProgramData\Windows Genuine Advantage\{A3328CE0-5C6A-4199-BC28-D4774DD7888D}\api-ms-win-system-appmgr-l1-1-0.dll, In Quarantäne, [76510dbd314acb6bfc2097170ff20cf4],
PUP.Optional.OpenCandy.A, C:\Users\Botan\AppData\Roaming\ARecEngine\9A7C87FE94704C7ABB31BEE44EB5B5B4\aswdlm_3.exe, In Quarantäne, [d0f7953592e910264680bc6f8180ad53],
PUP.Optional.Koyote.A, C:\Users\Botan\Downloads\FreeFLVConverterSetup_7.6.1.exe, In Quarantäne, [d4f3ba10c7b44aec4e34eb619a67af51],
PUP.Optional.OutBrowse, C:\Users\Botan\Downloads\setup (1).exe, In Quarantäne, [e3e4c505f9825cda7139104d3aca4cb4],
PUP.Optional.OpenCandy, C:\Users\Botan\Downloads\DAEMONToolsUltra230-0254.exe, In Quarantäne, [329500ca7dfe68ce5e1005fffc0925db],
PUP.Optional.OneClickDownloader.A, C:\Users\Botan\Downloads\Kasinova_Tha_Don_-_Heart_Of_A_Hustler_(2009).exe, In Quarantäne, [6166408a4932171f80ffa07e5ba620e0],
PUP.Optional.OutBrowse, C:\Users\Botan\Downloads\Pokemon XandY emulator.zip, In Quarantäne, [ddeab41680fbfd39919866b8748c2fd1],
PUP.Optional.Somoto, C:\Users\Schule\Downloads\VLCMediaPlayerSetup-2hyp0Jm.exe, In Quarantäne, [c205ca00403b3ff7ced8828152b330d0],
PUP.Optional.InstallCore, C:\Users\Schule\Downloads\BitlordSetup.exe, In Quarantäne, [2c9b3793ccaf82b41ae005132ed3f60a],
PUP.Optional.Somoto, C:\Users\Schule\Downloads\OnlineWeatherSetup-c7eQdcg.exe, In Quarantäne, [e6e1f5d526558da95c4a8281f2132dd3],
PUP.Optional.Somoto.A, C:\Users\Schule\Downloads\MicrosoftWindowsXPProfessional64BitEditionByBluewater_downloader_by_PirateBayMirror.exe, In Quarantäne, [5176c901f98258de1c1e2513956b44bc],
PUP.Optional.Topmedia, C:\Users\Schule\Downloads\Windows_Xp_Professional_Service_Pack_2_ISO_secure.exe, In Quarantäne, [cef97c4ea7d4f541a789f1a508fcfe02],
PUP.Optional.InstallCore, C:\Users\Schule\Downloads\setup.exe, In Quarantäne, [586f428877046fc73facd939cf32c040],
PUP.Optional.Softonic, C:\Users\Schule\Downloads\SoftonicDownloader_fuer_skypelogview.exe, In Quarantäne, [695e6169aecd63d35bd0868b39c8a25e],
PUP.Optional.SnapDo.A, C:\Windows\Installer\1097769.msi, In Quarantäne, [d4f3705a9be0b5816cb93a56bc4545bb],
PUP.Optional.SnapDo.A, C:\Windows\Installer\539dca.msi, In Quarantäne, [d0f709c1136888ae35f0414fea17669a],
PUP.Optional.SystemUpdate.A, C:\Users\Botan\AppData\Local\MRS\svcsystem.exe, In Quarantäne, [4f781dade19a8aacbd02fbfcc240d62a],
PUP.Optional.Ciuvo.A, C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_api.ciuvo.com_0.localstorage, In Quarantäne, [f9ceae1c2b50d85e155135c354ae6997],
PUP.Optional.Ciuvo.A, C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_api.ciuvo.com_0.localstorage-journal, In Quarantäne, [2d9a18b2a0db0d2993d381771fe3d62a],
PUP.Optional.LiveLyrics.A, C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage, In Quarantäne, [f7d07f4b5724ba7c0956f609d929f10f],
PUP.Optional.LiveLyrics.A, C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage-journal, In Quarantäne, [be0951799dde85b1ea751be4e41e6799],
PUP.Optional.MySearchDial.A, C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iagcajndpnfncplednpbnkahadegklfa_0.localstorage, In Quarantäne, [5770597173084de91a5ea95de91a42be],
PUP.Optional.SystemUpdate.A, C:\Users\Botan\AppData\Roaming\MRS\SystemUpdatekb70007\BaseLibrary.dll, In Quarantäne, [349397337704b680ee9d13c162a0f30d],
PUP.Optional.SystemUpdate.A, C:\Users\Botan\AppData\Roaming\MRS\SystemUpdatekb70007\ConfigurationData.dll, In Quarantäne, [349397337704b680ee9d13c162a0f30d],
PUP.Optional.SystemUpdate.A, C:\Users\Botan\AppData\Roaming\MRS\SystemUpdatekb70007\Installer.dll, In Quarantäne, [349397337704b680ee9d13c162a0f30d],
PUP.Optional.SystemUpdate.A, C:\Users\Botan\AppData\Roaming\MRS\SystemUpdatekb70007\InstallerLibrary.dll, In Quarantäne, [349397337704b680ee9d13c162a0f30d],
PUP.Optional.SystemUpdate.A, C:\Users\Botan\AppData\Roaming\MRS\SystemUpdatekb70007\Newtonsoft.Json.dll, In Quarantäne, [349397337704b680ee9d13c162a0f30d],
PUP.Optional.SystemUpdate.A, C:\Users\Botan\AppData\Roaming\MRS\SystemUpdatekb70007\win32.reg, In Quarantäne, [349397337704b680ee9d13c162a0f30d],
PUP.Optional.SystemUpdate.A, C:\Users\Botan\AppData\Roaming\MRS\SystemUpdatekb70007\WindowsUpdater.exe, In Quarantäne, [349397337704b680ee9d13c162a0f30d],

Physische Sektoren: 0
(No malicious items detected)


(end)
JRT.txt
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Botan on 25.08.2014 at 19:24:09,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\drivergenius"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver genius"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Botan\AppData\Roaming\mozilla\firefox\profiles\fo16hqsi.default-1397469719534\extensions\toolbar@web.de
Emptied folder: C:\Users\Botan\AppData\Roaming\mozilla\firefox\profiles\fo16hqsi.default-1397469719534\minidumps [31 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.08.2014 at 19:35:15,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Botan on 25.08.2014 at 19:24:09,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\drivergenius"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver genius"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Botan\AppData\Roaming\mozilla\firefox\profiles\fo16hqsi.default-1397469719534\extensions\toolbar@web.de
Emptied folder: C:\Users\Botan\AppData\Roaming\mozilla\firefox\profiles\fo16hqsi.default-1397469719534\minidumps [31 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.08.2014 at 19:35:15,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 01
Ran by Botan at 2014-08-25 19:37:53
Running from C:\Users\Botan\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.11 - GIGABYTE)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{13351E83-6DCD-4E97-2A8C-5D496259A47F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0830.1944.33589 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.80830.1925 - Advanced Micro Devices, Inc.) Hidden
Any Video Converter 5.6.3 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avast License by ZeNiX [2012-06-29] (HKLM-x32\...\Avast_2050_ZeNiX [2012-06-29]_is1) (Version:  - )
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
China Localization Patcher (HKLM-x32\...\{7000FFAF-A527-457E-9D0F-933F66E9668E}) (Version: 1.7.1.0 - LokiReborn)
Cisco EAP-FAST Module (HKLM-x32\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Cross Fire En (HKLM-x32\...\Cross Fire_is1) (Version:  - Z8Games.com)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.3.0.0254 - Disc Soft Ltd)
DC Universe Online (HKCU\...\SOE-DC Universe Online) (Version: 1.0.3.183 - Sony Online Entertainment)
Dr. Hardware 2013 13.0d (HKLM-x32\...\Dr. Hardware 2013_is1) (Version:  - Peter A. Gebhard)
DriverEasy 4.7.1.19920 (HKLM\...\DriverEasy_is1) (Version: 4.7.1.19920 - Easeware)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
Easy Tune 6 B11.0427.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.0427.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Video to MP3 Converter version 5.0.23.320 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
High-Definition Video Playback (x32 Version: 7.1.13900.47.0 - Nero AG) Hidden
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Kingdoms of Amalur™ Reckoning DELUXE EDITION (HKLM-x32\...\Kingdoms of Amalur™ Reckoning DELUXE EDITION_is1) (Version: 1.0.0.2 - QfG)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LevelOne WUA-0605 Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0113 - LevelOne)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mass Effect Deluxe Edition (HKLM-x32\...\{A5C7818C-27AC-4A71-BEDF-BA5652D2CC36}_is1) (Version: v1.02 - The Most Electrifying Man)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
mHotspot version 6.4.0.0 (HKLM-x32\...\{beeb7906-9268-4520-8850-8d8af9b1c7c8}_is1) (Version: 6.4.0.0 - mHotspot, Inc.)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 17.0.5 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.5 (x86 de)) (Version: 17.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version:  - CyberConnect 2)
Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted_is1) (Version:  - )
Nero 10 Movie ThemePack 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.2.10000.11.0 - Nero AG)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10000.0.0 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG)
Nero Control Center 10 (x32 Version: 10.2.11900.1.9 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.18400.9.0 - Nero AG) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11900.20.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}) (Version: 10.5.10400 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.071 - Deutsche Telekom AG)
Netzmanager (Version: 1.071 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Opera Stable 20.0.1387.82 (HKLM-x32\...\Opera 20.0.1387.82) (Version: 20.0.1387.82 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RIFT (HKCU\...\RIFT) (Version:  - Trion Worlds, Inc.)
Rise of Incarnates (HKLM-x32\...\Steam App 258160) (Version:  - )
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version:  - )
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.5.201304180917 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.155 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.155 - Sony)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Spotydl 0.9.36.0 (HKLM-x32\...\Spotydl_is1) (Version: 0.9.36.0 - spotydl.com)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
Thread Manager 2.4.0.0 (HKLM-x32\...\{78F4E027-355C-45C0-90DC-F89DFC618761}_is1) (Version: 2.4.0.0 - Digital Generation)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1D53FB73-9826-4541-B2E0-A239C6EBA718}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{34726474-50D6-49FC-B8AC-35411459D27A}) (Version:  - Microsoft)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xara 3D Maker 7 (HKLM-x32\...\MAGIX_{19B9DAD6-5E6E-4B80-8EFE-314B5638D6D4}) (Version: 7.0.0.442 - Xara Group Ltd)
Xara 3D Maker 7 (Version: 7.0.0.442 - Xara Group Ltd) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1789832465-2975819574-3199883490-1007_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Botan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1789832465-2975819574-3199883490-1007_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1789832465-2975819574-3199883490-1007_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1789832465-2975819574-3199883490-1007_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1789832465-2975819574-3199883490-1007_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1789832465-2975819574-3199883490-1007_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1789832465-2975819574-3199883490-1007_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1789832465-2975819574-3199883490-1007_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1789832465-2975819574-3199883490-1007_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

14-08-2014 21:00:08 Windows Update
15-08-2014 01:00:11 Windows Update
19-08-2014 07:14:05 Windows Update
20-08-2014 08:40:29 Windows Update
24-08-2014 13:40:02 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-08-24 16:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {037DF9E7-FADB-45C4-B37F-AB10B1FD36D1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {248AD0D2-7E7E-4D32-81AB-FA015E15B550} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {288B306F-32A8-4549-A947-48EB6FED05CD} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2014-05-29] (Easeware)
Task: {349B0F97-B431-456B-B666-EB392A49DA97} - System32\Tasks\{EB1A13EA-FB01-4D59-99CA-D755078280C9} => Firefox.exe
Task: {358D2FBC-F05A-4FC4-AE91-FC65E464D2C0} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {47BE5527-7413-4007-8AE1-58D880ABDC6C} - System32\Tasks\{71648FD7-4FA0-49B9-8947-65FE8AC42285} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?page=tsProgressBar
Task: {4D706DDF-EC04-4E4E-BA67-1F48DEAD41DF} - System32\Tasks\{7636DB98-A8B0-4C6C-B62E-77A875639331} => Firefox.exe
Task: {9503C1BF-E2EA-4760-BD4F-F7647B362EEA} - System32\Tasks\{BE28D158-551B-4294-9100-DA3EFCA27DD3} => Firefox.exe
Task: {982FADA8-D5E4-464E-9591-CB24ED9A8085} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-22] (AVAST Software)
Task: {B463C9EE-9821-4903-8D31-3266E2131E4A} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMPMNJLMMJMMKMLJJJCNOMKMJJKMCNLMIMNJHMCNGMOMOMJMCNLMLJNJHMPMNMOJIMJJHMKMOMJNJICMIMCNGMCNPMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMPMCNNMJNPICMPMFMFMNMHMHMJNHICMEKMICNJJCKJNBJCMNLAJLIOJBJJNKJCMJNNICMJNDJCMLJKJ"
Task: {C9235D0C-6F53-4B69-AC9C-53FC28D920D7} - System32\Tasks\{3AD24F87-9E1D-4000-88A5-34C6683E7650} => Firefox.exe hxxp://ui.skype.com/ui/0/6.10.59.104/de/abandoninstall?page=tsProgressBar
Task: {C9B8C181-8DAF-4D2C-8348-E98858C7AFC3} - System32\Tasks\{AA3F5CC6-8BEB-4F7D-816A-AB8F6E018898} => C:\Riot Games\League of Legends\lol.launcher.exe [2013-06-12] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

==================== Loaded Modules (whitelisted) =============

2013-08-30 19:47 - 2013-08-30 19:47 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 14:41 - 2012-10-22 14:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 14:42 - 2012-10-22 14:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-08-30 19:47 - 2013-08-30 19:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-06-01 16:12 - 2013-06-01 16:12 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-06-01 16:12 - 2013-06-01 16:12 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2013-08-30 19:47 - 2013-08-30 19:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-08-25 11:55 - 2014-08-25 11:55 - 02801152 _____ () C:\Program Files\AVAST Software\Avast\defs\14082500\algo.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-23 14:26 - 2010-03-23 14:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2013-03-26 00:02 - 2009-12-09 15:20 - 00126976 ____R () C:\Program Files (x86)\LevelOne\WUA-0605\EnumDevLib.dll
2014-08-25 19:21 - 2014-08-25 19:21 - 00043008 _____ () c:\users\botan\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprqzlto.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Botan\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-22 17:20 - 2014-06-22 17:20 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-24 00:00 - 2014-07-17 07:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-09 13:01 - 2014-07-09 13:01 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-08-24 16:00:48.052
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-24 16:00:48.002
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD FX(tm)-6100 Six-Core Processor
Percentage of memory in use: 51%
Total physical RAM: 4093.55 MB
Available physical RAM: 1994.03 MB
Total Pagefile: 8185.25 MB
Available Pagefile: 5722.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:127.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6312B514)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B 26.08.2014 11:19
Servus,



die neue FRST.txt fehlt noch. :)

PeterZwegat 26.08.2014 12:25

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 01
Ran by Botan (administrator) on XEBAT-PC on 25-08-2014 19:36:19
Running from C:\Users\Botan\Downloads
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Realtek) C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\LevelOne\WUA-0605\RtWLan.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Botan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-14] (AVAST Software)
HKU\S-1-5-21-1789832465-2975819574-3199883490-1007\...\Run: [Spotify Web Helper] => C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-07-09] (Spotify Ltd)
HKU\S-1-5-21-1789832465-2975819574-3199883490-1007\...\Run: [uTorrent] => C:\Users\Botan\AppData\Roaming\uTorrent\updates\3.4.2_32126.exe [1322832 2014-07-03] (BitTorrent Inc.)
HKU\S-1-5-21-1789832465-2975819574-3199883490-1007\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3198224 2014-04-28] (Disc Soft Ltd)
Startup: C:\Users\Bekir&Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
Startup: C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Botan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Botan\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-CN
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=102&itype=n&ver=13001&tm=401&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=102&itype=n&ver=13001&tm=401&src=ds&p={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=102&itype=n&ver=13001&tm=401&src=ds&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Botan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ImTranslator - C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-08-23]
FF Extension: Adblock Plus - C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-22]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: default-search.net
CHR DefaultSearchURL: hxxp://www.default-search.net/search?sid=503&aid=102&itype=n&ver=13001&tm=401&src=ds&p={searchTerms}
CHR DefaultSuggestURL:
CHR Extension: (Google Wallet) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-15]
CHR Extension: (Grooveshark Downloader) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooblpjoncpjmbncgocjlnannofkjjhnp [2014-04-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-22] (AVAST Software)
R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [813328 2014-04-28] (Disc Soft Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-06-01] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2013-06-01] ()
R2 Realtek11nSU; C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe [45056 2010-01-21] (Realtek) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AODDriver; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-22] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [14760 2011-12-06] ()
R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [14760 2011-12-06] ()
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2014-06-05] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-26] (DT Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-05-04] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 dgztwemx; \??\C:\Windows\system32\drivers\dgztwemx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 opuaoowl; \??\C:\Windows\system32\drivers\opuaoowl.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 19:35 - 2014-08-25 19:35 - 00001077 _____ () C:\Users\Botan\Desktop\JRT.txt
2014-08-25 19:23 - 2014-08-25 19:23 - 01016261 _____ (Thisisu) C:\Users\Botan\Downloads\JRT.exe
2014-08-25 19:23 - 2014-08-25 19:23 - 00028317 _____ () C:\Users\Botan\Desktop\mbam.txt
2014-08-25 18:56 - 2014-08-25 19:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 18:56 - 2014-08-25 18:56 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-25 18:56 - 2014-08-25 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-25 18:56 - 2014-08-25 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-25 18:56 - 2014-08-25 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-25 18:56 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-25 18:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-25 18:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-25 18:49 - 2014-08-25 18:49 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Botan\Downloads\mbam-clean-2.1.1.1001.exe
2014-08-25 18:44 - 2014-08-25 18:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Botan\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-25 18:26 - 2014-08-25 18:26 - 01364531 _____ () C:\Users\Botan\Downloads\adwcleaner_3.308.exe
2014-08-24 23:06 - 2012-03-04 06:30 - 00000000 ____D () C:\Users\Botan\Desktop\Tupac - Tupac Duets (DatPiff.com)
2014-08-24 23:05 - 2014-08-24 23:06 - 104817523 _____ () C:\Users\Botan\Downloads\Tupac_Duets-(DatPiff.com).zip
2014-08-24 19:25 - 2014-08-25 19:21 - 00000000 ___RD () C:\Users\Botan\Dropbox
2014-08-24 19:25 - 2014-08-24 19:25 - 00001039 _____ () C:\Users\Botan\Desktop\Dropbox.lnk
2014-08-24 19:23 - 2014-08-24 19:23 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-24 19:16 - 2014-08-24 19:17 - 00323600 _____ (Dropbox, Inc.) C:\Users\Botan\Downloads\DropboxInstaller.exe
2014-08-24 16:20 - 2014-08-24 17:10 - 152411013 _____ () C:\Users\Botan\Downloads\N-C_PE.rar
2014-08-24 16:12 - 2014-08-24 16:12 - 00025562 _____ () C:\ComboFix.txt
2014-08-24 15:39 - 2014-08-24 16:12 - 00000000 ____D () C:\Qoobox
2014-08-24 15:39 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-24 15:39 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-24 15:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-24 15:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-24 15:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-24 15:39 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-24 15:39 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-24 15:39 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-24 15:37 - 2014-08-24 16:10 - 00000000 ____D () C:\Windows\erdnt
2014-08-24 15:36 - 2014-08-24 15:36 - 05572212 ____R (Swearware) C:\Users\Botan\Desktop\ComboFix.exe
2014-08-24 13:24 - 2014-08-24 13:25 - 00040870 _____ () C:\Users\Botan\Downloads\Addition.txt
2014-08-24 13:23 - 2014-08-25 19:37 - 00018644 _____ () C:\Users\Botan\Downloads\FRST.txt
2014-08-24 13:22 - 2014-08-25 19:36 - 00000000 ____D () C:\FRST
2014-08-24 13:21 - 2014-08-24 13:21 - 02103296 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe
2014-08-24 01:11 - 2014-08-24 01:11 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-24 00:03 - 2014-08-24 00:03 - 00244408 _____ () C:\Users\Botan\Downloads\Firefox Setup Stub 31.0 (1).exe
2014-08-23 23:59 - 2014-08-23 23:59 - 00244408 _____ () C:\Users\Botan\Downloads\Firefox Setup Stub 31.0.exe
2014-08-23 23:54 - 2014-08-23 23:54 - 32047680 _____ () C:\Users\Botan\Downloads\Firefox_Setup_de31.0.exe
2014-08-23 23:43 - 2014-08-23 23:43 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-23 23:43 - 2014-08-23 23:43 - 00000000 ____D () C:\ProgramData\EzispAbafe
2014-08-22 23:13 - 2014-06-19 07:53 - 00000000 ____D () C:\Users\Botan\Desktop\Breaking Point LP
2014-08-22 18:30 - 2014-08-22 19:10 - 171742722 _____ () C:\Users\Botan\Downloads\Breaking Point LP.rar
2014-08-21 16:46 - 2012-01-01 07:27 - 00000000 ____D () C:\Users\Botan\Desktop\2Pac Drake J Cole Mopreme Shakur Sade Notori (DatPiff.com)
2014-08-21 15:27 - 2014-08-21 15:29 - 143094349 _____ () C:\Users\Botan\Downloads\2pac_-_2012-(DatPiff.com).zip
2014-08-21 15:23 - 2012-03-04 12:23 - 00000000 ____D () C:\Users\Botan\Desktop\Eminem - POMATIC presents Eminem Mash Hitz LP 200 (DatPiff.com)
2014-08-21 15:15 - 2014-08-21 15:17 - 129641900 _____ () C:\Users\Botan\Downloads\POMATIC_presents_Eminem_Mash_Hitz_LP_2009-(DatPiff.com).zip
2014-08-21 13:32 - 2014-08-18 11:25 - 00000000 ____D () C:\Users\Botan\Desktop\Eminem & Jay-Z - Renegades (2010)
2014-08-21 11:38 - 2014-08-21 12:44 - 201999846 _____ () C:\Users\Botan\Downloads\Eminem & Jay-Z - Renegades (2010).rar
2014-08-20 13:05 - 2014-08-20 13:05 - 00000091 _____ () C:\Users\Botan\Desktop\Flash.txt
2014-08-19 09:16 - 2014-08-19 09:16 - 00000000 ____D () C:\5b842a6c0c5b343bb402adf5
2014-08-15 23:59 - 2014-08-23 23:43 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-08-15 11:11 - 2014-08-15 11:11 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\roi
2014-08-15 00:18 - 2014-08-24 01:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 19:37 - 2014-08-24 13:23 - 00018644 _____ () C:\Users\Botan\Downloads\FRST.txt
2014-08-25 19:36 - 2014-08-24 13:22 - 00000000 ____D () C:\FRST
2014-08-25 19:35 - 2014-08-25 19:35 - 00001077 _____ () C:\Users\Botan\Desktop\JRT.txt
2014-08-25 19:25 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-25 19:25 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-25 19:23 - 2014-08-25 19:23 - 01016261 _____ (Thisisu) C:\Users\Botan\Downloads\JRT.exe
2014-08-25 19:23 - 2014-08-25 19:23 - 00028317 _____ () C:\Users\Botan\Desktop\mbam.txt
2014-08-25 19:23 - 2013-03-25 23:44 - 01493260 _____ () C:\Windows\WindowsUpdate.log
2014-08-25 19:21 - 2014-08-24 19:25 - 00000000 ___RD () C:\Users\Botan\Dropbox
2014-08-25 19:21 - 2014-06-22 17:21 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-25 19:21 - 2014-06-05 17:05 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\uTorrent
2014-08-25 19:21 - 2014-04-15 22:53 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Dropbox
2014-08-25 19:20 - 2014-08-25 18:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 19:18 - 2013-03-26 00:21 - 01667476 _____ () C:\Windows\PFRO.log
2014-08-25 19:18 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-25 19:18 - 2009-07-14 06:51 - 00104451 _____ () C:\Windows\setupact.log
2014-08-25 19:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-08-25 19:15 - 2014-06-05 17:06 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\MRS
2014-08-25 19:15 - 2014-06-05 17:06 - 00000000 ____D () C:\Users\Botan\AppData\Local\MRS
2014-08-25 19:01 - 2013-03-26 00:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-25 18:56 - 2014-08-25 18:56 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-25 18:56 - 2014-08-25 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-25 18:56 - 2014-08-25 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-25 18:56 - 2014-08-25 18:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-25 18:49 - 2014-08-25 18:49 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Botan\Downloads\mbam-clean-2.1.1.1001.exe
2014-08-25 18:44 - 2014-08-25 18:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Botan\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-25 18:34 - 2014-07-07 10:24 - 00000000 ____D () C:\ProgramData\systemk
2014-08-25 18:32 - 2014-06-09 13:36 - 00000000 ____D () C:\AdwCleaner
2014-08-25 18:27 - 2014-01-17 21:43 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Skype
2014-08-25 18:26 - 2014-08-25 18:26 - 01364531 _____ () C:\Users\Botan\Downloads\adwcleaner_3.308.exe
2014-08-24 23:06 - 2014-08-24 23:05 - 104817523 _____ () C:\Users\Botan\Downloads\Tupac_Duets-(DatPiff.com).zip
2014-08-24 19:25 - 2014-08-24 19:25 - 00001039 _____ () C:\Users\Botan\Desktop\Dropbox.lnk
2014-08-24 19:25 - 2014-01-07 17:28 - 00000000 ____D () C:\Users\Botan
2014-08-24 19:23 - 2014-08-24 19:23 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-24 19:17 - 2014-08-24 19:16 - 00323600 _____ (Dropbox, Inc.) C:\Users\Botan\Downloads\DropboxInstaller.exe
2014-08-24 17:10 - 2014-08-24 16:20 - 152411013 _____ () C:\Users\Botan\Downloads\N-C_PE.rar
2014-08-24 16:12 - 2014-08-24 16:12 - 00025562 _____ () C:\ComboFix.txt
2014-08-24 16:12 - 2014-08-24 15:39 - 00000000 ____D () C:\Qoobox
2014-08-24 16:12 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-08-24 16:10 - 2014-08-24 15:37 - 00000000 ____D () C:\Windows\erdnt
2014-08-24 16:05 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-24 16:03 - 2009-07-14 04:34 - 69992448 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-24 16:03 - 2009-07-14 04:34 - 24903680 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-24 16:03 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-24 16:03 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-24 16:03 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-24 15:36 - 2014-08-24 15:36 - 05572212 ____R (Swearware) C:\Users\Botan\Desktop\ComboFix.exe
2014-08-24 13:25 - 2014-08-24 13:24 - 00040870 _____ () C:\Users\Botan\Downloads\Addition.txt
2014-08-24 13:21 - 2014-08-24 13:21 - 02103296 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe
2014-08-24 10:39 - 2013-03-26 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-24 01:11 - 2014-08-24 01:11 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-24 01:11 - 2014-08-15 00:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-24 00:03 - 2014-08-24 00:03 - 00244408 _____ () C:\Users\Botan\Downloads\Firefox Setup Stub 31.0 (1).exe
2014-08-23 23:59 - 2014-08-23 23:59 - 00244408 _____ () C:\Users\Botan\Downloads\Firefox Setup Stub 31.0.exe
2014-08-23 23:57 - 2014-06-09 13:48 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-23 23:54 - 2014-08-23 23:54 - 32047680 _____ () C:\Users\Botan\Downloads\Firefox_Setup_de31.0.exe
2014-08-23 23:43 - 2014-08-23 23:43 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-23 23:43 - 2014-08-23 23:43 - 00000000 ____D () C:\ProgramData\EzispAbafe
2014-08-23 23:43 - 2014-08-15 23:59 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-08-22 19:10 - 2014-08-22 18:30 - 171742722 _____ () C:\Users\Botan\Downloads\Breaking Point LP.rar
2014-08-21 15:29 - 2014-08-21 15:27 - 143094349 _____ () C:\Users\Botan\Downloads\2pac_-_2012-(DatPiff.com).zip
2014-08-21 15:17 - 2014-08-21 15:15 - 129641900 _____ () C:\Users\Botan\Downloads\POMATIC_presents_Eminem_Mash_Hitz_LP_2009-(DatPiff.com).zip
2014-08-21 12:44 - 2014-08-21 11:38 - 201999846 _____ () C:\Users\Botan\Downloads\Eminem & Jay-Z - Renegades (2010).rar
2014-08-20 13:05 - 2014-08-20 13:05 - 00000091 _____ () C:\Users\Botan\Desktop\Flash.txt
2014-08-19 09:16 - 2014-08-19 09:16 - 00000000 ____D () C:\5b842a6c0c5b343bb402adf5
2014-08-18 11:25 - 2014-08-21 13:32 - 00000000 ____D () C:\Users\Botan\Desktop\Eminem & Jay-Z - Renegades (2010)
2014-08-15 11:11 - 2014-08-15 11:11 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\roi
2014-08-15 03:10 - 2013-09-07 18:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 03:00 - 2009-10-14 07:12 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-05 09:20 - 2009-10-14 07:13 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Botan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprqzlto.dll
C:\Users\Botan\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-22 23:03

==================== End Of Log ============================
--- --- ---

M-K-D-B 26.08.2014 18:13
Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=102&itype=n&ver=13001&tm=401&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=102&itype=n&ver=13001&tm=401&src=ds&p={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=102&itype=n&ver=13001&tm=401&src=ds&p={searchTerms}
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 0
CHR HomePage:
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: default-search.net
CHR DefaultSearchURL: hxxp://www.default-search.net/search?sid=503&aid=102&itype=n&ver=13001&tm=401&src=ds&p={searchTerms}
CHR DefaultSuggestURL:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S1 dgztwemx; \??\C:\Windows\system32\drivers\dgztwemx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 opuaoowl; \??\C:\Windows\system32\drivers\opuaoowl.sys [X]
C:\ProgramData\EzispAbafe
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
C:\ProgramData\Windows Genuine Advantage
Task: {4D706DDF-EC04-4E4E-BA67-1F48DEAD41DF} - System32\Tasks\{7636DB98-A8B0-4C6C-B62E-77A875639331} => Firefox.exe
Task: {9503C1BF-E2EA-4760-BD4F-F7647B362EEA} - System32\Tasks\{BE28D158-551B-4294-9100-DA3EFCA27DD3} => Firefox.exe
Task: {349B0F97-B431-456B-B666-EB392A49DA97} - System32\Tasks\{EB1A13EA-FB01-4D59-99CA-D755078280C9} => Firefox.exe
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    iedefaults;
    resetIEproxy;
    FFdefaults;
    CHRdefaults;
    emptyclsid;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).





Schritt 3
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von Zoek,
  • die beiden neuen Logdateien von FRST.

M-K-D-B 31.08.2014 09:35
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:07 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131