Fastsearchings.info und vermutlich weitere Viren

stehmi · 10.07.2014, 15:28

Hallo,

seit heute morgen öffnet sich Google Chrome mit der Startseite hxxp://websearch.fastsearchings.info/, wie ich festgestellt habe wohl ein Virus.
Habe zunächst mit Malwarebytes Anti-Malware einen Scan gestartet, wobei noch einige weitere infizierte Objekte ausgemacht wurden (insgesamt etwa 70), diese habe ich dann allesamt in Quarantäne verschoben.

Habe mich nun hier registriert da ich via Google auf folgende Anleitung gestoßen bin.

http://www.trojaner-board.de/155937-...entfernen.html

Jedoch finde ich schon beim entfernen aus dem Chrome-Browser in den Erweiterungen keinen Hinweis auf den Fastsearchings Virus. Würde mich freuen wenn sich jemand findet der mir dabei hilft das ganze wieder hinzubiegen. Danke schon mal im voraus

Mfg stehmi

Logfile Malwarebytes Anti-Malware-Scan

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 10.07.2014
Scan Time: 14:47:42
Logfile: malware.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.10.03
Rootkit Database: v2014.07.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Lars Stehmann

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 374343
Time Elapsed: 1 hr, 0 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.Booster.A, C:\ProgramData\Trusted Publisher\SW-Booster\SW-BOOSTER.EXE, 2416, , [21ba108db5c6e254fe749db0887aad53]

Modules: 4
Trojan.SProtector, C:\Program Files (x86)\SW-Booster\ASSISTANTSVC.DLL, , [33a8c1dced8e0333dd8d21408e73d729], 
Trojan.SProtector, C:\Program Files (x86)\SW-Booster\ASSISTANT.DLL, , [5685227b7605c0762049075a51b004fc], 
PUP.Optional.Booster.A, C:\Program Files (x86)\SW-Booster\ASSISTANT.DLL, , [0ad1c0dde19a5cda61d1f4c1bc462cd4], 
PUP.Optional.Booster.A, C:\Program Files (x86)\SW-Booster\ASSISTANTSVC.DLL, , [0ad1c0dde19a5cda61d1f4c1bc462cd4], 

Registry Keys: 40
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\S-792098896, , [21ba108db5c6e254fe749db0887aad53], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{36E7F0A1-A669-E437-521C-E66AD58826F6}, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{36E7F0A1-A669-E437-521C-E66AD58826F6}, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{36E7F0A1-A669-E437-521C-E66AD58826F6}, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\priCiechopi.priCiechopi, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\priCiechopi.priCiechopi.3.9, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\priCiechopi.priCiechopi, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\priCiechopi.priCiechopi.3.9, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{36E7F0A1-A669-E437-521C-E66AD58826F6}, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{36E7F0A1-A669-E437-521C-E66AD58826F6}, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{36E7F0A1-A669-E437-521C-E66AD58826F6}, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{36E7F0A1-A669-E437-521C-E66AD58826F6}\INPROCSERVER32, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{F83F9AD9-94C7-6570-453A-2D4399288917}, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F83F9AD9-94C7-6570-453A-2D4399288917}, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F83F9AD9-94C7-6570-453A-2D4399288917}, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\MySearch.MySearch, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\MySearch.MySearch.2.1, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MySearch.MySearch, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MySearch.MySearch.2.1, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83F9AD9-94C7-6570-453A-2D4399288917}, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{F83F9AD9-94C7-6570-453A-2D4399288917}, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{F83F9AD9-94C7-6570-453A-2D4399288917}, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{F83F9AD9-94C7-6570-453A-2D4399288917}\INPROCSERVER32, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{79070FE0-8153-AD92-33F0-DF93A67D5B05}, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{79070FE0-8153-AD92-33F0-DF93A67D5B05}, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{79070FE0-8153-AD92-33F0-DF93A67D5B05}, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\Adblocker.Adblocker, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\Adblocker.Adblocker.1.0, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Adblocker.Adblocker, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Adblocker.Adblocker.1.0, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{79070FE0-8153-AD92-33F0-DF93A67D5B05}, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{79070FE0-8153-AD92-33F0-DF93A67D5B05}, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{79070FE0-8153-AD92-33F0-DF93A67D5B05}, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{79070FE0-8153-AD92-33F0-DF93A67D5B05}\INPROCSERVER32, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, , [da016c3192e92610a3c42c6cb74a8779], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}, , [5b80336a5e1df1455e09c8d04eb3e818], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}, , [19c21c81b3c87fb75512ff9912ef9b65], 
PUP.Optional.SWBooster.A, HKLM\SOFTWARE\WOW6432NODE\SW-Booster, , [6e6d4558295242f45c3889334bb7b749], 
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}, , [8a51554857244ee82b1e1b9e45bd32ce], 
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-2565124892-2511412510-2458214724-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [9c3f3766f38878bec786847e31d33fc1], 

Registry Values: 1
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-2565124892-2511412510-2458214724-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [4695336a057693a32b2314ee49bbac54]

Registry Data: 2
PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://websearch.fastsearchings.info/?pid=2832&r=2014/07/10&hid=2824197954457125309&lg=EN&cc=DE&unqvl=56, Good: (www.google.com), Bad: (hxxp://websearch.fastsearchings.info/?pid=2832&r=2014/07/10&hid=2824197954457125309&lg=EN&cc=DE&unqvl=56),,[b724a7f6ccafd066992f454bf2123ec2]
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-2565124892-2511412510-2458214724-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://websearch.fastsearchings.info/?pid=2832&r=2014/07/10&hid=2824197954457125309&lg=EN&cc=DE&unqvl=56, Good: (www.google.com), Bad: (hxxp://websearch.fastsearchings.info/?pid=2832&r=2014/07/10&hid=2824197954457125309&lg=EN&cc=DE&unqvl=56),,[805b7e1f097296a0f3d4632d19eb827e]

Folders: 3
PUP.Optional.Booster.A, C:\PROGRAMDATA\TRUSTED PUBLISHER\SW-BOOSTER, , [2bb0e5b881fa8aac155bf2c2ba48e51b], 
PUP.Optional.Booster.A, C:\PROGRAMDATA\TRUSTED PUBLISHER\SW-BOOSTER\792098896, , [2bb0e5b881fa8aac155bf2c2ba48e51b], 
PUP.Optional.Booster.A, C:\PROGRAM FILES (X86)\SW-BOOSTER, , [0ad1c0dde19a5cda61d1f4c1bc462cd4], 

Files: 28
Trojan.SProtector, C:\Program Files (x86)\SW-Booster\ASSISTANTSVC.DLL, , [33a8c1dced8e0333dd8d21408e73d729], 
Trojan.SProtector, C:\Program Files (x86)\SW-Booster\ASSISTANT.DLL, , [5685227b7605c0762049075a51b004fc], 
PUP.Optional.Booster.A, C:\ProgramData\Trusted Publisher\SW-Booster\SW-BOOSTER.EXE, , [21ba108db5c6e254fe749db0887aad53], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\priCechhoP\YHS.X64.DLL, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\priCechhoP\YHs.dll, , [508b9508f38853e34fcab1a0b74ab050], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\MySearch\T.X64.DLL, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\MySearch\T.dll, , [8d4e782592e9b185c5549db4f70acf31], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\Adblocker\F.X64.DLL, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\Adblocker\F.dll, , [8556326b92e91d191207fa5728d941bf], 
PUP.Optional.MultiPlug, C:\ProgramData\Adblocker\ej.exe, , [da016c3192e92610a3c42c6cb74a8779], 
PUP.Optional.MultiPlug, C:\ProgramData\MySearch\xh.exe, , [5b80336a5e1df1455e09c8d04eb3e818], 
PUP.Optional.MultiPlug, C:\ProgramData\priCechhoP\s8ss.exe, , [19c21c81b3c87fb75512ff9912ef9b65], 
PUP.Optional.OptimumInstaller.A, C:\$Recycle.Bin\S-1-5-21-2565124892-2511412510-2458214724-1004\$RLQ7CRD.exe, , [4299ff9eed8e50e6cebd450fee13fb05], 
PUP.Optional.EZDownloader.A, C:\Users\Lars Stehmann\AppData\Local\Temp\594f73dd\temp\EzDownloader_setup.exe, , [1ac145581e5da591851ae43b619f7888], 
PUP.Optional.MultiPlug.A, C:\Users\Lars Stehmann\AppData\Local\Temp\594f73dd\temp\hpds_setup.exe, , [c318d8c59cdfe74f46c195069d64d22e], 
Trojan.SProtector, C:\Users\Lars Stehmann\AppData\Local\Temp\594f73dd\temp\putfu.exe, , [ab300a93fd7efe38df35d483748d7f81], 
PUP.Optional.Booster.A, C:\Users\Lars Stehmann\AppData\Local\Temp\594f73dd\temp\usetup.exe, , [ce0d217cfa813ef8de948ebf8a7830d0], 
PUP.Optional.DomaIQ, C:\Users\Lars Stehmann\Downloads\Nicht bestätigt 292945.crdownload, , [8c4fa4f916656dc904215e2aa1601be5], 
PUP.Optional.Booster.A, C:\Windows\Tasks\SW-BOOSTER-S-792098896.JOB, , [e0fbdac314676bcbd2d4486e32d0bf41], 
PUP.Optional.Booster.A, C:\Windows\System32\Tasks\SW-BOOSTER-S-792098896, , [17c45548e695d46205a24670b84afd03], 
PUP.Optional.Superfish.A, C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\HTTP_WWW.SUPERFISH.COM_0.LOCALSTORAGE, , [6b70b2eb6b10a096ac15972e04fe748c], 
PUP.Optional.Superfish.A, C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\HTTP_WWW.SUPERFISH.COM_0.LOCALSTORAGE-JOURNAL, , [9b4077262f4c9f97269b70555aa8bc44], 
PUP.Optional.FastSearchings.A, C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\HTTP_WEBSEARCH.FASTSEARCHINGS.INFO_0.LOCALSTORAGE, , [d7040598c5b67db91c600113986c768a], 
PUP.Optional.FastSearchings.A, C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\HTTP_WEBSEARCH.FASTSEARCHINGS.INFO_0.LOCALSTORAGE-JOURNAL, , [ffdcc8d51d5e54e2acd0fb19c73d2fd1], 
PUP.Optional.Booster.A, C:\ProgramData\Trusted Publisher\SW-Booster\792098896.ini, , [2bb0e5b881fa8aac155bf2c2ba48e51b], 
PUP.Optional.Booster.A, C:\Program Files (x86)\SW-Booster\Assistant.dll, , [0ad1c0dde19a5cda61d1f4c1bc462cd4], 
PUP.Optional.Booster.A, C:\Program Files (x86)\SW-Booster\assistantSvc.dll, , [0ad1c0dde19a5cda61d1f4c1bc462cd4], 
PUP.Optional.Booster.A, C:\Program Files (x86)\SW-Booster\Assistant_x64.dll, , [0ad1c0dde19a5cda61d1f4c1bc462cd4], 

Physical Sectors: 0
(No malicious items detected)


(end)

M-K-D-B · 10.07.2014, 15:29

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

stehmi · 10.07.2014, 15:41

Hallo Matthias, danke schon mal für deine Hilfe.

FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014
Ran by Lars Stehmann (administrator) on LARSSTEHMANN on 10-07-2014 16:35:10
Running from C:\Users\Lars Stehmann\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1956760 2014-06-24] (APN)
HKU\S-1-5-21-2565124892-2511412510-2458214724-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-06-30] (Valve Corporation)
HKU\S-1-5-21-2565124892-2511412510-2458214724-1004\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
AppInit_DLLs: C:\Program Files (x86)\SW-Booster\Assistant_x64.dll => C:\Program Files (x86)\SW-Booster\Assistant_x64.dll File Not Found
AppInit_DLLs-x32: c:\program files (x86)\sw-booster\assistant.dll => "c:\program files (x86)\sw-booster\assistant.dll" File Not Found
Startup: C:\Users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 10-Registrierung.lnk
ShortcutTarget: FIFA 10-Registrierung.lnk -> C:\Program Files (x86)\EA Sports\FIFA 10\Support\EAregister.exe (No File)
Startup: C:\Users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - DefaultScope {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.fastsearchings.info/?l=1&q={searchTerms}&pid=2832&r=2014/07/10&hid=2824197954457125309&lg=EN&cc=DE&unqvl=56
SearchScopes: HKLM-x32 - {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.fastsearchings.info/?l=1&q={searchTerms}&pid=2832&r=2014/07/10&hid=2824197954457125309&lg=EN&cc=DE&unqvl=56
SearchScopes: HKCU - {901D31B8-7250-4352-9EE9-4E9AA33B9014} URL = 
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 - C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2014-07-10]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2012-12-13]

Chrome: 
=======
CHR HomePage: hxxp://websearch.fastsearchings.info/?pid=2832&r=2014/07/10&hid=2824197954457125309&lg=EN&cc=DE&unqvl=56
CHR StartupUrls: "hxxp://websearch.fastsearchings.info/?pid=2832&r=2014/07/10&hid=2824197954457125309&lg=EN&cc=DE&unqvl=56"
CHR NewTab: "chrome-extension://anjpmpempfaedkaamogooccadhhdehed/newtab.html"
CHR DefaultSearchKeyword: ask search
CHR DefaultSearchProvider: Ask Search
CHR DefaultSearchURL: hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11412&l=dis&pf=V7&p2=%5EBBK%5EOSJ000%5EYY%5EDE&gct=&itbv=12.10.6.48&doi=2014-05-29&apn_uid=DC1D0E09-3C3F-4C56-96B0-8B28C5A31BDE&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=cr_35.0.1916.114&psv=&pt=&trgb=CR&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (MySearch) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\anjpmpempfaedkaamogooccadhhdehed [2014-07-10]
CHR Extension: (Google Drive) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-17]
CHR Extension: (Norton Identity Protection) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-05-13]
CHR Extension: (YouTube) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-17]
CHR Extension: (Google-Suche) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-17]
CHR Extension: (Right Inbox for Gmail) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflnemhkomgploogccdmcloekbloobgb [2014-07-10]
CHR Extension: (priCecHop) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibalcnnhpenfjfadbgeojmhphmejall [2014-07-10]
CHR Extension: (Google Wallet) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-03]
CHR Extension: (Google Mail) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-17]
CHR Extension: (priCecHop) - C:\Users\Lars Stehmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibalcnnhpenfjfadbgeojmhphmejall\3.9 [2014-07-10]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-02]
CHR HKLM-x32\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx [2014-06-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-24] (APN LLC.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-08-26] (Samsung Electronics CO., LTD.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32568 2014-05-02] (The OpenVPN Project)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
S2 d0e87c27; "C:\windows\system32\rundll32.exe" "c:\program files (x86)\sw-booster\assistantSvc.dll",service
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [1388120 2013-01-16] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-13] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-12-13] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130205.001\IDSvia64.sys [513184 2013-01-24] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130205.032\ENG64.SYS [126192 2013-01-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130205.032\EX64.SYS [2087664 2013-01-28] (Symantec Corporation)
S0 prohlp02; C:\Windows\SysWOW64\drivers\prohlp02.sys [65504 2004-03-09] (Protection Technology) [File not signed]
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S0 sfhlp01; C:\Windows\SysWOW64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-20] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-10 16:35 - 2014-07-10 16:35 - 00019656 _____ () C:\Users\Lars Stehmann\Desktop\FRST.txt
2014-07-10 16:34 - 2014-07-10 16:35 - 00000000 ____D () C:\FRST
2014-07-10 16:33 - 2014-07-10 16:33 - 02084352 _____ (Farbar) C:\Users\Lars Stehmann\Desktop\FRST64.exe
2014-07-10 15:51 - 2014-07-10 15:51 - 00012542 _____ () C:\Users\Lars Stehmann\Desktop\malware.txt
2014-07-10 14:43 - 2014-07-10 14:45 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 14:38 - 2014-07-10 14:38 - 00001132 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-10 14:38 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-10 14:38 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-10 14:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-10 14:33 - 2014-07-10 14:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lars Stehmann\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 14:16 - 2014-07-10 15:52 - 00000000 ____D () C:\ProgramData\MySearch
2014-07-10 14:16 - 2014-07-10 15:52 - 00000000 ____D () C:\Program Files (x86)\MySearch
2014-07-10 14:15 - 2014-07-10 15:54 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-07-10 14:15 - 2014-07-10 15:52 - 00000000 ____D () C:\ProgramData\Adblocker
2014-07-10 14:15 - 2014-07-10 15:52 - 00000000 ____D () C:\Program Files (x86)\Adblocker
2014-07-10 14:14 - 2014-07-10 15:52 - 00000000 ____D () C:\ProgramData\priCechhoP
2014-07-10 14:14 - 2014-07-10 15:52 - 00000000 ____D () C:\Program Files (x86)\priCechhoP
2014-07-10 14:14 - 2014-07-10 14:16 - 00000000 ____D () C:\ProgramData\b06c2bca1a0474eb
2014-07-10 14:14 - 2014-07-10 14:14 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Torch
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Chromatic Browser
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Torch
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Chromatic Browser
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator
2014-07-09 18:11 - 2014-07-09 18:13 - 20076727 _____ () C:\Users\Lars Stehmann\Downloads\fm14.rar
2014-07-08 15:27 - 2014-07-08 15:27 - 00002058 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-07-08 15:27 - 2014-07-08 15:27 - 00002056 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-07-08 15:27 - 2014-07-08 15:27 - 00002046 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-07-06 20:01 - 2014-07-06 20:01 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Roaming\dvdcss
2014-07-06 20:00 - 2014-07-06 22:12 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Roaming\vlc
2014-07-06 19:58 - 2014-07-06 19:58 - 00000875 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-06 19:58 - 2014-07-06 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-06 19:58 - 2014-07-06 19:58 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-06 19:54 - 2014-07-06 19:54 - 00961360 _____ (Chip Digital GmbH) C:\Users\Lars Stehmann\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
2014-07-06 19:51 - 2014-07-06 19:51 - 00001242 _____ () C:\Users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player.lnk
2014-07-06 19:40 - 2014-07-06 19:40 - 04998707 _____ () C:\Users\Lars Stehmann\Downloads\flvplayer_setup20_25.exe
2014-07-06 18:21 - 2014-05-15 03:02 - 00059424 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-07-06 18:21 - 2014-05-15 00:43 - 03286528 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-07-06 18:21 - 2014-05-15 00:43 - 01623040 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-07-06 18:21 - 2014-05-15 00:43 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-07-06 18:21 - 2014-05-15 00:42 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-07-02 22:54 - 2014-07-02 22:54 - 00015126 _____ () C:\Users\Lars Stehmann\Downloads\Vorbereitung.xlsx
2014-06-28 10:41 - 2014-05-31 07:16 - 00703992 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-06-28 10:41 - 2014-05-31 07:16 - 00105464 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-25 18:38 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-06-25 18:38 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-06-25 18:37 - 2014-05-24 04:48 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-25 18:37 - 2014-05-24 04:47 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-25 18:37 - 2014-05-24 04:47 - 01366016 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-25 18:37 - 2014-05-24 04:47 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-06-25 18:37 - 2014-05-24 04:47 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-06-25 18:37 - 2014-05-24 04:46 - 19290112 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-25 18:37 - 2014-05-24 04:46 - 15368704 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-25 18:37 - 2014-05-24 04:46 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-06-25 18:37 - 2014-05-24 04:46 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-25 18:37 - 2014-05-24 04:46 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-25 18:37 - 2014-05-24 04:46 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-06-25 18:37 - 2014-05-24 04:46 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-25 18:37 - 2014-05-24 04:46 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-25 18:37 - 2014-05-24 04:46 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-25 18:37 - 2014-05-24 04:46 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-25 18:37 - 2014-05-24 04:45 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-25 18:37 - 2014-05-24 04:45 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-25 18:37 - 2014-05-24 04:45 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-25 18:37 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-25 18:37 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-25 18:37 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-25 18:37 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-25 18:37 - 2014-05-24 03:26 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-06-25 18:37 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-25 18:37 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-25 18:37 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-25 18:37 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-25 18:37 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-06-25 18:37 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-25 18:37 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-25 18:37 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-25 18:37 - 2014-05-24 03:09 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-25 18:37 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-25 18:37 - 2014-05-24 00:37 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-06-25 18:37 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-06-25 18:37 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-06-25 18:37 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-06-25 18:37 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-06-25 18:37 - 2014-04-01 00:08 - 00387268 _____ () C:\windows\system32\ApnDatabase.xml
2014-06-25 18:37 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe
2014-06-25 18:37 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe
2014-06-25 18:34 - 2014-05-24 04:46 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-25 18:34 - 2014-05-24 04:46 - 02650112 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-25 18:34 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-25 18:34 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-25 18:34 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-06-25 18:33 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-25 18:33 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-25 18:30 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-25 18:30 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-25 18:30 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-25 18:22 - 2014-06-25 18:22 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\AskPartnerNetwork
2014-06-24 12:16 - 2014-06-24 12:16 - 00177181 _____ () C:\Users\Lars Stehmann\Desktop\Guck Yegger.odb
2014-06-23 16:49 - 2014-06-23 16:49 - 00947864 _____ () C:\Users\Lars Stehmann\Downloads\AndrewBase.odt
2014-06-20 23:17 - 2014-06-20 23:17 - 00033792 _____ () C:\Users\Lars Stehmann\Downloads\35605.xls
2014-06-20 22:13 - 2014-06-21 12:09 - 00026578 _____ () C:\Users\Lars Stehmann\Desktop\DiebesteVariante.ods
2014-06-20 20:18 - 2014-06-21 18:25 - 00079697 _____ () C:\Users\Lars Stehmann\Desktop\dsjfsjdfsjdf.odb
2014-06-20 11:11 - 2014-06-21 13:20 - 00035293 _____ () C:\Users\Lars Stehmann\Desktop\Tutorial.odb
2014-06-19 13:47 - 2014-07-10 15:53 - 00013755 _____ () C:\Users\Lars Stehmann\Desktop\statistiken.ods
2014-06-10 22:27 - 2014-06-10 22:27 - 04990544 _____ (Adobe Systems Inc.) C:\Users\Lars Stehmann\Downloads\Shockwave_Installer_Slim.exe
2014-06-10 22:27 - 2014-06-10 22:27 - 00000000 ____D () C:\windows\SysWOW64\Adobe

==================== One Month Modified Files and Folders =======

2014-07-10 16:35 - 2014-07-10 16:35 - 00019656 _____ () C:\Users\Lars Stehmann\Desktop\FRST.txt
2014-07-10 16:35 - 2014-07-10 16:34 - 00000000 ____D () C:\FRST
2014-07-10 16:33 - 2014-07-10 16:33 - 02084352 _____ (Farbar) C:\Users\Lars Stehmann\Desktop\FRST64.exe
2014-07-10 16:21 - 2012-12-17 10:40 - 00001150 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-10 16:21 - 2012-08-31 06:42 - 00000360 _____ () C:\windows\Tasks\Xerox PhotoCafe Communicator.job
2014-07-10 16:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-07-10 15:59 - 2012-08-31 06:28 - 00000000 ____D () C:\ProgramData\WinClon
2014-07-10 15:57 - 2013-11-05 15:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-10 15:56 - 2014-03-12 18:40 - 00000000 ___RD () C:\Users\Lars Stehmann\Google Drive
2014-07-10 15:56 - 2012-12-13 19:56 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\CrashDumps
2014-07-10 15:55 - 2012-12-17 10:40 - 00001146 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-10 15:54 - 2014-07-10 14:15 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-07-10 15:54 - 2012-08-05 23:07 - 00030380 _____ () C:\windows\PFRO.log
2014-07-10 15:54 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-10 15:54 - 2012-07-26 07:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-07-10 15:53 - 2014-06-19 13:47 - 00013755 _____ () C:\Users\Lars Stehmann\Desktop\statistiken.ods
2014-07-10 15:52 - 2014-07-10 14:16 - 00000000 ____D () C:\ProgramData\MySearch
2014-07-10 15:52 - 2014-07-10 14:16 - 00000000 ____D () C:\Program Files (x86)\MySearch
2014-07-10 15:52 - 2014-07-10 14:15 - 00000000 ____D () C:\ProgramData\Adblocker
2014-07-10 15:52 - 2014-07-10 14:15 - 00000000 ____D () C:\Program Files (x86)\Adblocker
2014-07-10 15:52 - 2014-07-10 14:14 - 00000000 ____D () C:\ProgramData\priCechhoP
2014-07-10 15:52 - 2014-07-10 14:14 - 00000000 ____D () C:\Program Files (x86)\priCechhoP
2014-07-10 15:51 - 2014-07-10 15:51 - 00012542 _____ () C:\Users\Lars Stehmann\Desktop\malware.txt
2014-07-10 14:45 - 2014-07-10 14:43 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 14:38 - 2014-07-10 14:38 - 00001132 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 14:38 - 2014-07-10 14:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-10 14:34 - 2014-07-10 14:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lars Stehmann\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-10 14:16 - 2014-07-10 14:14 - 00000000 ____D () C:\ProgramData\b06c2bca1a0474eb
2014-07-10 14:14 - 2014-07-10 14:14 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Torch
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars\AppData\Local\Chromatic Browser
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Torch
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Chromatic Browser
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Gast
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-10 14:14 - 2014-07-10 14:14 - 00000000 ____D () C:\Users\Administrator
2014-07-10 14:14 - 2012-12-17 10:39 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\Google
2014-07-10 14:14 - 2012-12-17 10:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-10 14:14 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-07-10 14:14 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-07-09 22:50 - 2014-04-21 23:54 - 00000129 _____ () C:\Users\Lars Stehmann\Desktop\FoMa.txt
2014-07-09 18:13 - 2014-07-09 18:11 - 20076727 _____ () C:\Users\Lars Stehmann\Downloads\fm14.rar
2014-07-09 13:45 - 2014-02-13 20:31 - 00088904 _____ () C:\Users\Lars Stehmann\Desktop\napoli.ods
2014-07-09 09:29 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-07-08 18:28 - 2012-08-31 05:24 - 01366359 _____ () C:\windows\WindowsUpdate.log
2014-07-08 15:27 - 2014-07-08 15:27 - 00002058 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-07-08 15:27 - 2014-07-08 15:27 - 00002056 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-07-08 15:27 - 2014-07-08 15:27 - 00002046 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-07-08 15:27 - 2014-03-11 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-06 22:13 - 2013-05-23 18:42 - 00070144 ___SH () C:\Users\Lars Stehmann\Downloads\Thumbs.db
2014-07-06 22:12 - 2014-07-06 20:00 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Roaming\vlc
2014-07-06 20:01 - 2014-07-06 20:01 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Roaming\dvdcss
2014-07-06 19:58 - 2014-07-06 19:58 - 00000875 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-06 19:58 - 2014-07-06 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-06 19:58 - 2014-07-06 19:58 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-06 19:54 - 2014-07-06 19:54 - 00961360 _____ (Chip Digital GmbH) C:\Users\Lars Stehmann\Downloads\VLC media player 64 Bit - CHIP-Installer.exe
2014-07-06 19:51 - 2014-07-06 19:51 - 00001242 _____ () C:\Users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player.lnk
2014-07-06 19:40 - 2014-07-06 19:40 - 04998707 _____ () C:\Users\Lars Stehmann\Downloads\flvplayer_setup20_25.exe
2014-07-06 19:35 - 2012-08-31 06:37 - 00000000 ____D () C:\ProgramData\CyberLink
2014-07-06 18:24 - 2012-07-26 09:59 - 00000000 ____D () C:\windows\CbsTemp
2014-07-05 22:51 - 2012-12-13 20:05 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2565124892-2511412510-2458214724-1004
2014-07-03 12:49 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-07-02 22:54 - 2014-07-02 22:54 - 00015126 _____ () C:\Users\Lars Stehmann\Downloads\Vorbereitung.xlsx
2014-06-29 16:57 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache
2014-06-27 18:36 - 2013-10-01 09:05 - 00000000 ____D () C:\windows\system32\MRT
2014-06-27 18:33 - 2012-12-15 14:10 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-25 18:22 - 2014-06-25 18:22 - 00000000 ____D () C:\Users\Lars Stehmann\AppData\Local\AskPartnerNetwork
2014-06-25 11:49 - 2013-10-01 08:24 - 00000000 ____D () C:\Users\Lars Stehmann\Desktop\Neuer Ordner
2014-06-24 12:49 - 2012-12-17 00:59 - 00766976 ___SH () C:\Users\Lars Stehmann\Desktop\Thumbs.db
2014-06-24 12:16 - 2014-06-24 12:16 - 00177181 _____ () C:\Users\Lars Stehmann\Desktop\Guck Yegger.odb
2014-06-23 16:49 - 2014-06-23 16:49 - 00947864 _____ () C:\Users\Lars Stehmann\Downloads\AndrewBase.odt
2014-06-21 18:25 - 2014-06-20 20:18 - 00079697 _____ () C:\Users\Lars Stehmann\Desktop\dsjfsjdfsjdf.odb
2014-06-21 13:20 - 2014-06-20 11:11 - 00035293 _____ () C:\Users\Lars Stehmann\Desktop\Tutorial.odb
2014-06-21 12:09 - 2014-06-20 22:13 - 00026578 _____ () C:\Users\Lars Stehmann\Desktop\DiebesteVariante.ods
2014-06-20 23:17 - 2014-06-20 23:17 - 00033792 _____ () C:\Users\Lars Stehmann\Downloads\35605.xls
2014-06-20 21:35 - 2014-03-10 16:29 - 00000000 ____D () C:\Users\Lars Stehmann\Desktop\4.Semester
2014-06-18 00:16 - 2012-12-17 10:40 - 00004122 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 00:16 - 2012-12-17 10:40 - 00003886 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-14 17:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\NDF
2014-06-13 04:10 - 2014-06-08 22:51 - 02978373 _____ () C:\Users\Lars Stehmann\Desktop\wm2014_tippspiel.ods
2014-06-10 22:27 - 2014-06-10 22:27 - 04990544 _____ (Adobe Systems Inc.) C:\Users\Lars Stehmann\Downloads\Shockwave_Installer_Slim.exe
2014-06-10 22:27 - 2014-06-10 22:27 - 00000000 ____D () C:\windows\SysWOW64\Adobe

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe


Some content of TEMP:
====================
C:\Users\Lars Stehmann\AppData\Local\Temp\8123nua.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\APNSetup.exe
C:\Users\Lars Stehmann\AppData\Local\Temp\COMAP.EXE


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-07 18:06

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2014
Ran by Lars Stehmann at 2014-07-10 16:37:35
Running from C:\Users\Lars Stehmann\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{53460839-526B-5CEC-011C-6F01CE411CF1}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C0F01}) (Version: 12.15.1.16 - APN, LLC) <==== ATTENTION
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das Fussball Studio 8.5.2 (Beta) (HKLM-x32\...\{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1) (Version: 8.5.2 - vmLOGIC - Volker Mallmann)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
Football Manager 2014 Editor (HKLM-x32\...\Steam App 242460) (Version:  - )
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Help Desk (HKLM\...\{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}) (Version: 1.0.4 - Samsung Electronics CO., LTD.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.17.41283 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Next Generation Tennis 2003 (HKLM-x32\...\{1B29C0BE-AEB2-408C-BAA6-A4EE6CC8577C}) (Version:  - )
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
OpenProj (HKLM-x32\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.)
OpenVPN 2.3.4-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.4-I001 - )
Paint XP version 1.1 (HKLM-x32\...\{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1) (Version: 1.1 - MSPAINTXP.COM)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{46889070-D447-4936-A5D3-246DB972FA2E}) (Version: 2.0.6.16537 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
ProjectLibre (HKLM-x32\...\{73C751CF-B4B9-4757-BDBC-0B3A5B16B531}) (Version: 1.5.17.0 - ProjectLibre)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Race Driver 2 Online Demo (x32 Version: 1.03.0010 - Codemasters) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.5.0 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Support Center (HKLM\...\{3D7275C7-8549-46AF-8B59-82A3EF301B31}) (Version: 2.0.8 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.0 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{49271148-3C6B-4F2B-B8C9-FFDE243B8FEA}) (Version: 2.0.15 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.3 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)

==================== Restore Points  =========================

08-06-2014 17:06:07 Installiert Next Generation Tennis 2003
18-06-2014 08:09:27 Geplanter Prüfpunkt
27-06-2014 16:31:27 Windows Update
06-07-2014 16:18:55 Windows Update

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0200E3AC-B15B-43A3-A026-5B6CD38D9279} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-08-24] (Samsung Electronics CO., LTD.)
Task: {022D5CA9-2218-474D-8D74-74FA85A00C15} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe
Task: {081B14FF-6015-4C08-B021-226A9772CB2E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {0E9D97A1-A465-48D0-BA55-C025FCF94F82} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-08-23] (SEC)
Task: {15BC6E8E-3BF9-40C9-ABE3-341F810187C9} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {24855140-4344-42DC-86C1-89E8CD842538} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {7AE68E7D-23D7-4A63-AB11-00939156AE17} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {7CFC0557-5ABF-4159-B64D-0C1DF9516AE1} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-08-26] (Samsung Electronics CO., LTD.)
Task: {813ADBC4-08C7-4BB2-ABCE-FAF70AA196CC} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {8D27BE66-6B75-450B-8FEC-9DA0CFE59F1C} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {A49545EA-F214-4B28-8E8E-6F3CBBE262DE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B5B68FFB-D29A-4B8E-B719-59186C341708} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-06-27] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CB0F186F-5F9A-41B2-9456-C782B547FEEA} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {CBD4CA57-F0CE-44D2-AB53-BD16C65D4CFE} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {D7B2CB40-9DD3-4BC3-BE50-72A6649DB198} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe

==================== Loaded Modules (whitelisted) =============

2012-08-26 11:48 - 2012-08-26 11:48 - 00076920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-05-28 15:27 - 2014-05-28 15:28 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-08 03:22 - 2012-08-08 03:22 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00026232 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00029816 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00091768 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00028280 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 01015416 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-08-26 11:48 - 2012-08-26 11:48 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2014-07-10 15:55 - 2014-07-10 15:55 - 00098816 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32api.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00110080 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\pywintypes27.dll
2014-07-10 15:55 - 2014-07-10 15:55 - 00364544 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\pythoncom27.dll
2014-07-10 15:55 - 2014-07-10 15:55 - 00045568 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\_socket.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 01160704 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\_ssl.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00320512 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32com.shell.shell.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00713216 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\_hashlib.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 01175040 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\wx._core_.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00805888 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\wx._gdi_.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00811008 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\wx._windows_.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 01062400 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\wx._controls_.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00735232 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\wx._misc_.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00128512 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\_elementtree.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00127488 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\pyexpat.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00557056 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\pysqlite2._sqlite.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00007168 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\hashobjs_ext.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00087552 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\_ctypes.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00119808 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32file.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00108544 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32security.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00018432 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32event.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00038912 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32inet.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00070656 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\wx._html2.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00167936 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32gui.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00011264 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32crypt.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00027136 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\_multiprocessing.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00122368 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\wx._wizard.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00010240 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\select.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00024064 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32pipe.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00686080 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\unicodedata.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00025600 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32pdh.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00525640 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\windows._lib_cacheinvalidation.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00035840 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32process.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00017408 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32profile.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00022528 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\win32ts.pyd
2014-07-10 15:55 - 2014-07-10 15:55 - 00078336 _____ () C:\Users\Lars Stehmann\AppData\Local\Temp\_MEI15242\wx._animate.pyd
2014-06-14 09:18 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-14 09:18 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-05-02 09:55 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKCU\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2014 03:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0xd14
Startzeit der fehlerhaften Anwendung: 0xCommonAgent.exe0
Pfad der fehlerhaften Anwendung: CommonAgent.exe1
Pfad des fehlerhaften Moduls: CommonAgent.exe2
Berichtskennung: CommonAgent.exe3
Vollständiger Name des fehlerhaften Pakets: CommonAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CommonAgent.exe5

Error: (07/10/2014 03:55:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0x7b0
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5

Error: (07/10/2014 02:26:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0x16ec
Startzeit der fehlerhaften Anwendung: 0xCommonAgent.exe0
Pfad der fehlerhaften Anwendung: CommonAgent.exe1
Pfad des fehlerhaften Moduls: CommonAgent.exe2
Berichtskennung: CommonAgent.exe3
Vollständiger Name des fehlerhaften Pakets: CommonAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CommonAgent.exe5

Error: (07/10/2014 02:25:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0x151c
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5

Error: (07/10/2014 02:17:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: soffice.bin, Version: 3.4.9593.500, Zeitstempel: 0x5028bfc0
Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.2.9200.16622, Zeitstempel: 0x519e974e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f035
ID des fehlerhaften Prozesses: 0x538
Startzeit der fehlerhaften Anwendung: 0xsoffice.bin0
Pfad der fehlerhaften Anwendung: soffice.bin1
Pfad des fehlerhaften Moduls: soffice.bin2
Berichtskennung: soffice.bin3
Vollständiger Name des fehlerhaften Pakets: soffice.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: soffice.bin5

Error: (07/10/2014 10:09:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Name des fehlerhaften Moduls: CommonAgent.exe, Version: 1.0.7.5, Zeitstempel: 0x502ddd20
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000183835
ID des fehlerhaften Prozesses: 0xa18
Startzeit der fehlerhaften Anwendung: 0xCommonAgent.exe0
Pfad der fehlerhaften Anwendung: CommonAgent.exe1
Pfad des fehlerhaften Moduls: CommonAgent.exe2
Berichtskennung: CommonAgent.exe3
Vollständiger Name des fehlerhaften Pakets: CommonAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CommonAgent.exe5

Error: (07/10/2014 10:07:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Name des fehlerhaften Moduls: MakeMarkerFile.exe, Version: 1.0.0.2, Zeitstempel: 0x5021e5e8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000000000014d7cc
ID des fehlerhaften Prozesses: 0x5bc
Startzeit der fehlerhaften Anwendung: 0xMakeMarkerFile.exe0
Pfad der fehlerhaften Anwendung: MakeMarkerFile.exe1
Pfad des fehlerhaften Moduls: MakeMarkerFile.exe2
Berichtskennung: MakeMarkerFile.exe3
Vollständiger Name des fehlerhaften Pakets: MakeMarkerFile.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MakeMarkerFile.exe5

Error: (07/09/2014 10:02:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LarsStehmann)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147023174. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/09/2014 08:28:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fm.exe, Version: 14.3.1.28944, Zeitstempel: 0x5342f333
Name des fehlerhaften Moduls: fm.exe, Version: 14.3.1.28944, Zeitstempel: 0x5342f333
Ausnahmecode: 0x40000015
Fehleroffset: 0x01df6583
ID des fehlerhaften Prozesses: 0x1274
Startzeit der fehlerhaften Anwendung: 0xfm.exe0
Pfad der fehlerhaften Anwendung: fm.exe1
Pfad des fehlerhaften Moduls: fm.exe2
Berichtskennung: fm.exe3
Vollständiger Name des fehlerhaften Pakets: fm.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: fm.exe5

Error: (07/09/2014 08:01:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LiveComm.exe, Version: 17.0.1119.516, Zeitstempel: 0x519504e1
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0xe20
Startzeit der fehlerhaften Anwendung: 0xLiveComm.exe0
Pfad der fehlerhaften Anwendung: LiveComm.exe1
Pfad des fehlerhaften Moduls: LiveComm.exe2
Berichtskennung: LiveComm.exe3
Vollständiger Name des fehlerhaften Pakets: LiveComm.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LiveComm.exe5


System errors:
=============
Error: (07/10/2014 03:57:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/10/2014 03:55:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SW-Sustainer erreicht.

Error: (07/10/2014 03:54:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (07/10/2014 10:05:03 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (07/10/2014 03:28:40 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: NT-AUTORITÄT)
Description: 9\_TZ.TZ002014-07-10T01:28:40.065470200Z463

Error: (07/09/2014 09:25:20 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (07/08/2014 09:31:08 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (07/08/2014 09:31:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎08.‎07.‎2014 um 18:14:55 unerwartet heruntergefahren.

Error: (07/08/2014 09:53:52 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys

Error: (07/07/2014 09:35:04 PM) (Source: cdrom) (EventID: 15) (User: )
Description: Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.


Microsoft Office Sessions:
=========================
Error: (07/10/2014 03:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd20400000150000000000183835d1401cf9c46b215a57fC:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exe08157919-083a-11e4-bf2d-50b7c32e28bd

Error: (07/10/2014 03:55:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc7b001cf9c468d83770fC:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exedeeff7b7-0839-11e4-bf2d-50b7c32e28bd

Error: (07/10/2014 02:26:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd2040000015000000000018383516ec01cf9c3a1c4c8c49C:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exe5a258f73-082d-11e4-bf2c-50b7c32e28bd

Error: (07/10/2014 02:25:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc151c01cf9c39f7e847daC:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe38b24196-082d-11e4-bf2c-50b7c32e28bd

Error: (07/10/2014 02:17:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: soffice.bin3.4.9593.5005028bfc0RPCRT4.dll6.2.9200.16622519e974ec00000050001f03553801cf9c1b9706e170C:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\windows\SYSTEM32\RPCRT4.dll28b89091-082c-11e4-bf2c-50b7c32e28bd

Error: (07/10/2014 10:09:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd20400000150000000000183835a1801cf9c16081fc873C:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exe7741fd44-0809-11e4-bf2c-50b7c32e28bd

Error: (07/10/2014 10:07:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc5bc01cf9c15e3b591ddC:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe4dd35602-0809-11e4-bf2c-50b7c32e28bd

Error: (07/09/2014 10:02:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LarsStehmann)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023174

Error: (07/09/2014 08:28:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fm.exe14.3.1.289445342f333fm.exe14.3.1.289445342f3334000001501df6583127401cf9b8b96aef054C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exeC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exede6fd669-0796-11e4-bf2b-50b7c32e28bd

Error: (07/09/2014 08:01:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LiveComm.exe17.0.1119.516519504e1unknown0.0.0.000000000c00000050000000000000000e2001cf9b4729e88c7aC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exeunknownfe2ccf0b-0792-11e4-bf2b-50b7c32e28bdmicrosoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail


==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 3675.78 MB
Available physical RAM: 2303.15 MB
Total Pagefile: 5467.78 MB
Available Pagefile: 3856.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:442.08 GB) (Free:369.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: D35F083E)

Partition: GPT Partition Type.

==================== End Of Log ============================

M-K-D-B · 10.07.2014, 17:19

Servus,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

stehmi · 11.07.2014, 00:10

Während Combofix lief musste ich den Laptop einmal wieder anschmeißen, da der sich wohl in den Standby Modus begegeben hatte, keine Ahnung inwieweit das jetzt den Prozess behindert haben könnte. Ansonsten gab es jedenfalls keine Beanstandungen von Combofix.

Hier das LogFile.

Code:

ATTFilter

ComboFix 14-07-08.04 - Lars Stehmann 11.07.2014   0:26.1.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.3676.2584 [GMT 2:00]
ausgeführt von:: c:\users\Lars Stehmann\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Java\jre7\bin\jp2ssv.dll
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\_ctypes.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\_elementtree.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\_hashlib.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\_multiprocessing.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\_socket.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\_ssl.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\hashobjs_ext.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\pyexpat.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\pysqlite2._sqlite.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\python27.dll
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\pythoncom27.dll
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\PyWinTypes27.dll
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\select.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\unicodedata.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32api.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32com.shell.shell.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32crypt.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32event.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32file.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32gui.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32inet.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32pdh.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32pipe.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32process.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32profile.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32security.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\win32ts.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\windows._lib_cacheinvalidation.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wx._animate.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wx._controls_.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wx._core_.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wx._gdi_.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wx._html2.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wx._misc_.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wx._windows_.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wx._wizard.pyd
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wxbase294u_net_vc90.dll
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wxbase294u_vc90.dll
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wxmsw294u_adv_vc90.dll
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wxmsw294u_core_vc90.dll
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wxmsw294u_html_vc90.dll
c:\users\Lars Stehmann\AppData\Local\Temp\_MEI43282\wxmsw294u_webview_vc90.dll
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_acedrv11
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-06-10 bis 2014-07-10  ))))))))))))))))))))))))))))))
.
.
2014-07-10 22:47 . 2014-07-10 22:47	--------	d-----w-	c:\users\Lars\AppData\Local\temp
2014-07-10 22:47 . 2014-07-10 22:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-07-10 14:34 . 2014-07-10 14:38	--------	d-----w-	C:\FRST
2014-07-10 12:43 . 2014-07-10 22:03	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-10 12:38 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-07-10 12:38 . 2014-07-10 12:38	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-07-10 12:38 . 2014-07-10 12:38	--------	d-----w-	c:\programdata\Malwarebytes
2014-07-10 12:38 . 2014-05-12 05:26	64216	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-07-10 12:38 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-07-10 12:16 . 2014-07-10 13:52	--------	d-----w-	c:\programdata\MySearch
2014-07-10 12:16 . 2014-07-10 13:52	--------	d-----w-	c:\program files (x86)\MySearch
2014-07-10 12:15 . 2014-07-10 13:54	--------	d-----w-	c:\programdata\Trusted Publisher
2014-07-10 12:15 . 2014-07-10 13:52	--------	d-----w-	c:\programdata\Adblocker
2014-07-10 12:15 . 2014-07-10 13:52	--------	d-----w-	c:\program files (x86)\Adblocker
2014-07-06 18:01 . 2014-07-06 18:01	--------	d-----w-	c:\users\Lars Stehmann\AppData\Roaming\dvdcss
2014-07-06 18:00 . 2014-07-06 20:12	--------	d-----w-	c:\users\Lars Stehmann\AppData\Roaming\vlc
2014-07-06 17:58 . 2014-07-06 17:58	--------	d-----w-	c:\program files\VideoLAN
2014-07-06 16:21 . 2014-05-15 01:02	59424	----a-w-	c:\windows\system32\wuauclt.exe
2014-07-06 16:21 . 2014-05-14 22:43	3286528	----a-w-	c:\windows\system32\wuaueng.dll
2014-07-06 16:21 . 2014-05-14 22:43	1623040	----a-w-	c:\windows\system32\wucltux.dll
2014-07-06 16:21 . 2014-05-14 22:42	176640	----a-w-	c:\windows\system32\storewuauth.dll
2014-07-06 16:21 . 2014-05-14 22:43	253440	----a-w-	c:\windows\system32\WUSettingsProvider.dll
2014-07-01 06:28 . 2014-07-01 06:28	257704	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10243.bin
2014-06-28 08:41 . 2014-05-31 05:16	703992	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-28 08:41 . 2014-05-31 05:16	105464	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-25 16:38 . 2014-05-03 05:47	3246592	----a-w-	c:\windows\system32\rdpcorets.dll
2014-06-25 16:38 . 2014-05-03 03:34	235520	----a-w-	c:\windows\system32\rdpudd.dll
2014-06-25 16:34 . 2014-05-24 02:46	3958784	----a-w-	c:\windows\system32\jscript9.dll
2014-06-25 16:34 . 2014-05-24 02:46	2650112	----a-w-	c:\windows\system32\iertutil.dll
2014-06-25 16:33 . 2014-05-24 01:25	2862080	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-06-25 16:33 . 2014-05-24 01:25	108032	----a-w-	c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2014-06-25 16:30 . 2014-04-03 11:22	2233176	----a-w-	c:\windows\system32\drivers\tcpip.sys
2014-06-25 16:30 . 2014-03-07 00:47	1419264	----a-w-	c:\windows\SysWow64\msxml3.dll
2014-06-25 16:30 . 2014-03-07 00:08	1845760	----a-w-	c:\windows\system32\msxml3.dll
2014-06-25 16:22 . 2014-06-25 16:22	--------	d-----w-	c:\users\Lars Stehmann\AppData\Local\AskPartnerNetwork
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-27 16:33 . 2012-12-15 12:10	95414520	----a-w-	c:\windows\system32\MRT.exe
2014-05-07 13:02 . 2014-05-29 18:40	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-25 15:44 . 2014-06-05 22:24	110264	----a-w-	c:\windows\system32\pdfcmon.dll
2014-04-25 15:44 . 2014-06-05 22:24	662288	----a-w-	c:\windows\SysWow64\MSCOMCT2.OCX
2014-04-25 15:44 . 2014-06-05 22:24	137000	----a-w-	c:\windows\SysWow64\MSMAPI32.OCX
2014-04-25 15:44 . 2014-06-05 22:24	1070152	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2014-04-25 15:44 . 2014-06-05 22:24	23552	----a-w-	c:\windows\SysWow64\MSMPIDE.DLL
2014-04-19 09:39 . 2014-05-26 14:23	628024	----a-w-	c:\windows\system32\NotificationUI.exe
2014-04-19 08:45 . 2014-05-26 14:23	693760	----a-w-	c:\windows\system32\WSShared.dll
2014-04-19 08:45 . 2014-05-26 14:23	163840	----a-w-	c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-19 06:57 . 2014-05-26 14:23	566784	----a-w-	c:\windows\SysWow64\WSShared.dll
2014-04-19 06:57 . 2014-05-26 14:23	124928	----a-w-	c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-18 13:00 . 2014-04-18 13:00	17536	----a-w-	c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-04-12 09:27 . 2014-05-26 11:38	172888	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 09:10 . 2014-05-26 11:38	578048	----a-w-	c:\windows\system32\winlogon.exe
2014-04-12 09:09 . 2014-05-26 11:38	208896	----a-w-	c:\windows\system32\wdigest.dll
2014-04-12 09:09 . 2014-05-26 11:38	1043968	----a-w-	c:\windows\system32\usercpl.dll
2014-04-12 09:09 . 2014-05-26 11:38	94720	----a-w-	c:\windows\system32\TSpkg.dll
2014-04-12 09:09 . 2014-05-26 11:38	588288	----a-w-	c:\windows\system32\SHCore.dll
2014-04-12 09:08 . 2014-05-26 11:38	318464	----a-w-	c:\windows\system32\msv1_0.dll
2014-04-12 09:08 . 2014-05-26 11:38	1281536	----a-w-	c:\windows\system32\lsasrv.dll
2014-04-12 09:08 . 2014-05-26 11:38	439808	----a-w-	c:\windows\system32\lsm.dll
2014-04-12 09:08 . 2014-05-26 11:38	827904	----a-w-	c:\windows\system32\kerberos.dll
2014-04-12 09:07 . 2014-05-26 11:38	20480	----a-w-	c:\windows\system32\credssp.dll
2014-04-12 07:23 . 2014-05-26 11:38	178688	----a-w-	c:\windows\SysWow64\wdigest.dll
2014-04-12 07:23 . 2014-05-26 11:38	961536	----a-w-	c:\windows\SysWow64\usercpl.dll
2014-04-12 07:23 . 2014-05-26 11:38	76800	----a-w-	c:\windows\SysWow64\TSpkg.dll
2014-04-12 07:23 . 2014-05-26 11:38	452608	----a-w-	c:\windows\SysWow64\SHCore.dll
2014-04-12 07:23 . 2014-05-26 11:38	273920	----a-w-	c:\windows\SysWow64\msv1_0.dll
2014-04-12 07:22 . 2014-05-26 11:38	666624	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-04-12 07:22 . 2014-05-26 11:38	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2014-04-12 06:58 . 2014-05-26 11:38	14848	----a-w-	c:\windows\system32\workerdd.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-06-30 1753280]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-06-27 24477056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-08 642216]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-07-10 2995904]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-08-15 97392]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2012-06-08 111120]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-12 491120]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-06-23 1956760]
.
c:\users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 d0e87c27;SW-Sustainer;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R3 PDF Architect 2;PDF Architect 2;c:\program files (x86)\PDF Architect 2\ws.exe;c:\program files (x86)\PDF Architect 2\ws.exe [x]
R3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R4 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\SymELAM.sys [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S1 ccSet_NARA;NARA Settings Manager;c:\windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NARAx64\0401000.00B\ccSetx64.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Easy Launcher;Easy Launcher;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130116.013\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\ccSetx64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130205.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130205.001\IDSvia64.sys [x]
S3 RadioHIDMini;Radio HID Mini-driver;c:\windows\System32\drivers\RadioHIDMini.sys;c:\windows\SYSNATIVE\drivers\RadioHIDMini.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1405000.01C\SYMNETS.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-14 07:16	1091912	----a-w-	c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-10 c:\windows\Tasks\Xerox PhotoCafe Communicator.job
- c:\programdata\Xerox PhotoCafe\MessageCheck.exe [2011-10-26 09:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 12:20	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 12:20	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 12:20	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 12:20	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 12:20	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-10 13191824]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-08-10 764032]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-08-10 127616]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
c:\users\Lars Stehmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 10-Registrierung.lnk - c:\program files (x86)\EA Sports\FIFA 10\Support\EAregister.exe /remind /language=DE /PRID="ODS:15691.110.Base Product" /WHPR="FIFA 10" /PRNM="Electronic Arts Product"
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Samsung\Settings\sSettings.exe
c:\program files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
c:\program files (x86)\Samsung\SW Update\SWMAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-07-11  00:59:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-07-10 22:59
.
Vor Suchlauf: 8 Verzeichnis(se), 400.998.236.160 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 405.860.462.592 Bytes frei
.
- - End Of File - - BA4305F3FDC17A547645843893401F6D
5FB38429D5D77768867C76DCBDB35194

M-K-D-B · 11.07.2014, 11:25

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.

Starte Zoek.exe mit einem Doppelklick.
Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
Code:
ATTFilter
```
iedefaults;
resetIEproxy;
FFdefaults;
CHRdefaults;
emptyclsid;
autoclean;
         
```
Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von Zoek,
die beiden neuen Logdateien von FRST.

Fastsearchings.info und vermutlich weitere Viren

Plagegeister aller Art und deren Bekämpfung: Fastsearchings.info und vermutlich weitere Viren