Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: n11.adshostne, Zombie News und andere Werbung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.01.2015, 17:36   #1
adan407
 
n11.adshostne, Zombie News und andere Werbung - Standard

n11.adshostne, Zombie News und andere Werbung



Hallo Team,
langsam gehen mir diese ganzen Werbebanner richtig auf die Nerven.
Bestimmt leiten die ein auch nicht immer auf Seiten weiter, die für den Computer
förderlich sind und die Programme die ich im Namen des Themas schon erwähnt habe,
lassen sich einfach nicht deinstallieren.
Ich hoffe ihr könnt mir helfen.

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Marian Curdt (administrator) on MARIANCURDTPC on 29-01-2015 18:34:58
Running from C:\Users\Marian Curdt\Downloads
Loaded Profiles: Marian Curdt & UpdatusUser (Available profiles: Marian Curdt & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Spotify Ltd) C:\Users\Marian Curdt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Time Lapse Solutions) C:\ProgramData\NtiAgOWstf\dhtDXma.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Elex do Brasil Participações Ltda) C:\Users\Marian Curdt\AppData\Local\Temp\_@7A4E.tmp
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [839384 2014-09-16] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKU\S-1-5-21-1656074084-342888944-3947257893-1000\...\Run: [] => [X]
HKU\S-1-5-21-1656074084-342888944-3947257893-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-1656074084-342888944-3947257893-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1656074084-342888944-3947257893-1003\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIINE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-102 103 Series"
HKU\S-1-5-21-1656074084-342888944-3947257893-1003\...\Run: [Spotify Web Helper] => C:\Users\Marian Curdt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd)
HKU\S-1-5-21-1656074084-342888944-3947257893-1003\...\MountPoints2: {21fde83c-5e8b-11e3-8c52-d3a745ceaade} - G:\pushinst.exe
AppInit_DLLs: C:\ProgramData\Fast => C:\ProgramData\Fast File Not Found
AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\p6_19_erinnerung.lnk
ShortcutTarget: p6_19_erinnerung.lnk -> C:\Program Files (x86)\phase6\phase6_19\WinStart\p6erinnerung.exe (phase6)
Startup: C:\Users\Marian Curdt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk
ShortcutTarget: GameRanger.lnk -> C:\Users\Marian Curdt\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
Startup: C:\Users\Marian Curdt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1510 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1656074084-342888944-3947257893-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422550344&from=obw&uid=ST500DM002-1BD142_Z3T99M3NXXXXZ3T99M3N&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422550344&from=obw&uid=ST500DM002-1BD142_Z3T99M3NXXXXZ3T99M3N&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1656074084-342888944-3947257893-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422550344&from=obw&uid=ST500DM002-1BD142_Z3T99M3NXXXXZ3T99M3N&q={searchTerms}
HKU\S-1-5-21-1656074084-342888944-3947257893-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1656074084-342888944-3947257893-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422550344&from=obw&uid=ST500DM002-1BD142_Z3T99M3NXXXXZ3T99M3N&q={searchTerms}
HKU\S-1-5-21-1656074084-342888944-3947257893-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = 
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1656074084-342888944-3947257893-1000 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1656074084-342888944-3947257893-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1656074084-342888944-3947257893-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1656074084-342888944-3947257893-1003 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1656074084-342888944-3947257893-1003 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1656074084-342888944-3947257893-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0FtA0FtDtDzz0EzztAtByE0CtBtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=429356880&ir=
BHO: No Name -> {11111111-1111-1111-1111-110311281150} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name -> {11111111-1111-1111-1111-110311281150} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Marian Curdt\AppData\Roaming\Mozilla\Firefox\Profiles\q375034u.default-1422551480209
FF NewTab: hxxp://www.google.com
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-05]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Marian Curdt\AppData\Roaming\Mozilla\Firefox\Profiles\mezahl5h.default-1422375678338\extensions\fftoolbar2014@etech.com

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-22] (Avast Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-09-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-09-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-09-16] (BlueStack Systems, Inc.)
R2 dhtDXma; C:\ProgramData\NtiAgOWstf\dhtDXma.exe [2726256 2014-11-13] (Time Lapse Solutions)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-22] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Update PlumoWeb; "C:\Program Files (x86)\PlumoWeb\updatePlumoWeb.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-22] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-09-16] (BlueStack Systems)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-22] (Avast Software)
S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\appobserver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 18:34 - 2015-01-29 18:34 - 02130432 _____ (Farbar) C:\Users\Marian Curdt\Downloads\FRST64.exe
2015-01-29 18:26 - 2015-01-29 18:26 - 01121792 _____ (Farbar) C:\Users\Marian Curdt\Downloads\FRST.exe
2015-01-29 18:14 - 2015-01-29 18:14 - 00000000 ____D () C:\Windows\system32\log
2015-01-29 18:12 - 2015-01-29 18:12 - 01978096 _____ (Elex do Brasil Participações Ltda) C:\Users\Marian Curdt\Downloads\yet_another_cleaner_bbs.exe
2015-01-29 17:50 - 2015-01-29 17:52 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Roaming\Opera Software
2015-01-29 17:50 - 2015-01-29 17:50 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Local\Opera Software
2015-01-29 17:49 - 2015-01-29 17:52 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-29 17:49 - 2015-01-29 17:51 - 00000000 ____D () C:\Program Files (x86)\Boost
2015-01-29 17:47 - 2015-01-29 17:48 - 00598464 _____ () C:\Users\Marian Curdt\Downloads\Installation.exe
2015-01-29 17:07 - 2015-01-29 17:47 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2015-01-29 17:06 - 2015-01-29 17:06 - 06611376 _____ (Security Stronghold ) C:\Users\Marian Curdt\Downloads\StrongholdAntiMalware_Avangate.exe
2015-01-29 17:06 - 2015-01-29 17:06 - 00000197 _____ () C:\Windows\system32\2015-01-29-16-06-04.084-AvastVBoxSVC.exe-1868.log
2015-01-29 17:03 - 2015-01-29 18:28 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Local\ZombieNews
2015-01-29 17:01 - 2015-01-29 17:01 - 00000310 _____ () C:\Windows\PFRO.log
2015-01-29 14:59 - 2015-01-29 14:59 - 00000197 _____ () C:\Windows\system32\2015-01-29-13-59-51.018-AvastVBoxSVC.exe-3416.log
2015-01-28 21:40 - 2015-01-29 16:58 - 00074027 _____ () C:\Users\Marian Curdt\Desktop\drums mit pad.flp
2015-01-28 16:24 - 2015-01-28 16:24 - 00000197 _____ () C:\Windows\system32\2015-01-28-15-24-37.041-AvastVBoxSVC.exe-4784.log
2015-01-28 16:16 - 2015-01-28 16:16 - 00000197 _____ () C:\Windows\system32\2015-01-28-15-16-45.000-AvastVBoxSVC.exe-1676.log
2015-01-28 16:12 - 2015-01-28 16:12 - 04958600 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-27 17:37 - 2015-01-27 17:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-27 17:12 - 2015-01-29 17:01 - 00000504 _____ () C:\Windows\setupact.log
2015-01-27 17:12 - 2015-01-27 17:12 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-27 13:58 - 2015-01-27 13:58 - 00065256 _____ () C:\Users\Marian Curdt\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 13:58 - 2015-01-27 13:58 - 00000000 _____ () C:\autoexec.bat
2015-01-27 13:55 - 2015-01-27 13:55 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Marian Curdt\Downloads\SpyHunter-Installer.exe
2015-01-27 13:47 - 2015-01-27 13:47 - 00000197 _____ () C:\Windows\system32\2015-01-27-12-47-52.071-AvastVBoxSVC.exe-3512.log
2015-01-27 13:39 - 2015-01-27 13:40 - 02194432 _____ () C:\Users\Marian Curdt\Downloads\AdwCleaner09.exe
2015-01-27 13:33 - 2015-01-27 13:33 - 00000197 _____ () C:\Windows\system32\2015-01-27-12-33-12.046-AvastVBoxSVC.exe-1980.log
2015-01-25 15:03 - 2015-01-25 15:03 - 00000197 _____ () C:\Windows\system32\2015-01-25-14-03-04.090-AvastVBoxSVC.exe-4128.log
2015-01-23 13:41 - 2015-01-23 13:41 - 00000247 _____ () C:\Windows\system32\2015-01-23-12-41-19.016-aswFe.exe-3420.log
2015-01-23 13:33 - 2015-01-23 13:41 - 00000247 _____ () C:\Windows\system32\2015-01-23-12-33-34.009-aswFe.exe-2892.log
2015-01-23 13:33 - 2015-01-23 13:33 - 00000197 _____ () C:\Windows\system32\2015-01-23-12-33-26.092-AvastVBoxSVC.exe-848.log
2015-01-23 13:24 - 2015-01-23 13:24 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-01-23 13:24 - 2015-01-23 13:24 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-22 16:29 - 2015-01-22 16:29 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-22 16:29 - 2015-01-22 16:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-22 16:29 - 2015-01-22 16:29 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-22 12:49 - 2015-01-29 17:02 - 00001368 _____ () C:\Windows\Tasks\TXFAZSA.job
2015-01-22 12:49 - 2015-01-22 12:49 - 01535976 _____ (ObjectB) C:\Users\Marian Curdt\AppData\Roaming\TXFAZSA.exe
2015-01-22 12:49 - 2015-01-22 12:49 - 00004418 _____ () C:\Windows\System32\Tasks\TXFAZSA
2015-01-22 12:48 - 2015-01-29 17:02 - 00001364 _____ () C:\Windows\Tasks\WJCWK.job
2015-01-22 12:48 - 2015-01-22 12:48 - 02020328 _____ (ObjectB) C:\Users\Marian Curdt\AppData\Roaming\WJCWK.exe
2015-01-22 12:48 - 2015-01-22 12:48 - 00004414 _____ () C:\Windows\System32\Tasks\WJCWK
2015-01-20 17:00 - 2015-01-20 17:00 - 00056343 _____ () C:\Users\Marian Curdt\Desktop\untitled.flp
2015-01-20 15:02 - 2015-01-20 15:02 - 00002040 _____ () C:\Users\Marian Curdt\Desktop\FL Studio 11.lnk
2015-01-20 15:02 - 2015-01-20 15:02 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2015-01-19 20:34 - 2015-01-19 20:34 - 00000000 ____D () C:\Users\Marian Curdt\Desktop\VSTs
2015-01-19 20:05 - 2015-01-20 13:49 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2015-01-19 20:03 - 2015-01-19 20:03 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Roaming\Booster Web
2015-01-19 19:56 - 2015-01-19 20:00 - 00479824 _____ () C:\Users\Marian Curdt\Downloads\5StarLoops Sound Library__5160_i1452296211_il18653.exe
2015-01-19 19:40 - 2015-01-19 19:49 - 00479824 _____ () C:\Users\Marian Curdt\Downloads\5StarLoops Sound Library__5160_i1452283510_il18653.exe
2015-01-17 16:52 - 2015-01-21 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hypersonic 2
2015-01-17 16:52 - 2008-06-30 00:42 - 00368640 _____ (Propellerhead Software AB) C:\Windows\SysWOW64\ReWire.dll
2015-01-17 16:51 - 2015-01-17 16:51 - 00272409 _____ () C:\Windows\SysWOW64\TmpA15214824
2015-01-17 16:24 - 2015-01-19 20:05 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Roaming\DAEMON Tools Lite
2015-01-17 16:23 - 2015-01-17 16:25 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-17 16:23 - 2015-01-17 16:23 - 13429504 _____ (Disc Soft Ltd) C:\Users\Marian Curdt\Downloads\DTLite4491-0356.exe
2015-01-17 16:20 - 2015-01-17 16:20 - 00272409 _____ () C:\Windows\SysWOW64\TmpA13334466
2015-01-17 16:15 - 2015-01-17 16:15 - 00272409 _____ () C:\Windows\SysWOW64\TmpA13061682
2015-01-17 16:09 - 2015-01-17 16:09 - 00272409 _____ () C:\Windows\SysWOW64\TmpA12673677
2015-01-17 16:06 - 2015-01-17 16:06 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Roaming\Steinberg
2015-01-17 16:02 - 2015-01-17 16:02 - 00003170 _____ () C:\Windows\System32\Tasks\{4E41F9C3-D503-49D8-B689-7949F60414AE}
2015-01-17 15:52 - 2010-06-06 23:37 - 02785792 _____ (AiR) C:\Windows\SysWOW64\GuaD.dll
2015-01-17 15:51 - 2010-04-08 21:47 - 02442752 _____ (AD and Gouda © 1999-2010) C:\Windows\SysWOW64\SYNSOEMU.DLL
2015-01-14 18:13 - 2015-01-14 18:13 - 00468724 _____ () C:\Users\Marian Curdt\Downloads\UCBrowser_V9.5.0.449_JAVA_pf69_(en-us)_release_(Build14070211).jar
2015-01-14 18:13 - 2015-01-14 18:13 - 00468724 _____ () C:\Users\Marian Curdt\Downloads\UCBrowser_V9.5.0.449_JAVA_pf69_(en-us)_release_(Build14070211)(1).jar
2015-01-14 16:27 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:27 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:27 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:27 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 16:27 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 16:27 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 16:27 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:27 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:27 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 16:27 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:27 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:27 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 16:27 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-01 18:18 - 2015-01-01 18:20 - 07266796 _____ () C:\Users\Marian Curdt\Downloads\FreeDrumKits.net - 1115_Korg_IS50_Marimboyd.sf2

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 18:34 - 2013-12-15 22:04 - 00021256 _____ () C:\Users\Marian Curdt\Downloads\FRST.txt
2015-01-29 18:34 - 2013-11-23 12:50 - 00000000 ____D () C:\FRST
2015-01-29 17:56 - 2013-12-06 17:17 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-29 17:56 - 2013-12-06 17:17 - 00001147 _____ () C:\Users\Marian Curdt\Desktop\Mozilla Firefox.lnk
2015-01-29 17:56 - 2013-12-06 16:37 - 00001421 _____ () C:\Users\Marian Curdt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-29 17:52 - 2013-12-10 16:37 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Local\CrashDumps
2015-01-29 17:36 - 2013-12-06 17:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-29 17:17 - 2014-01-05 11:55 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Roaming\Spotify
2015-01-29 17:11 - 2009-07-14 05:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-29 17:11 - 2009-07-14 05:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-29 17:03 - 2013-12-21 19:33 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Local\LogMeIn Hamachi
2015-01-29 17:02 - 2014-08-24 15:04 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-29 17:02 - 2014-08-24 12:22 - 00000000 ____D () C:\Users\Public\Documents\phase6_19_Daten
2015-01-29 17:01 - 2013-12-06 18:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-29 17:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 17:00 - 2014-04-14 18:26 - 00000000 ____D () C:\AdwCleaner
2015-01-29 17:00 - 2013-12-06 16:24 - 01878770 _____ () C:\Windows\WindowsUpdate.log
2015-01-29 15:08 - 2013-12-06 17:34 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Local\Adobe
2015-01-27 14:05 - 2014-01-05 12:00 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Local\Spotify
2015-01-27 13:58 - 2013-12-06 16:36 - 00000000 ____D () C:\Users\Marian Curdt
2015-01-27 13:57 - 2013-12-06 17:09 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-27 13:56 - 2013-12-06 17:09 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Local\Google
2015-01-27 13:52 - 2014-06-18 19:04 - 02353664 ___SH () C:\Users\Marian Curdt\Desktop\Thumbs.db
2015-01-27 13:50 - 2013-12-07 13:04 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Roaming\TS3Client
2015-01-27 13:32 - 2014-02-05 16:08 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-25 15:36 - 2013-12-06 17:34 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 15:36 - 2013-12-06 17:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 15:36 - 2013-12-06 17:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-23 14:11 - 2014-04-30 20:21 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Roaming\Mp3tag
2015-01-22 16:29 - 2014-08-15 08:45 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-22 16:29 - 2014-02-05 16:07 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-22 16:29 - 2014-02-05 16:07 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-22 16:29 - 2014-02-05 16:07 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-22 16:29 - 2014-02-05 16:07 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-22 16:29 - 2014-02-05 16:07 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-22 16:29 - 2014-02-05 16:07 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-22 16:29 - 2014-02-05 16:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-21 16:46 - 2014-12-23 14:57 - 00003282 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-1656074084-342888944-3947257893-1000
2015-01-21 16:21 - 2014-03-03 14:49 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-01-20 15:04 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-20 14:58 - 2014-09-18 17:42 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-01-20 14:04 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini
2015-01-19 20:05 - 2014-06-30 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cube World
2015-01-19 20:05 - 2014-05-08 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2015-01-19 20:05 - 2013-12-06 18:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-19 20:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-19 19:46 - 2014-07-31 10:24 - 00012800 ___SH () C:\Users\Marian Curdt\Documents\Thumbs.db
2015-01-18 20:03 - 2013-12-10 17:58 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Local\Battle.net
2015-01-17 16:52 - 2014-11-17 19:19 - 00000000 ____D () C:\Program Files (x86)\steinberg
2015-01-17 16:27 - 2010-11-21 07:50 - 00700130 _____ () C:\Windows\system32\perfh007.dat
2015-01-17 16:27 - 2010-11-21 07:50 - 00149768 _____ () C:\Windows\system32\perfc007.dat
2015-01-17 16:27 - 2009-07-14 06:13 - 01622706 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 20:56 - 2013-12-06 18:52 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 20:51 - 2013-12-06 18:52 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-11 15:28 - 2013-12-06 18:56 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Roaming\.minecraft
2015-01-08 22:14 - 2013-12-25 13:08 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Roaming\Audacity
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 20:17 - 2014-06-16 12:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-05 20:17 - 2014-06-16 12:58 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== Files in the root of some directories =======

2013-12-18 21:45 - 2014-07-25 11:32 - 0000132 _____ () C:\Users\Marian Curdt\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\Marian Curdt\AppData\Roaming\TXFAZSA
2015-01-22 12:49 - 2015-01-22 12:49 - 1535976 _____ (ObjectB) C:\Users\Marian Curdt\AppData\Roaming\TXFAZSA.exe
2014-11-19 14:50 - 2014-11-22 12:50 - 0000130 _____ () C:\Users\Marian Curdt\AppData\Roaming\WB.CFG
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Marian Curdt\AppData\Roaming\WJCWK
2015-01-22 12:48 - 2015-01-22 12:48 - 2020328 _____ (ObjectB) C:\Users\Marian Curdt\AppData\Roaming\WJCWK.exe
2014-01-09 14:20 - 2014-01-09 14:20 - 0001456 _____ () C:\Users\Marian Curdt\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-12-10 15:18 - 2013-12-23 16:28 - 0004608 _____ () C:\Users\Marian Curdt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-22 12:50 - 2014-11-22 12:50 - 0000001 _____ () C:\Users\Marian Curdt\AppData\Local\DSI.DAT
2014-11-22 12:50 - 2014-11-22 12:50 - 0022528 _____ () C:\Users\Marian Curdt\AppData\Local\dsisetup12357302.exe
2014-04-29 18:09 - 2014-04-29 18:09 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Marian Curdt\AppData\Local\Temp\bcjcabfccbeg.exe
C:\Users\Marian Curdt\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Marian Curdt\AppData\Local\Temp\Quarantine.exe
C:\Users\Marian Curdt\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-27 16:07

==================== End Of Log ============================
         

Alt 29.01.2015, 17:38   #2
schrauber
/// the machine
/// TB-Ausbilder
 

n11.adshostne, Zombie News und andere Werbung - Standard

n11.adshostne, Zombie News und andere Werbung



Hi,

Addition.txt fehlt noch
__________________

__________________

Alt 29.01.2015, 17:46   #3
adan407
 
n11.adshostne, Zombie News und andere Werbung - Standard

n11.adshostne, Zombie News und andere Werbung



Sorry,
aber das sagt mir jetzt nichts. Was ist das genau ?
Ich kenn mich nicht so gut aus. Ich weiß nur das
man jedes Mal den FRST Log posten soll.

EDIT

Habs nochmal durchlaufen lassen jetzt hab ich beide Logs.

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Marian Curdt (administrator) on MARIANCURDTPC on 29-01-2015 18:48:59
Running from C:\Users\Marian Curdt\Desktop
Loaded Profiles: Marian Curdt & UpdatusUser (Available profiles: Marian Curdt & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Spotify Ltd) C:\Users\Marian Curdt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Time Lapse Solutions) C:\ProgramData\NtiAgOWstf\dhtDXma.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Image-Line) C:\Program Files (x86)\Image-Line\FL Studio 11\FL.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [839384 2014-09-16] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKU\S-1-5-21-1656074084-342888944-3947257893-1000\...\Run: [] => [X]
HKU\S-1-5-21-1656074084-342888944-3947257893-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-1656074084-342888944-3947257893-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1656074084-342888944-3947257893-1003\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIINE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-102 103 Series"
HKU\S-1-5-21-1656074084-342888944-3947257893-1003\...\Run: [Spotify Web Helper] => C:\Users\Marian Curdt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd)
HKU\S-1-5-21-1656074084-342888944-3947257893-1003\...\MountPoints2: {21fde83c-5e8b-11e3-8c52-d3a745ceaade} - G:\pushinst.exe
AppInit_DLLs: C:\ProgramData\Fast => C:\ProgramData\Fast File Not Found
AppInit_DLLs-x32: c:\progra~3\fastan~1\fastan~1.dll => "c:\progra~3\fastan~1\fastan~1.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\p6_19_erinnerung.lnk
ShortcutTarget: p6_19_erinnerung.lnk -> C:\Program Files (x86)\phase6\phase6_19\WinStart\p6erinnerung.exe (phase6)
Startup: C:\Users\Marian Curdt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk
ShortcutTarget: GameRanger.lnk -> C:\Users\Marian Curdt\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
Startup: C:\Users\Marian Curdt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1510 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1656074084-342888944-3947257893-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422550344&from=obw&uid=ST500DM002-1BD142_Z3T99M3NXXXXZ3T99M3N&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422550344&from=obw&uid=ST500DM002-1BD142_Z3T99M3NXXXXZ3T99M3N&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1656074084-342888944-3947257893-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422550344&from=obw&uid=ST500DM002-1BD142_Z3T99M3NXXXXZ3T99M3N&q={searchTerms}
HKU\S-1-5-21-1656074084-342888944-3947257893-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1656074084-342888944-3947257893-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422550344&from=obw&uid=ST500DM002-1BD142_Z3T99M3NXXXXZ3T99M3N&q={searchTerms}
HKU\S-1-5-21-1656074084-342888944-3947257893-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = 
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1656074084-342888944-3947257893-1000 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1656074084-342888944-3947257893-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1656074084-342888944-3947257893-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1656074084-342888944-3947257893-1003 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1656074084-342888944-3947257893-1003 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1656074084-342888944-3947257893-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtC0FtA0FtDtDzz0EzztAtByE0CtBtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=429356880&ir=
BHO: No Name -> {11111111-1111-1111-1111-110311281150} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name -> {11111111-1111-1111-1111-110311281150} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Marian Curdt\AppData\Roaming\Mozilla\Firefox\Profiles\q375034u.default-1422551480209
FF NewTab: hxxp://www.google.com
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-05]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Marian Curdt\AppData\Roaming\Mozilla\Firefox\Profiles\mezahl5h.default-1422375678338\extensions\fftoolbar2014@etech.com

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-22] (Avast Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed]
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-09-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-09-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-09-16] (BlueStack Systems, Inc.)
R2 dhtDXma; C:\ProgramData\NtiAgOWstf\dhtDXma.exe [2726256 2014-11-13] (Time Lapse Solutions)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-22] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Update PlumoWeb; "C:\Program Files (x86)\PlumoWeb\updatePlumoWeb.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-22] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-09-16] (BlueStack Systems)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-22] (AVM GmbH)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-22] (Avast Software)
S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\appobserver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 18:48 - 2015-01-29 18:49 - 00021174 _____ () C:\Users\Marian Curdt\Desktop\FRST.txt
2015-01-29 18:34 - 2015-01-29 18:34 - 02130432 _____ (Farbar) C:\Users\Marian Curdt\Desktop\FRST64.exe
2015-01-29 18:26 - 2015-01-29 18:26 - 01121792 _____ (Farbar) C:\Users\Marian Curdt\Downloads\FRST.exe
2015-01-29 18:14 - 2015-01-29 18:14 - 00000000 ____D () C:\Windows\system32\log
2015-01-29 18:12 - 2015-01-29 18:12 - 01978096 _____ (Elex do Brasil Participações Ltda) C:\Users\Marian Curdt\Downloads\yet_another_cleaner_bbs.exe
2015-01-29 17:50 - 2015-01-29 17:52 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Roaming\Opera Software
2015-01-29 17:50 - 2015-01-29 17:52 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Local\Opera Software
2015-01-29 17:49 - 2015-01-29 17:52 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-29 17:49 - 2015-01-29 17:51 - 00000000 ____D () C:\Program Files (x86)\Boost
2015-01-29 17:47 - 2015-01-29 17:48 - 00598464 _____ () C:\Users\Marian Curdt\Downloads\Installation.exe
2015-01-29 17:07 - 2015-01-29 17:47 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2015-01-29 17:06 - 2015-01-29 17:06 - 06611376 _____ (Security Stronghold ) C:\Users\Marian Curdt\Downloads\StrongholdAntiMalware_Avangate.exe
2015-01-29 17:06 - 2015-01-29 17:06 - 00000197 _____ () C:\Windows\system32\2015-01-29-16-06-04.084-AvastVBoxSVC.exe-1868.log
2015-01-29 17:03 - 2015-01-29 18:46 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Local\ZombieNews
2015-01-29 17:01 - 2015-01-29 17:01 - 00000310 _____ () C:\Windows\PFRO.log
2015-01-29 14:59 - 2015-01-29 15:00 - 00000197 _____ () C:\Windows\system32\2015-01-29-13-59-51.018-AvastVBoxSVC.exe-3416.log
2015-01-28 21:40 - 2015-01-29 16:58 - 00074027 _____ () C:\Users\Marian Curdt\Desktop\drums mit pad.flp
2015-01-28 16:24 - 2015-01-28 16:24 - 00000197 _____ () C:\Windows\system32\2015-01-28-15-24-37.041-AvastVBoxSVC.exe-4784.log
2015-01-28 16:16 - 2015-01-28 16:17 - 00000197 _____ () C:\Windows\system32\2015-01-28-15-16-45.000-AvastVBoxSVC.exe-1676.log
2015-01-28 16:12 - 2015-01-28 16:12 - 04958600 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-27 17:37 - 2015-01-27 17:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-27 17:12 - 2015-01-29 17:01 - 00000504 _____ () C:\Windows\setupact.log
2015-01-27 17:12 - 2015-01-27 17:12 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-27 13:58 - 2015-01-27 13:58 - 00065256 _____ () C:\Users\Marian Curdt\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 13:58 - 2015-01-27 13:58 - 00000000 _____ () C:\autoexec.bat
2015-01-27 13:55 - 2015-01-27 13:55 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Marian Curdt\Downloads\SpyHunter-Installer.exe
2015-01-27 13:47 - 2015-01-27 13:47 - 00000197 _____ () C:\Windows\system32\2015-01-27-12-47-52.071-AvastVBoxSVC.exe-3512.log
2015-01-27 13:39 - 2015-01-27 13:40 - 02194432 _____ () C:\Users\Marian Curdt\Downloads\AdwCleaner09.exe
2015-01-27 13:33 - 2015-01-27 13:33 - 00000197 _____ () C:\Windows\system32\2015-01-27-12-33-12.046-AvastVBoxSVC.exe-1980.log
2015-01-25 15:03 - 2015-01-25 15:03 - 00000197 _____ () C:\Windows\system32\2015-01-25-14-03-04.090-AvastVBoxSVC.exe-4128.log
2015-01-23 13:41 - 2015-01-23 13:41 - 00000247 _____ () C:\Windows\system32\2015-01-23-12-41-19.016-aswFe.exe-3420.log
2015-01-23 13:33 - 2015-01-23 13:41 - 00000247 _____ () C:\Windows\system32\2015-01-23-12-33-34.009-aswFe.exe-2892.log
2015-01-23 13:33 - 2015-01-23 13:33 - 00000197 _____ () C:\Windows\system32\2015-01-23-12-33-26.092-AvastVBoxSVC.exe-848.log
2015-01-23 13:24 - 2015-01-23 13:24 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-01-23 13:24 - 2015-01-23 13:24 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-22 16:29 - 2015-01-22 16:29 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-22 16:29 - 2015-01-22 16:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-22 16:29 - 2015-01-22 16:29 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-22 12:49 - 2015-01-29 17:02 - 00001368 _____ () C:\Windows\Tasks\TXFAZSA.job
2015-01-22 12:49 - 2015-01-22 12:49 - 01535976 _____ (ObjectB) C:\Users\Marian Curdt\AppData\Roaming\TXFAZSA.exe
2015-01-22 12:49 - 2015-01-22 12:49 - 00004418 _____ () C:\Windows\System32\Tasks\TXFAZSA
2015-01-22 12:48 - 2015-01-29 17:02 - 00001364 _____ () C:\Windows\Tasks\WJCWK.job
2015-01-22 12:48 - 2015-01-22 12:48 - 02020328 _____ (ObjectB) C:\Users\Marian Curdt\AppData\Roaming\WJCWK.exe
2015-01-22 12:48 - 2015-01-22 12:48 - 00004414 _____ () C:\Windows\System32\Tasks\WJCWK
2015-01-20 17:00 - 2015-01-20 17:00 - 00056343 _____ () C:\Users\Marian Curdt\Desktop\untitled.flp
2015-01-20 15:02 - 2015-01-20 15:02 - 00002040 _____ () C:\Users\Marian Curdt\Desktop\FL Studio 11.lnk
2015-01-20 15:02 - 2015-01-20 15:02 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2015-01-19 20:34 - 2015-01-19 20:34 - 00000000 ____D () C:\Users\Marian Curdt\Desktop\VSTs
2015-01-19 20:05 - 2015-01-20 13:49 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2015-01-19 20:03 - 2015-01-19 20:03 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Roaming\Booster Web
2015-01-19 19:56 - 2015-01-19 20:00 - 00479824 _____ () C:\Users\Marian Curdt\Downloads\5StarLoops Sound Library__5160_i1452296211_il18653.exe
2015-01-19 19:40 - 2015-01-19 19:49 - 00479824 _____ () C:\Users\Marian Curdt\Downloads\5StarLoops Sound Library__5160_i1452283510_il18653.exe
2015-01-17 16:52 - 2015-01-21 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hypersonic 2
2015-01-17 16:52 - 2008-06-30 00:42 - 00368640 _____ (Propellerhead Software AB) C:\Windows\SysWOW64\ReWire.dll
2015-01-17 16:51 - 2015-01-17 16:51 - 00272409 _____ () C:\Windows\SysWOW64\TmpA15214824
2015-01-17 16:24 - 2015-01-19 20:05 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Roaming\DAEMON Tools Lite
2015-01-17 16:23 - 2015-01-17 16:25 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-17 16:23 - 2015-01-17 16:23 - 13429504 _____ (Disc Soft Ltd) C:\Users\Marian Curdt\Downloads\DTLite4491-0356.exe
2015-01-17 16:20 - 2015-01-17 16:20 - 00272409 _____ () C:\Windows\SysWOW64\TmpA13334466
2015-01-17 16:15 - 2015-01-17 16:15 - 00272409 _____ () C:\Windows\SysWOW64\TmpA13061682
2015-01-17 16:09 - 2015-01-17 16:09 - 00272409 _____ () C:\Windows\SysWOW64\TmpA12673677
2015-01-17 16:06 - 2015-01-17 16:06 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Roaming\Steinberg
2015-01-17 16:02 - 2015-01-17 16:02 - 00003170 _____ () C:\Windows\System32\Tasks\{4E41F9C3-D503-49D8-B689-7949F60414AE}
2015-01-17 15:52 - 2010-06-06 23:37 - 02785792 _____ (AiR) C:\Windows\SysWOW64\GuaD.dll
2015-01-17 15:51 - 2010-04-08 21:47 - 02442752 _____ (AD and Gouda © 1999-2010) C:\Windows\SysWOW64\SYNSOEMU.DLL
2015-01-14 18:13 - 2015-01-14 18:13 - 00468724 _____ () C:\Users\Marian Curdt\Downloads\UCBrowser_V9.5.0.449_JAVA_pf69_(en-us)_release_(Build14070211).jar
2015-01-14 18:13 - 2015-01-14 18:13 - 00468724 _____ () C:\Users\Marian Curdt\Downloads\UCBrowser_V9.5.0.449_JAVA_pf69_(en-us)_release_(Build14070211)(1).jar
2015-01-14 16:27 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:27 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:27 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:27 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 16:27 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 16:27 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 16:27 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:27 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:27 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 16:27 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:27 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:27 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 16:27 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-01 18:18 - 2015-01-01 18:20 - 07266796 _____ () C:\Users\Marian Curdt\Downloads\FreeDrumKits.net - 1115_Korg_IS50_Marimboyd.sf2

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 18:49 - 2013-11-23 12:50 - 00000000 ____D () C:\FRST
2015-01-29 18:36 - 2013-12-06 17:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-29 18:35 - 2013-12-15 22:04 - 00038988 _____ () C:\Users\Marian Curdt\Downloads\FRST.txt
2015-01-29 17:56 - 2013-12-06 17:17 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-29 17:56 - 2013-12-06 17:17 - 00001147 _____ () C:\Users\Marian Curdt\Desktop\Mozilla Firefox.lnk
2015-01-29 17:56 - 2013-12-06 16:37 - 00001421 _____ () C:\Users\Marian Curdt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-29 17:52 - 2013-12-10 16:37 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Local\CrashDumps
2015-01-29 17:17 - 2014-01-05 11:55 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Roaming\Spotify
2015-01-29 17:11 - 2009-07-14 05:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-29 17:11 - 2009-07-14 05:45 - 00028704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-29 17:08 - 2013-12-06 16:24 - 01878770 _____ () C:\Windows\WindowsUpdate.log
2015-01-29 17:03 - 2013-12-21 19:33 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Local\LogMeIn Hamachi
2015-01-29 17:02 - 2014-08-24 15:04 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-29 17:02 - 2014-08-24 12:22 - 00000000 ____D () C:\Users\Public\Documents\phase6_19_Daten
2015-01-29 17:01 - 2013-12-06 18:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-29 17:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 17:00 - 2014-04-14 18:26 - 00000000 ____D () C:\AdwCleaner
2015-01-29 15:08 - 2013-12-06 17:34 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Local\Adobe
2015-01-27 14:05 - 2014-01-05 12:00 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Local\Spotify
2015-01-27 13:58 - 2013-12-06 16:36 - 00000000 ____D () C:\Users\Marian Curdt
2015-01-27 13:57 - 2013-12-06 17:09 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-27 13:56 - 2013-12-06 17:09 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Local\Google
2015-01-27 13:52 - 2014-06-18 19:04 - 02353664 ___SH () C:\Users\Marian Curdt\Desktop\Thumbs.db
2015-01-27 13:50 - 2013-12-07 13:04 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Roaming\TS3Client
2015-01-27 13:32 - 2014-02-05 16:08 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-25 15:36 - 2013-12-06 17:34 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 15:36 - 2013-12-06 17:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 15:36 - 2013-12-06 17:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-23 14:11 - 2014-04-30 20:21 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Roaming\Mp3tag
2015-01-22 16:29 - 2014-08-15 08:45 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-22 16:29 - 2014-02-05 16:07 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-22 16:29 - 2014-02-05 16:07 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-22 16:29 - 2014-02-05 16:07 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-22 16:29 - 2014-02-05 16:07 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-22 16:29 - 2014-02-05 16:07 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-22 16:29 - 2014-02-05 16:07 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-22 16:29 - 2014-02-05 16:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-21 16:46 - 2014-12-23 14:57 - 00003282 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-1656074084-342888944-3947257893-1000
2015-01-21 16:21 - 2014-03-03 14:49 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-01-20 15:04 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-20 14:58 - 2014-09-18 17:42 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-01-20 14:04 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini
2015-01-19 20:05 - 2014-06-30 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cube World
2015-01-19 20:05 - 2014-05-08 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2015-01-19 20:05 - 2013-12-06 18:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-19 20:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-19 19:46 - 2014-07-31 10:24 - 00012800 ___SH () C:\Users\Marian Curdt\Documents\Thumbs.db
2015-01-18 20:03 - 2013-12-10 17:58 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Local\Battle.net
2015-01-17 16:52 - 2014-11-17 19:19 - 00000000 ____D () C:\Program Files (x86)\steinberg
2015-01-17 16:27 - 2010-11-21 07:50 - 00700130 _____ () C:\Windows\system32\perfh007.dat
2015-01-17 16:27 - 2010-11-21 07:50 - 00149768 _____ () C:\Windows\system32\perfc007.dat
2015-01-17 16:27 - 2009-07-14 06:13 - 01622706 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 20:56 - 2013-12-06 18:52 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 20:51 - 2013-12-06 18:52 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-11 15:28 - 2013-12-06 18:56 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Roaming\.minecraft
2015-01-08 22:14 - 2013-12-25 13:08 - 00000000 ____D () C:\Users\Marian Curdt\AppData\Roaming\Audacity
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 20:17 - 2014-06-16 12:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-05 20:17 - 2014-06-16 12:58 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== Files in the root of some directories =======

2013-12-18 21:45 - 2014-07-25 11:32 - 0000132 _____ () C:\Users\Marian Curdt\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\Marian Curdt\AppData\Roaming\TXFAZSA
2015-01-22 12:49 - 2015-01-22 12:49 - 1535976 _____ (ObjectB) C:\Users\Marian Curdt\AppData\Roaming\TXFAZSA.exe
2014-11-19 14:50 - 2014-11-22 12:50 - 0000130 _____ () C:\Users\Marian Curdt\AppData\Roaming\WB.CFG
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Marian Curdt\AppData\Roaming\WJCWK
2015-01-22 12:48 - 2015-01-22 12:48 - 2020328 _____ (ObjectB) C:\Users\Marian Curdt\AppData\Roaming\WJCWK.exe
2014-01-09 14:20 - 2014-01-09 14:20 - 0001456 _____ () C:\Users\Marian Curdt\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-12-10 15:18 - 2013-12-23 16:28 - 0004608 _____ () C:\Users\Marian Curdt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-22 12:50 - 2014-11-22 12:50 - 0000001 _____ () C:\Users\Marian Curdt\AppData\Local\DSI.DAT
2014-11-22 12:50 - 2014-11-22 12:50 - 0022528 _____ () C:\Users\Marian Curdt\AppData\Local\dsisetup12357302.exe
2014-04-29 18:09 - 2014-04-29 18:09 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\Marian Curdt\AppData\Local\Temp\bcjcabfccbeg.exe
C:\Users\Marian Curdt\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Marian Curdt\AppData\Local\Temp\Quarantine.exe
C:\Users\Marian Curdt\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-27 16:07

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by Marian Curdt at 2015-01-29 18:49:18
Running from C:\Users\Marian Curdt\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Audition CC (HKLM-x32\...\{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.2.1.260 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 - Michael Tippach)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AutoHotkey 1.1.13.01 (HKLM\...\AutoHotkey) (Version: 1.1.13.01 - Lexikos)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version:  - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.5.0.0 - Electronic Arts)
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.3.4070 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{B40D9A2E-C9CA-4402-A0B7-09E33C03B9C5}) (Version: 0.9.3.4070 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{F5C9BE9A-04C3-4A72-8CD0-BB67C722D608}) (Version: 8.1.2.1344 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube to MP3 Converter version 3.12.17.1125 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1125 - DVDVideoSoft Ltd.)
GameRanger (HKU\S-1-5-21-1656074084-342888944-3947257893-1000\...\GameRanger) (Version:  - GameRanger Technologies)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Update Helper (x32 Version: 70.3.29.7018 - Google Inc.) Hidden
Gothic (HKLM-x32\...\Steam App 65540) (Version:  - Piranha – Bytes )
Gothic_Patch (HKLM-x32\...\{302AC480-43D2-11D5-A818-00500435FC18}) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HP Deskjet 1510 series - Grundlegende Software für das Gerät (HKLM\...\{FD79E5D2-5CFE-49C2-9461-D011D1355696}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 1510 series Hilfe (HKLM-x32\...\{23972F22-BA23-4C61-9F91-B9470E1563EB}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mp3tag v2.59a (HKLM-x32\...\Mp3tag) (Version: v2.59a - Florian Heidenreich)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-1656074084-342888944-3947257893-1000\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-1656074084-342888944-3947257893-1003\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
phase6_19 (HKLM-x32\...\{65D70656-D248-4C83-B594-E3029C43B37A}) (Version: 1.90.0000 - phase6)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
Reus (HKLM-x32\...\Steam App 222730) (Version:  - Abbey Games)
Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version:  - Piranha Bytes)
Saints Row 2 (HKLM-x32\...\Steam App 9480) (Version:  - Volition)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1656074084-342888944-3947257893-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spotify (HKU\S-1-5-21-1656074084-342888944-3947257893-1003\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Steinberg Hypersonic VSTi DXi v2.0 (HKLM-x32\...\Steinberg Hypersonic VSTi DXi_is1) (Version:  - )
Stronghold Crusader HD (HKLM-x32\...\Steam App 40970) (Version:  - FireFly Studios)
Styx: Master of Shadows (HKLM-x32\...\Steam App 242640) (Version:  - Cyanide Studio)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Tiny and Big: Grandpa's Leftovers (HKLM-x32\...\Steam App 205910) (Version:  - Black Pants Game Studio)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BE94768F-5232-11E3-BD78-F04DA23A5C58}) (Version: 12.0.770 - Sony)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-01-2015 16:27:23 avast! antivirus system restore point
27-01-2015 13:36:33 Windows Update
27-01-2015 13:53:50 Removed Microsoft Silverlight

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-04-13 20:14 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D7BDDF7-AA7E-475B-9E27-4C881BB6E170} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-22] (AVAST Software)
Task: {0DE5228A-0A07-443E-BC5B-C318537AA76B} - System32\Tasks\WJCWK => C:\Users\Marian Curdt\AppData\Roaming\WJCWK.exe [2015-01-22] (ObjectB) <==== ATTENTION
Task: {1390B8FF-5F7C-4848-A7F8-C179D7DC38BB} - System32\Tasks\{E4844B58-3801-475A-AFC0-5F103AE3873B} => pcalua.exe -a "C:\Users\Marian Curdt\Downloads\GameRangerSetup.exe" -d "C:\Users\Marian Curdt\Downloads"
Task: {1C0D8EAE-6AFB-48E2-8630-21492BC7812F} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {1DD23FF3-F4A1-4323-9403-95B9C2A8E847} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {40555753-9863-4C56-AEFA-22315773ABE6} - System32\Tasks\AdobeAAMUpdater-1.0-MarianCurdtPC-Marian Curdt => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)
Task: {4301A476-D267-4A0E-9902-ED48660D3324} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {50499318-9154-4228-9404-256202C93CF7} - System32\Tasks\{15DFB77F-763F-4561-B17C-29AFD4F0185A} => pcalua.exe -a "C:\Users\Marian Curdt\AppData\Roaming\mystartsearch\UninstallManager.exe" -c -ptid=epom2
Task: {5944F998-FF45-411D-B7FE-0EC360DBE45A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9CF2D2B6-9DAF-4255-A1CC-7CE85276EEA6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {A4974F52-8C19-4E6E-81FD-68861C62CFF0} - System32\Tasks\{51C95BFA-FBA3-4117-90E4-46154531F0C2} => pcalua.exe -a "C:\Program Files (x86)\BlueStacks\HD-RuntimeUninstaller.exe"
Task: {BEE13837-2AF0-4607-BA40-AEA31BA81337} - System32\Tasks\{4E41F9C3-D503-49D8-B689-7949F60414AE} => pcalua.exe -a "C:\Users\Marian Curdt\Desktop\setup.exe" -d "C:\Users\Marian Curdt\Desktop"
Task: {BF9A4B4B-CFE2-4FAC-B48A-A3D319419EAC} - System32\Tasks\{75C1B7B4-7594-40DD-B866-F5A13294F4BB} => pcalua.exe -a "C:\Users\Marian Curdt\Downloads\epson374730eu.exe" -d "C:\Users\Marian Curdt\Downloads"
Task: {C0837618-74D6-4F3F-94C7-215D2736AFC5} - System32\Tasks\avastBCLRestartS-1-5-21-1656074084-342888944-3947257893-1000 => Firefox.exe 
Task: {D167BBF3-8A2A-47A9-9E68-7C6DAC1EBEB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {E63EBBF3-C239-4BA0-8944-7388B4422164} - System32\Tasks\TXFAZSA => C:\Users\Marian Curdt\AppData\Roaming\TXFAZSA.exe [2015-01-22] (ObjectB) <==== ATTENTION
Task: {EBC9CB1D-06BD-48EF-B2AD-18892B010013} - System32\Tasks\hpUrlLauncher.exe_{5AA93921-2E13-494F-B126-FD0E1BAF48A4} => C:\Program Files\HP\HP Deskjet 1510 series\Bin\utils\hpUrlLauncher.exe [2014-03-06] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\TXFAZSA.job => C:\Users\Marian Curdt\AppData\Roaming\TXFAZSA.exe <==== ATTENTION
Task: C:\Windows\Tasks\WJCWK.job => C:\Users\Marian Curdt\AppData\Roaming\WJCWK.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-12-06 18:08 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-16 18:02 - 2013-10-16 18:02 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2013-12-15 13:47 - 2013-12-22 13:05 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-01-22 16:29 - 2015-01-22 16:29 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2015-01-22 16:29 - 2015-01-22 16:29 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2015-01-29 14:59 - 2015-01-29 14:59 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012900\algo.dll
2015-01-22 16:29 - 2015-01-22 16:29 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 15:04 - 2014-04-23 15:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2013-10-02 20:30 - 2013-10-02 20:30 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2013-04-15 13:26 - 2013-04-15 13:26 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2013-10-02 20:28 - 2013-10-02 20:28 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2013-10-02 20:29 - 2013-10-02 20:29 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2013-10-02 20:28 - 2013-10-02 20:28 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2013-10-02 20:30 - 2013-10-02 20:30 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2015-01-22 16:29 - 2015-01-22 16:29 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-22 12:44 - 2013-09-17 03:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-27 17:37 - 2015-01-27 17:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-25 15:36 - 2015-01-25 15:36 - 16844976 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
2014-08-25 14:11 - 2014-08-25 14:11 - 26765944 _____ () C:\Program Files (x86)\Image-Line\Shared\dsp_ipp.dll
2014-04-23 13:54 - 2014-04-23 13:54 - 00515192 _____ () C:\Program Files (x86)\Image-Line\Shared\QuickFontCache.dll
2012-08-15 11:01 - 2012-08-15 11:01 - 00487032 _____ () C:\Program Files (x86)\Image-Line\Shared\freetype.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Marian Curdt\Downloads\5StarLoops Sound Library__5160_i1452283510_il18653.exe:typelib
AlternateDataStreams: C:\Users\Marian Curdt\Downloads\5StarLoops Sound Library__5160_i1452296211_il18653.exe:typelib

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCEPServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1656074084-342888944-3947257893-500 - Administrator - Disabled)
Gast (S-1-5-21-1656074084-342888944-3947257893-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1656074084-342888944-3947257893-1002 - Limited - Enabled)
Marian Curdt (S-1-5-21-1656074084-342888944-3947257893-1000 - Administrator - Enabled) => C:\Users\Marian Curdt
UpdatusUser (S-1-5-21-1656074084-342888944-3947257893-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/29/2015 05:52:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xb20
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/29/2015 05:03:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 04:59:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17496, Zeitstempel: 0x546fdf97
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeb033f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000002853
ID des fehlerhaften Prozesses: 0xf28
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (01/29/2015 03:31:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xa44
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/29/2015 02:59:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 04:21:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 04:15:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2015 05:15:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xa14
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/27/2015 05:15:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1160
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (01/27/2015 02:27:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x19b0
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3


System errors:
=============
Error: (01/29/2015 05:03:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde nicht richtig gestartet.

Error: (01/29/2015 05:02:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update PlumoWeb" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/29/2015 05:02:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (01/29/2015 02:58:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update PlumoWeb" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/29/2015 02:58:23 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (01/28/2015 04:21:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update PlumoWeb" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/28/2015 04:21:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (01/28/2015 04:15:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update PlumoWeb" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/28/2015 04:15:09 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (01/28/2015 04:13:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "BlueStacks Log Rotator Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (01/29/2015 05:52:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425b2001d03be2712e4262C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll331ef5a0-a7d7-11e4-b854-001f3f008e83

Error: (01/29/2015 05:03:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/29/2015 04:59:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17496546fdf97msvcrt.dll7.0.7601.177444eeb033fc00000050000000000002853f2801d03bdc61f46c6fC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\msvcrt.dlld99f751b-a7cf-11e4-b36f-001f3f008e83

Error: (01/29/2015 03:31:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425a4401d03bcf358ce92aC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll83c4cf01-a7c3-11e4-b36f-001f3f008e83

Error: (01/29/2015 02:59:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 04:21:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 04:15:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/27/2015 05:15:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d48000000300001425a1401d03a4c38c55966C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllb87962b0-a63f-11e4-a77f-001f3f008e83

Error: (01/27/2015 05:15:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d48000000300001425116001d03a4c50eda1e3C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllafecb134-a63f-11e4-a77f-001f3f008e83

Error: (01/27/2015 02:27:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d4800000030000142519b001d03a349eaad0a8C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll350d4e28-a628-11e4-a77f-001f3f008e83


CodeIntegrity Errors:
===================================
  Date: 2014-04-13 21:14:07.858
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-04-13 21:14:07.827
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 39%
Total physical RAM: 8136.93 MB
Available physical RAM: 4885.05 MB
Total Pagefile: 16272.04 MB
Available Pagefile: 12530.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:244.04 GB) (Free:66.69 GB) NTFS
Drive d: () (Fixed) (Total:221.62 GB) (Free:5.47 GB) NTFS
Drive e: (Siedler_II_DNGLE) (CDROM) (Total:0.61 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8F85853A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 30.01.2015, 06:49   #4
schrauber
/// the machine
/// TB-Ausbilder
 

n11.adshostne, Zombie News und andere Werbung - Standard

n11.adshostne, Zombie News und andere Werbung



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.01.2015, 11:27   #5
adan407
 
n11.adshostne, Zombie News und andere Werbung - Standard

n11.adshostne, Zombie News und andere Werbung



Hier der Log :
Code:
ATTFilter
ComboFix 15-01-29.01 - Marian Curdt 30.01.2015  11:51:06.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8137.5398 [GMT 1:00]
ausgeführt von:: c:\users\Marian Curdt\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marian Curdt\AppData\Local\dsisetup12357302.exe
c:\users\Marian Curdt\AppData\Local\Temp\NOSEventMessages.dll
c:\users\MARIAN~1\AppData\Local\Temp\NOSEventMessages.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-28 bis 2015-01-30  ))))))))))))))))))))))))))))))
.
.
2015-01-30 10:58 . 2015-01-30 10:58	--------	d-----w-	c:\users\wangzhisong\AppData\Local\temp
2015-01-30 10:58 . 2015-01-30 10:58	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2015-01-30 10:58 . 2015-01-30 10:58	--------	d-----w-	c:\users\Public\AppData\Local\temp
2015-01-30 10:58 . 2015-01-30 10:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-30 10:54 . 2015-01-30 10:54	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{31E772D8-2FB7-45C8-9F80-2053A73E2D80}\offreg.dll
2015-01-29 17:14 . 2015-01-29 17:14	--------	d-----w-	c:\windows\system32\log
2015-01-29 16:50 . 2015-01-29 16:52	--------	d-----w-	c:\users\Marian Curdt\AppData\Roaming\Opera Software
2015-01-29 16:50 . 2015-01-29 16:52	--------	d-----w-	c:\users\Marian Curdt\AppData\Local\Opera Software
2015-01-29 16:49 . 2015-01-29 16:52	--------	d-----w-	c:\program files (x86)\Opera
2015-01-29 16:03 . 2015-01-29 18:24	--------	d-----w-	c:\users\Marian Curdt\AppData\Local\ZombieNews
2015-01-27 12:36 . 2014-12-02 10:26	11870360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{31E772D8-2FB7-45C8-9F80-2053A73E2D80}\mpengine.dll
2015-01-23 12:24 . 2015-01-23 12:24	--------	d-----w-	c:\windows\SysWow64\vbox
2015-01-23 12:24 . 2015-01-23 12:24	--------	d-----w-	c:\windows\system32\vbox
2015-01-22 15:29 . 2015-01-22 15:29	364512	----a-w-	c:\windows\system32\aswBoot.exe
2015-01-22 15:29 . 2015-01-22 15:29	43152	----a-w-	c:\windows\avastSS.scr
2015-01-22 11:49 . 2015-01-22 11:49	1535976	----a-w-	c:\users\Marian Curdt\AppData\Roaming\TXFAZSA.exe
2015-01-22 11:48 . 2015-01-22 11:48	2020328	----a-w-	c:\users\Marian Curdt\AppData\Roaming\WJCWK.exe
2015-01-20 14:02 . 2015-01-20 14:02	--------	d-----w-	c:\program files (x86)\VstPlugins
2015-01-19 19:05 . 2015-01-20 12:49	--------	d-----w-	c:\program files\Common Files\ShopperPro
2015-01-19 19:04 . 2015-01-19 19:04	--------	d-----w-	c:\users\Marian Curdt\AppData\Local\Installer
2015-01-19 19:03 . 2015-01-19 19:03	--------	d-----w-	c:\users\Marian Curdt\AppData\Roaming\Booster Web
2015-01-17 15:52 . 2008-06-29 23:42	368640	----a-w-	c:\windows\SysWow64\ReWire.dll
2015-01-17 15:24 . 2015-01-19 19:05	--------	d-----w-	c:\users\Marian Curdt\AppData\Roaming\DAEMON Tools Lite
2015-01-17 15:23 . 2015-01-17 15:25	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2015-01-17 15:06 . 2015-01-17 15:06	--------	d-----w-	c:\users\Marian Curdt\AppData\Roaming\Steinberg
2015-01-17 14:52 . 2010-06-06 22:37	2785792	----a-w-	c:\windows\SysWow64\GuaD.dll
2015-01-17 14:51 . 2010-04-08 20:47	2442752	----a-w-	c:\windows\SysWow64\SYNSOEMU.DLL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-25 14:36 . 2013-12-06 16:34	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-25 14:36 . 2013-12-06 16:34	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-22 15:29 . 2014-02-05 15:07	1050432	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2015-01-22 15:29 . 2014-08-15 07:45	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-01-22 15:29 . 2014-02-05 15:07	116728	----a-w-	c:\windows\system32\drivers\aswStm.sys
2015-01-22 15:29 . 2014-02-05 15:07	83280	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2015-01-22 15:29 . 2014-02-05 15:07	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-01-22 15:29 . 2014-02-05 15:07	436624	----a-w-	c:\windows\system32\drivers\aswsp.sys
2015-01-22 15:29 . 2014-02-05 15:07	267632	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-01-22 15:29 . 2014-02-05 15:07	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2015-01-14 19:51 . 2013-12-06 17:52	113365784	----a-w-	c:\windows\system32\MRT.exe
2015-01-06 03:36 . 2010-11-21 03:27	298120	------w-	c:\windows\system32\MpSigStub.exe
2015-01-05 08:40 . 2015-01-05 08:40	245008	----a-w-	c:\windows\apppatch\AppPatch64\VCLdr64.dll
2015-01-05 08:40 . 2015-01-05 08:40	215312	----a-w-	c:\windows\apppatch\nbin\VC32Loader.dll
2014-12-13 05:09 . 2014-12-18 16:16	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 16:16	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-13 10:19	413184	----a-w-	c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-13 10:19	741376	----a-w-	c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-13 10:19	396800	----a-w-	c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-13 10:19	830976	----a-w-	c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-13 10:19	192000	----a-w-	c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-13 10:19	227328	----a-w-	c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-13 10:19	1083392	----a-w-	c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-13 10:19	1232040	----a-w-	c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-13 10:19	389296	----a-w-	c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-13 10:19	25059840	----a-w-	c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-13 10:19	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-13 10:19	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-13 10:19	66560	----a-w-	c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-13 10:19	580096	----a-w-	c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-13 10:19	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-13 10:19	2885120	----a-w-	c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-13 10:19	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-13 10:19	54784	----a-w-	c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-13 10:19	34304	----a-w-	c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-13 10:19	633856	----a-w-	c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-13 10:19	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-13 10:19	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-13 10:19	6039552	----a-w-	c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-13 10:19	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-13 10:19	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-13 10:19	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-13 10:19	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-13 10:19	199680	----a-w-	c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-13 10:19	92160	----a-w-	c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-13 10:19	501248	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-13 10:19	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-13 10:19	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-13 10:19	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-13 10:19	316928	----a-w-	c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-13 10:19	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-13 10:19	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-13 10:19	800768	----a-w-	c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-13 10:19	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-13 10:19	2125312	----a-w-	c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-13 10:19	14412800	----a-w-	c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-13 10:19	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-13 10:19	4299264	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-13 10:19	2358272	----a-w-	c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-13 10:19	2052096	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-13 10:19	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-13 10:19	1548288	----a-w-	c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-13 10:19	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-13 10:19	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2014-11-17 12:50 . 2014-11-17 12:50	73728	----a-w-	c:\windows\SysWow64\tasks.dll
2014-11-11 03:09 . 2014-12-13 10:19	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 18:34	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 18:34	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-13 10:19	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 18:34	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 18:34	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-13 10:19	119296	----a-w-	c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-13 10:16	2048	----a-w-	c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-13 10:16	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2013-10-02 1090912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-27 5227112]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-02-22 292088]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-09-16 839384]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-12-13 3838800]
.
c:\users\Marian Curdt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameRanger.lnk - c:\users\Marian Curdt\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe /autostart [2009-7-1 1792168]
Tintenwarnungen überwachen - HP Deskjet 1510 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 1510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN3C71NGT005YR;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
p6_19_erinnerung.lnk - c:\program files (x86)\phase6\phase6_19\WinStart\p6erinnerung.exe [2007-2-11 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 iSafeKrnlMon;YAC Monitor Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Update PlumoWeb;Update PlumoWeb;c:\program files (x86)\PlumoWeb\updatePlumoWeb.exe;c:\program files (x86)\PlumoWeb\updatePlumoWeb.exe [x]
R3 AppObserver;Application creation observer;c:\program files (x86)\NetRatingsNetSight\NetSight\meter2\appobserver64.sys;c:\program files (x86)\NetRatingsNetSight\NetSight\meter2\appobserver64.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 dhtDXma;dhtDXma;c:\programdata\NtiAgOWstf\dhtDXma.exe;c:\programdata\NtiAgOWstf\dhtDXma.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusbn.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-06 14:36]
.
2015-01-30 c:\windows\Tasks\TXFAZSA.job
- c:\users\Marian Curdt\AppData\Roaming\TXFAZSA.exe [2015-01-22 11:49]
.
2015-01-30 c:\windows\Tasks\WJCWK.job
- c:\users\Marian Curdt\AppData\Roaming\WJCWK.exe [2015-01-22 11:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-10-16 17:02	3358064	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-10-16 17:02	3358064	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-10-16 17:02	3358064	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-22 15:29	860984	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422550344&from=obw&uid=ST500DM002-1BD142_Z3T99M3NXXXXZ3T99M3N&q={searchTerms}
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422550344&from=obw&uid=ST500DM002-1BD142_Z3T99M3NXXXXZ3T99M3N&q={searchTerms}
mSearch Bar = https://www.google.com/?trackid=sp-006
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422550344&from=obw&uid=ST500DM002-1BD142_Z3T99M3NXXXXZ3T99M3N&q={searchTerms}
FF - ProfilePath - c:\users\Marian Curdt\AppData\Roaming\Mozilla\Firefox\Profiles\q375034u.default-1422551480209\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{11111111-1111-1111-1111-110311281150} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-PunkBusterSvc - g:\program files (x86)\Origin Games\Battlefield 3\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1656074084-342888944-3947257893-1000\Software\SecuROM\License information*]
"datasecu"=hex:62,bb,c1,7e,54,b8,05,08,7a,a5,0e,5d,6b,5d,e1,82,8a,80,91,c8,f5,
   38,9b,26,f2,d7,ad,9a,86,45,af,96,f7,4e,94,44,d7,b2,c5,b4,2b,7c,54,f6,3e,d7,\
"rkeysecu"=hex:1d,0a,9a,d4,96,72,24,2d,e4,b5,15,73,0c,93,b7,15
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-30  12:00:52
ComboFix-quarantined-files.txt  2015-01-30 11:00
ComboFix2.txt  2014-04-13 19:15
ComboFix3.txt  2013-11-24 10:08
.
Vor Suchlauf: 22 Verzeichnis(se), 68.577.460.224 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 68.546.117.632 Bytes frei
.
- - End Of File - - 7C70E35FFB6EF60292C6445389961592
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 30.01.2015, 13:30   #6
schrauber
/// the machine
/// TB-Ausbilder
 

n11.adshostne, Zombie News und andere Werbung - Standard

n11.adshostne, Zombie News und andere Werbung



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> n11.adshostne, Zombie News und andere Werbung

Alt 03.02.2015, 17:19   #7
adan407
 
n11.adshostne, Zombie News und andere Werbung - Standard

n11.adshostne, Zombie News und andere Werbung



Hier die 3 Logs

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 30.01.2015
Suchlauf-Zeit: 17:48:49
Logdatei: mwam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.30.06
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Marian Curdt

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 415786
Verstrichene Zeit: 21 Min, 15 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.ZombieNews.A, C:\ProgramData\NtiAgOWstf\dhtDXma.exe, 3096, Löschen bei Neustart, [292831c6bdcc2c0a241e734bda27ae52]

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 14
PUP.Optional.ZombieNews.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dhtDXma, In Quarantäne, [292831c6bdcc2c0a241e734bda27ae52], 
PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, In Quarantäne, [054cde198504f541e85f658f35cdc040], 
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, In Quarantäne, [054cde198504f541e85f658f35cdc040], 
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1656074084-342888944-3947257893-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, In Quarantäne, [91c0d12628610f271e9e9b5d6e94ad53], 
PUP.Optional.Vosteran.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\Vosteran.TSE6THRBYUUAQKXMEX4ZZYPZH4, In Quarantäne, [d37e3eb94f3a1e18a118cdb2d330ee12], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [59f8b7403653c175249de31de322a35d], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [56fb51a6692094a24f71c13fc243b54b], 
PUP.Optional.Vosteran.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\vosteran.exe, In Quarantäne, [ca87ba3d8aff04325c1212716c97867a], 
PUP.Optional.Vosteran.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\Vosteran.TSE6THRBYUUAQKXMEX4ZZYPZH4, In Quarantäne, [5bf672854f3a34029524245bf90aaf51], 
PUP.Optional.Vosteran.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\vosteran.exe, In Quarantäne, [d77afbfc6b1e989e6608493a5fa401ff], 
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, In Quarantäne, [54fdaf4824654ceaca1771315fa4748c], 
PUP.Optional.PlumoWeb.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update PlumoWeb, In Quarantäne, [1c356b8c474272c4aebf92038c772fd1], 
PUP.Optional.StormWatchApp.A, HKU\S-1-5-21-1656074084-342888944-3947257893-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StormWatchApp, In Quarantäne, [d180a55294f56bcbb15c5a34dc279070], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1656074084-342888944-3947257893-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, In Quarantäne, [b79ae611aedbcb6b8e25068d887b659b], 

Registrierungswerte: 3
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, In Quarantäne, [9ab72fc8fc8dbd79ca77e62184819967]
PUP.Optional.FFToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fftoolbar2014@etech.com, C:\Users\Marian Curdt\AppData\Roaming\Mozilla\Firefox\Profiles\mezahl5h.default-1422375678338\extensions\fftoolbar2014@etech.com, In Quarantäne, [133e6f885d2cd85ebf96493814ef18e8]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1656074084-342888944-3947257893-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Mysearchdial, In Quarantäne, [470a6b8c5237c67045c3861d8c77a759]

Registrierungsdaten: 3
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422550344&from=obw&uid=ST500DM002-1BD142_Z3T99M3NXXXXZ3T99M3N&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422550344&from=obw&uid=ST500DM002-1BD142_Z3T99M3NXXXXZ3T99M3N&q={searchTerms}),Ersetzt,[1e330ceb1a6fba7ca0fedecfed18ca36]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422550344&from=obw&uid=ST500DM002-1BD142_Z3T99M3NXXXXZ3T99M3N&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422550344&from=obw&uid=ST500DM002-1BD142_Z3T99M3NXXXXZ3T99M3N&q={searchTerms}),Ersetzt,[6fe254a3484191a535653578a36258a8]
PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-1656074084-342888944-3947257893-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422550344&from=obw&uid=ST500DM002-1BD142_Z3T99M3NXXXXZ3T99M3N&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422550344&from=obw&uid=ST500DM002-1BD142_Z3T99M3NXXXXZ3T99M3N&q={searchTerms}),Ersetzt,[e869896e7316ea4c7736eab528dd13ed]

Ordner: 2
PUP.Optional.ZombieNews.A, C:\Users\Marian Curdt\AppData\Local\ZombieNews, In Quarantäne, [cd843fb8d3b68aac3f3161033ec502fe], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro, In Quarantäne, [4b0650a78ffa2115b402a3c526dd19e7], 

Dateien: 16
PUP.Optional.ZombieNews.A, C:\ProgramData\NtiAgOWstf\dhtDXma.exe, Löschen bei Neustart, [292831c6bdcc2c0a241e734bda27ae52], 
PUP.Optional.ZombieNews.A, C:\ProgramData\NtiAgOWstf\dat\jLSuBq.exe, Löschen bei Neustart, [272a9661a0e9f93d4af8aa1403fecb35], 
PUP.Optional.ZombieNews.A, C:\ProgramData\NtiAgOWstf\dat\oHjStI.exe, Löschen bei Neustart, [480963943257e05687bb26980ff226da], 
PUP.Optional.ObjectBrowser.A, C:\Users\Marian Curdt\AppData\Roaming\TXFAZSA.exe, In Quarantäne, [e46dbc3b810803337da19d74b250916f], 
PUP.Optional.ObjectBrowser.A, C:\Users\Marian Curdt\AppData\Roaming\WJCWK.exe, In Quarantäne, [044d5e99c0c951e52bf3b65b8f73966a], 
PUP.Optional.OutBrowse, C:\Users\Marian Curdt\Downloads\Installation.exe, In Quarantäne, [5af7e017523756e073ce722d43c2cc34], 
PUP.Optional.Bundle, C:\Users\Marian Curdt\Downloads\5StarLoops Sound Library__5160_i1452283510_il18653.exe, In Quarantäne, [d87971863c4dd1652ab8df2e13efed13], 
PUP.Optional.SmartInstaller, C:\Users\Marian Curdt\Downloads\reFX_Nexus_v2.3.2_Beta_Crack.exe, In Quarantäne, [58f92ccbe8a141f537b0bd2eeb16c33d], 
PUP.Optional.Bundle, C:\Users\Marian Curdt\Downloads\5StarLoops Sound Library__5160_i1452296211_il18653.exe, In Quarantäne, [83ce61963c4def47ab374bc27e841ee2], 
PUP.Optional.OpenCandy, C:\Users\Marian Curdt\Downloads\DTLite4491-0356.exe, In Quarantäne, [88c91cdbcdbcbd7948d06b67887d32ce], 
PUP.Optional.Eguide, C:\Users\Marian Curdt\Downloads\word.exe, In Quarantäne, [0849cb2c5930dd59c65c7ce2d42c7987], 
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\VCLdr64.dll, In Quarantäne, [3c15886f583174c29f47a60ba55cd927], 
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\nbin\VC32Loader.dll, In Quarantäne, [56fb6493d4b51b1be402fbb66d94f10f], 
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, In Quarantäne, [bc951add7b0e4aec24a0718f778e01ff], 
PUP.Optional.ZombieNews.A, C:\Users\Marian Curdt\AppData\Local\ZombieNews\data2.dat, In Quarantäne, [cd843fb8d3b68aac3f3161033ec502fe], 
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbici64.dll, In Quarantäne, [4b0650a78ffa2115b402a3c526dd19e7], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 03/02/2015 um 18:09:37
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-02.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Marian Curdt - MARIANCURDTPC
# Gestartet von : C:\Users\Marian Curdt\Desktop\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : iSafeKrnlMon

***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Windows\System32\log\iSafeKrnlCall.log

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Boost
Schlüssel Gelöscht : HKLM\SOFTWARE\Boost

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [5594 octets] - [14/04/2014 18:26:07]
AdwCleaner[R1].txt - [10178 octets] - [14/11/2014 15:34:41]
AdwCleaner[R2].txt - [3683 octets] - [14/11/2014 16:58:18]
AdwCleaner[R3].txt - [25565 octets] - [27/01/2015 13:40:38]
AdwCleaner[R4].txt - [1346 octets] - [29/01/2015 16:57:37]
AdwCleaner[R5].txt - [1627 octets] - [03/02/2015 18:08:27]
AdwCleaner[S0].txt - [5231 octets] - [14/04/2014 18:26:35]
AdwCleaner[S1].txt - [8466 octets] - [14/11/2014 15:36:19]
AdwCleaner[S2].txt - [3311 octets] - [14/11/2014 16:59:33]
AdwCleaner[S3].txt - [22536 octets] - [27/01/2015 13:43:05]
AdwCleaner[S4].txt - [1408 octets] - [29/01/2015 17:00:34]
AdwCleaner[S5].txt - [1504 octets] - [03/02/2015 18:09:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1564 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Marian Curdt on 03.02.2015 at 18:13:53,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update browsesmart
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update wisen wizard
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util wisen wizard
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311281150}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Marian Curdt\AppData\Roaming\mozilla\firefox\profiles\q375034u.default-1422551480209\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.02.2015 at 18:17:14,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 03.02.2015, 20:18   #8
schrauber
/// the machine
/// TB-Ausbilder
 

n11.adshostne, Zombie News und andere Werbung - Standard

n11.adshostne, Zombie News und andere Werbung




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu n11.adshostne, Zombie News und andere Werbung
antivirus, bluestacks, bonjour, browser, combofix, desktop, elex-tech, firefox, flash player, google, home, homepage, mozilla, mp3, newtab, realtek, registry, rundll, scan, security, services.exe, software, stick, svchost.exe, system, trackid, usb, werbung, windows, zombie news



Ähnliche Themen: n11.adshostne, Zombie News und andere Werbung


  1. Zombie news
    Plagegeister aller Art und deren Bekämpfung - 23.03.2015 (7)
  2. Heftige Probleme mit "Zombie News" Windows 7
    Log-Analyse und Auswertung - 18.03.2015 (13)
  3. Zombie News
    Plagegeister aller Art und deren Bekämpfung - 17.02.2015 (8)
  4. Windows 8 : Pop-Ups, Werbefenster öffnen sich einfach, >>>Zombie News<<< geht nicht weg.
    Log-Analyse und Auswertung - 18.01.2015 (6)
  5. Habe Zombie News auf meinem Laptop.
    Plagegeister aller Art und deren Bekämpfung - 28.12.2014 (3)
  6. Zombie News Virus / Windows Version Installer - Windows 7
    Log-Analyse und Auswertung - 21.12.2014 (1)
  7. werde permanent mit Werbung zugebombt und auf eine andere Seite weitergeleitet
    Plagegeister aller Art und deren Bekämpfung - 06.12.2014 (12)
  8. Google Links (und andere) führen zu Werbung
    Plagegeister aller Art und deren Bekämpfung - 18.12.2012 (8)
  9. Opera öffnet andere Seiten als aufgerufen / Werbung aus dem Nichts
    Log-Analyse und Auswertung - 08.02.2012 (31)
  10. Internet Explorer öffnet sich von selbst mit Werbung (Promi News)
    Plagegeister aller Art und deren Bekämpfung - 24.09.2011 (22)
  11. GMER führt zum Systemabsturz, andere Logs erstellt, Firefox öffnet selbständig Tabs mit Werbung
    Log-Analyse und Auswertung - 29.03.2011 (13)
  12. Trojaner auf dem Pc der ungewollt Werbung öffnet und andere Probleme verursacht
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (4)
  13. Travianer Werbung und andere komische Musik/Tracks im Hintergrund auch ohne geöffnete Explorer ...?!
    Plagegeister aller Art und deren Bekämpfung - 22.09.2010 (15)
  14. Firefox öffnet selbständig Tabs mit Werbung, leitet Links auf andere Seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 21.06.2010 (18)
  15. Google Links (und andere) führen zu Werbung + Partition unformatiert
    Log-Analyse und Auswertung - 01.09.2009 (14)
  16. CIB Werbung, iexplorer.exe und noch andere Werbung
    Log-Analyse und Auswertung - 09.07.2009 (6)
  17. Popup und jede menge andere Werbung im IE
    Plagegeister aller Art und deren Bekämpfung - 11.10.2006 (9)

Zum Thema n11.adshostne, Zombie News und andere Werbung - Hallo Team, langsam gehen mir diese ganzen Werbebanner richtig auf die Nerven. Bestimmt leiten die ein auch nicht immer auf Seiten weiter, die für den Computer förderlich sind und die - n11.adshostne, Zombie News und andere Werbung...
Archiv
Du betrachtest: n11.adshostne, Zombie News und andere Werbung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.